Google just released a report regarding online security practices of lay people versus security experts. Doubtless you’re inundated with security tips from the likes of Good Morning America, Facebook, and even, yes, this blog. If you want to cut to the chase and emulate the activity of the experts, here’s the path to take:
Install Software Updates
Many non-technical users ignore notices to update their software and/or install patches. Some people are annoyed by the interruption, and some are suspicious of the updates. But security experts DO run the updates and install the patches—that’s their number one priority. We’ve too often seen the fallout firsthand when a hacker exploits a vulnerability in an old version of software. Bottom line: take the time to install the updates.
Use Unique, Strong Passwords
Most people have got the message that it’s important to use a strong password. Security experts, however, not only use strong passwords, but they use UNIQUE passwords for every website. Seventy-five percent of security experts also use a password manager, such as LastPass, 1Password, or Dashlane. Here at I.T. Roadmap, we like LastPass. (Full disclosure: LastPass was very recently hacked, but we feel confident that they are more secure than ever. If that makes you nervous, 1Password is also a great tool and it’s been around since 2006.)
- Generate unique, strong passwords for each of your sites—no more using the same password everywhere
- Autofill online shopping and registration forms with one click
- Go-anywhere accessibility to your data with the best cross-platform, cross-browser support
- It’s free, with a Premium option for $12 per year that allows access to mobile apps and additional security features
Most of the password managers work by downloading a small application that works with your browser. You then create an account with your email address and a strong master password—the last password you have to remember. You then will start browsing and saving your passwords as you go. If you have additional computers and additional devices, you would download the password manager to that device and sign in with your password manager account.
Enable Two-Factor Authentication Where Possible
Another difference between non-technical users and security experts are that security experts are vastly more likely to choose two-factor authentication. Two-factor or two-step authentication is a feature that requires something you know (your password), plus something you have (like your phone or a one-time code), or something you are (like your fingerprint). In addition to the password, you must provide that second piece of information before you can access the account.
The good news is that the practices reported by non-technical users ARE good, useful ones. So it’s just a matter of adding in a few good practices like the ones described above. If you do nothing else on this list, install those updates! Along with their report, Google also linked to their helpful guide for staying safe on Google, and we encourage you to take a look. If you need help with your online security, we’re here for you. Contact us for a consultation!