The University of Massachusetts Amherst
Categories
Security

Securing Your Online Services

Securing your online services

With more and more of our lives happening online, it’s super important to protect all of your personal information with secure passwords. Your personal information is probably stored across a wide variety of social media, Google, banks, and other sites that contain information you would not want to fall into the wrong hands.

There are several different aspects to making sure your passwords are protecting you as much as possible. This post will serve as an online security audit so that you can go through your online services and secure yourself as much as possible

Step 1: Securing your email

Your email account is the most important account to secure. If someone has access to your email, then they can view all of your personal personal information within those messages. Your main email account is also used for password recovery for every other account that you have, so if they get into your email, theres no stopping them from getting into your Facebook, Google, and banking information.

The first place to start is making sure your email has a very strong password. We will get into generating strong passwords later in the article, but your email account should definitely be one of the stronger ones. This is the first line of defense against people trying to enter into your email.

Step 2: Two-Factor Authentication

The basic premise behind two factor authentication
The basic premise behind two factor authentication

After you get setup with a strong alphanumeric password, the next step is to turn on Two-factor authentication (sometimes known as two-step authentication). This system adds an additional layer of security to your account by requiring you to have your phone or another device in order to get into your account. There are various implementations of this system, but it generally works by receiving a text message with a code that you enter after you enter your password. This code expires after 30 seconds, so even if someone was able to steal this code, it would be useless after 30 seconds.

The whole idea of multi-factor authentication is that you need both something you know (your password), as well as something you have (your phone) in order to access your account. Some security systems even add another factor such as a finger print or iris scan in order to access an account or area. You can find out which services you use have two factor authentication here.

Step 3: Using a password manager

1Password is one of the most popular password managers, especially for Mac and iOS devices
1Password is one of the most popular password managers, especially for Mac and iOS devices

Earlier I said that one of the best ways to secure your email was with a strong password. The best passwords are those that are long, random, and include a variety of letters, numbers, and symbols. Equally important is using a different password for each service. Many people use the same password across all of their logins. This means that once someone gets that password, they can basically access your entire life online. A password manager facilitates both of these goals by generating strong passwords, and then storing them securely so you never have to remember what they are.

Password managers are very good at generating random passwords for you to use. Most of them have build in generators that allow you to customize parameters such as length and what types of symbols you want to use. I would recommend creating the longest password possible for the most security.

Note that for some reason, certain services implement a maximum length for passwords. For these services, you will have to limit the length to what the service allows.

The second part, and perhaps the more useful part, of a password manager is that it stores all of them. As a user, all you have to do is remember one master password that allows you to access the password manager. The password manager stores all of your login information in an encrypted database that unlocks with your master password. Both 1Password and LastPass have browser extensions that will enter in your information when you come across a login page for a given service. Since you basically never have to type in your passwords manually, this means that you can make them longer and more secured. The only password you ever have to remember and type out is the one that unlocks your password manager vault. And even on devices such as your iPhone, you can set it to unlock with your fingerprint, so you never have to type in any passwords.

LastPass's Browser Extension
LastPass’s Browser Extension

Conclusion

So much of your data is stored online, that it’s dangerous not to protect it to the best of your ability. For most people, there is a tradeoff between security and convenience. Its so much more convenient to have the same password across multiple services. This is easy to remember, plus its easier to type in since these passwords are normally short and something relatable, such as a pet name or some combination of initials and a birthday. But these same elements that make it easy to log in yourself also make it easy for hackers gain access. If your password is something easy to guess, then they don’t even have to brute force their way in.

The steps outlined in this post will help you to maximize your online security, while still holding onto the convenience that we desire as end users. A strong email password is the root of your security strategy, as this helps to prevent hackers from gaining access to all your accounts when they compromise one. Two factor authentication means that even if someone gains your password, they still won’t be able to enter your account unless they get your phone. Finally, a password manager will allow you to have strong passwords while having the convenience of a single password.