Digital Life
Below are some general guidelines that are applicable to all areas of your digital life.
-
Multi-Factor or Two-Factor Authentication: Most sites today will also offer you the ability to add another step in the authentication process. This is sometimes referred to as 2nd factor (2FA) or multi-factor authentication (MFA). Always turn this on. There are varying degrees of security associated with the different methods (SMS, Software Authenticator, Hardware Token) but any 2nd factor is better than a single factor which is commonly a username and password. A hardware token like a Yubikey is considered the best form of MFA/2FA today. Consider that as your top choice if it is an option from the service you are using.
-
Note: Be VERY careful with SMS-based 2FA. If this is tied to your actual carrier phone number and your get SIM ported, the attacker could possibly reset your account password. Consider a burner phone or a Google Voice number to use for SMS-based 2FA when it is the only option.
-
Software Updates: Every computer, mobile device and other connected device you have in your digital world likely has software that will need to be updated. It is important that you get into a habit of installing software updates when they become available as they usually contain critical security fixes for the product you are using. The most important thing here to note is that once the update is released, the bad guys will also know about the vulnerability and diligently work in the limited time before everyone is patched to exploit the problem the update is fixing. It is fair to not want to be the first to update, in case there happens to be an issue with the update, but you certainly do not want to be the slowest either.
-
Limit the information that you expose: When it is not required by law, do not give companies your real information. For example does your retailer rewards program really need to know your real name, address, email, phone number, profession you wanted to be when you grew up, etc. to provide you services?
Personal Email
Your personal email is the gateway to most of your digital life. Important accounts such as your bank account, social media, mobile carrier, ISP settings, etc. are tied to your email. Someone with access to your personal email can easily shutdown or disrupt your personal life in just a few minutes. You MUST ensure that you have your email accounts protected with a strong password and two-step authentication. Consider an email service like Proton Mail rather than other major email services that regularly data mines their customers.
This is not optional. If you are reading this and know you have a weak password and/or do not have 2FA/MFA enabled, turn this on now. Stop reading this guide and make it happen.
(This guide is part of a series on Personal Security.)