Feeling safe is just as important as staying safe online, and the two can come together with a few simple tips.
The internet can be a great place, filled with information aplenty like the world’s biggest library, but it can also be a little scary if you go in thinking it’ll always be safe. There are plenty of scams and scammers about, and much like how there are shops doing business, the business of scams and cybercriminals is to snag your details and use them without you realising it, adding to the scare-factor of the internet.
Much of this can be handled with a bit of education, however, and we can always do with a bit of that. With a new scam or a sighting of something nefarious happening all the time, not to mention the issues you might have with passwords, plus plenty of other things going on, there are a few things that might make you feel safer, and even help pass on those warm feelings every day.
Today is Safer Internet Day around the world and in Australia, and so just like we’ve written about security on Safer Internet Day in prior years, this year we’re highlighting a few of those tips, which can be used any day, not just February 9, 2021.
Make your passwords more complex
We’ll start with an easy one: passwords. We all have them, and many of them are easy enough for us to remember, but that mightn’t be a solution worth much for your safety.
The simple reality is that a bad password is a bad password, and while the worst passwords in use are still things like “password” and “123456”, making sure your important passwords are kept secure is still something that matters big time.
“Passwords have been around for a long time and won’t be disappearing anytime soon. However, Australians continue to practice poor password habits more so than their international counterparts,” said Lindsay Brown, Vice President of LogMeIn in Asia Pacific and Japan.
“We should always be using a unique password for each and every account so one compromised account will not impact others,” he said.
“The ideal password is be made up of a random sequence of characters (uppercase, lowercase, symbols and numbers) and at least 14 characters long.”
Making random passwords can appear complex, and you can use a password manager or your web browser or phone to store those, with both the iPhone and Android phones able to do it, and the respective browsers on your desktop doing it, too. Alternatively, password managers are available as separate apps linking everything for you, and able to make those passwords.
If you’re worried that a random password is too difficult to remember, consider a password using a phrase similar you know, and replace some of those letters with numbers or punctuation. For example, if you heard someone say “share with friends” on Facebook, you could kill the spaces and replace some letters to make it “$h@r3w!thfr!3nd$”, for something marginally more secure, making it like a code, and reminding yourself what you replace letters with ($ for ‘s”, @ for “a”, 3 for “e”, ! For “i”, etc).
And remember to make it a different password for every account, because when one is broken, it shouldn’t be used for everything. If you already have a password you like that is complex, consider adding an exclamation point to the end, and a few letters that signify the difference on a site-by-site basis. For that same password we just made — “$h@r3w!thfr!3nd$” — you might make it “$h@r3w!thfr!3nd$!FB” for Facebook, or “$h@r3w!thfr!3nd$!LI” for LinkedIn, or “$h@r3w!thfr!3nd$!SP” for Spotify, and so on.
Make multi-factor authentication your thing
Another factor to building up that security for your online presence is to take hold of something called “multi-factor authentication”.
Originally called two-factor authentication (2FA) or three-factor authentication (3FA), these days we just call it multi-factor, because it can use several factors to authenticate who you are.
That means you’re logging in not just using your password, but sending your phone a message or sending you an email or having you use another app to verify you are who you are. The idea is simple, and means if you want to lock down accounts that are important to you — such as your social or email systems — you can make sure that you need to click a few different things or receive a verification code from different places to assure the system you are who you say you are.
The problem here is that you know who you are, but if someone has your password and tries to log in, they probably don’t have every other way of proving they’re you in the process.
One other benefit of multi-factor is that it invariably tells you if someone is trying to log in as you when it happens. Typically, you’ll get a message from the system that someone is trying to login, which should give you an idea if someone is trying to break in, and whether it’s time to change your password to something more complex.
Check if your online presence has been leaked
Your password might be fine, but online systems get broken into all the time, so while you might think it’s fine, that may not be enough. You need to check whether your details are out there, and whether it’s time to change them.
Web browsers typically have this sort of warning built into them these days, but you can check it yourself on the website “Have I Been Pwned” built by Australian Troy Hunt.
The idea is easy to understand, and connects the various dumped password databases with email addresses, allowing you to see whether your email was included in specific security hacks around the web, telling you whether you need to change a password or not.
It’s not your fault that the site or service you joined was hacked, and these things happen all the time, but services like this one can give you an idea and a regular alert if you need to deal with your passwords quickly, and help reinforce the idea that multi-factor is important to keep people out of your accounts in general.
Think before you click
If all of this seems like we’re harping on about password security, it’s because it’s a big deal, and one of the first lines of online defence for everyone out there. It’s one of the more direct ways of feeling and staying safe on the internet.
But it’s not the only one out there, and these days, one of the best tips we can offer is to think before you can click.
While scammers and cybercriminals will happily take your password and other details given the chance, not letting them have that chance can be just as effective in dealing with them online, and that comes from having a little awareness.
Before you click on a link in an email, look at the email carefully: does the from field make sense for who sent it, and what about the make up of the email — does the email look legit?
Criminals are getting better at disguising their messages in email, and the same is true over SMS, where the crafty attempts of these individuals typically results in a from name similar to a real company, but that also is not. Pay attention to what you see, and look at the details, thinking before you click.
Clicking without thinking might leave you at a site designed to look like the real thing — a “phishing site” — and that might just get you a little confused and willing to leave details for a criminal, realising it only too late.
Talk to friends and family
Finally, the education that helps keep us safe online is something that can be talked about and shared with others. Reaching out to friends and family can help pass on your experiences, and might teach them something in the process. You might even learn something new yourself, too.
“Lots of occasional web users have become heavy consumers almost overnight. Many people who previously just used the internet to read the news or check emails are now using it in multiple ways every day, including for meeting up for chats with groups of people they don’t know well, if at all,” said Paul Ducklin, Principal Research Scientist at Sophos.
The simple truth is that scams come in from all sorts of ways, whether it’s over email or web, social engineering — where someone’s Facebook feed suddenly starts including links and tagging you in them, begging you to click on them — or even through phone calls. No, the NBN is not calling you or them, and plenty of other scams operate that way.
Reading about these tips and others can help educate yourself, of course, but if you have family members, passing on this education can help keep them safe on the internet, as well.
“Talk with your friends and family about good online security practices,” he said. “Advise them on how to spot scams no matter how they arrive.”