No one is immune to being a victim of cyber criminals using their identity to attempt to buy a phone, apply for a credit card, or even buy a house. However, there are some steps you can take to make your digital like much more secure.
Use Strong Passwords
The first line of defense is using strong passwords.
According to the traditional advice—which is still good—a strong password:
- Has 12 Characters, Minimum: You need to choose a password that’s long enough. There’s no minimum password length everyone agrees on, but you should generally go for passwords that are a minimum of 12 to 14 characters in length. A longer password would be even better.
- Includes Numbers, Symbols, Capital Letters, and Lower-Case Letters: Use a mix of different types of characters to make the password harder to crack.
- Isn’t a Dictionary Word or Combination of Dictionary Words: Stay away from obvious dictionary words and combinations of dictionary words. Any word on its own is bad. Any combination of a few words, especially if they’re obvious, is also bad. For example, “house” is a terrible password. “Red house” is also very bad.
- Doesn’t Rely on Obvious Substitutions: Don’t use common substitutions, either — for example, “H0use” isn’t strong just because you’ve replaced an o with a 0. That’s just obvious.
Try to mix it up—for example, “BigHouse$123” fits many of the requirements here. It’s 12 characters and includes upper-case letters, lower-case letters, a symbol, and some numbers. But it’s fairly obvious—it’s a dictionary phrase where each word is capitalized properly. There’s only a single symbol, all the numbers are at the end, and they’re in an easy order to guess.
You’ll need to think about how to come up with a memorable password. You don’t want to use something obvious with dictionary characters, so consider using some sort of trick to memorize it.
For example, you might find it easier to remember a sentence like “The first house I ever lived in was 613 Fake Street. Rent was $400 per month.” You can turn that sentence into a password by using the first digits of each word, so your password would become TfhIeliw613FS.Rw$4pm. This is a strong password at 21 digits. Sure, a true random password might include a few more numbers and symbols and upper-case letters scrambled around, but it’s not bad at all.
Best of all, it’s memorable. You just need to remember those two simple sentences.
Keeping track of dozens or hundreds of strong, unique passwords just isn’t possible without a password manager. Fortunately, you can get the necessary help without breaking the bank. The free edition of LastPass has plenty of features, more than some of its for-pay competitors. The product is still at version 4, but its designers have given the interface a facelift and slipped in some handy new features—enough to merit an updated review.
It’s worth noting that many commercial password managers offer a free edition that has stringent limitations. Some, like RoboForm, put a limit on the number of passwords free users can save. Others, like Dashlane and Keeper are only free if you use them on a single device. LastPass, on the other hand, has no limits on syncing or on the number of passwords.
2FA adds an extra layer of protection to the authentication process. It requires users to provide a second piece of identifying information in addition to a password. Examples of 2FA include answering a question like “What was your high school mascot?” or entering a verification code received via text message.
Yet, according to a recent report by the Pew Research Center, only 10 percent of American adults can correctly identify a two-factor-enabled login screen from a set of four choices.
Duo Labs, estimates a measly 28 percent of Americans actually use 2FA on a regular basis. More than half of those surveyed by the firm had never even heard of it.
How to set up 2FA for Google
Google offers a bevy of options to help its users stay protected at varying degrees of intensity. From the company’s 2-Step Verification page, any user can opt in to 2FA and then select from receiving one-tap prompts via the Google app on a phone, receiving short-term codes via an authenticator app, receiving short-term codes via voice or text message, and using a physical security keyfor verification. Users can also print out backup codes in case a phone or physical key isn’t available and can specify backup phone numbers to which codes can be delivered in the absence of a primary device.
For G Suite accounts, Google’s 2-Step Verification must first be enabled at the admin level. A company can then require all users to utilize the system.
For especially high-risk accounts, Google also now offers a next-level option known as the Advanced Protection Program. It works only with a physical security key and prevents all non-Google services from connecting to an account and accessing its data.
How to set up 2FA for Facebook
Facebook’s 2FA options are similar to Google’s, though not quite as extensive. Users can enable 2FA within Facebook by opening the Security and Login Settings page, then clicking the “Edit” button inside the 2FA section.
From there, simply follow the on-screen steps to set up 2FA and select a preferred method — an app-generated code, an SMS-delivered code, a physical security key, or a printed recovery code.
How to set up 2FA for Instagram
Despite being owned by Facebook, Instagram’s 2FA options are still extraordinarily limited. What’s more, management of the service’s two-factor system is available only in its mobile apps and not on its website.
To enable 2FA on Instagram, open the Android or iOS app, navigate to your profile, then tap the 2FA option and activate the toggle next to “Require Security Code.” Unfortunately, SMS-based codes are Instagram’s only option for day-to-day use, though the service does, at least, offer the ability to get a list of backup codes.
Other sites and services
Most sites follow similar models for enabling 2FA, assuming they offer it in the first place, of course. An alarming number of businesses still don’t. You can find a detailed community-maintained database of two-factor support status for well-known companies and services at the aptly named twofactorauth.org.