Now that you know what hackers are and how they usually try to gain access, you can start applying some tips 💡. These are the basics: a simple list of measures everyone should take.
Lots of people consider updating to be time-consuming. In some cases that’s true, but it’s also the most important form of protection ❗ to employ against hackers. Many hacks are successful because they exploit out-of-date software. Those contain many vulnerabilities that get fixed through security updates.
The older the software, the easier it is for hackers to gain access.
Software runs on all kinds of devices: Windows or MacOS on your computer or laptop, and Android or iOS on your mobile devices. Even your router and other smart devices in your home run software. Make sure to check those regularly - once a week - in case there are updates available for your devices, and install them as soon as possible ⏰. In some cases updates can be installed automatically. Windows, MacOS and the Google Chrome internet browser support this feature.
It’s also important to update your apps and the software installed on your computer, such as your internet browser, PDF reader and Microsoft Office. You will often receive a notification if a new version is available.
Nowadays you need an account for practically every website or app, and all of them require passwords. As human beings we have trouble remembering lots of different passwords, so we often resort to using the same one for several accounts.
While that does make things a lot easier to remember, it’s also very very dangerous ⚠️. If a hacker gets a hold of your Spotify password, you wouldn’t want that hacker to be able to gain access to your bank account as well. And if you share your Netflix password with a friend, that person shouldn’t be able to use it to log into your Gmail or Facebook.
That’s why it’s very important to use a different password for each website, app and service. Simply changing one digit 1️⃣ or letter 🅰️ won’t do. Those kinds of variations are easy to guess. Thankfully there’s a handy solution for this problem: password managers.
A password manager stores all of your passwords in a digital vault 🔑 and secures them with one single master password. That way, you only have to remember one password to access all of your accounts. These apps can easily generate very complicated passwords, like
6ur7qvsZpb0ZkcuSW1u!V8ng!L^lb. A password like that can’t be guessed or cracked.
Password managers can also fill out your login informationwhen you’re visiting a website for which you have a password stored. This alone protects you from a lot of attacks. If a website address is incorrect, such as
wellsfargo.mybanklogin.com, the password manager won’t fill out your Wells Fargo login information. You can also use a password manager to save notes 📓, such as login codes, secret keys and answers to secret questions.
Good password managers are LastPass, 1Password, Bitwarden and KeePass. If you’ve never used a password manager before, trying the free version of LastPass is a great way to get started.
LastPass is a clean password manager with a lot of features, including an internet browser extension to generate passwords and enter your login information. Lastpass has good apps for basically operating system and works great even if you’re sticking to the free version. The paid version gives you one gigabyte of storage space for sensitive documents and the option to share passwords with other people.
1PASSWORD (3 USD PER MONTH)
1Password is known for its sleek design and is optimised for use on Apple devices, like your iPhone and Macbook. The app recently got a handy internet browser extension (1Password X) that generates passwords and fills them out for you when visiting websites you can log into. A 1Password subscription works with a special type of security (a secret key), requiring you to fill out dozens of numbers and letters to gain access to your account.
Bitwarden has become very popular over the last few years. It’s a fully open service, there’s a good app for practically every platform and, last but not least, it can be used for free. You can even share passwords with your partner or a family member, a feature that you have to pay for in most other password managers. If you want to share passwords with more than one person, you have to pay 1 USD per month, which also gets you 1 gigabyte of storage space for your files. Technically savvy users can choose to manage their own Bitwarden cloud.
KeePass is viewed as the safest password manager, because many security experts use the app and draw on their expertise to make it even safer. The downside is that the app looks quite old-fashioned, like some ancient Windows XP software. Fortunately the KeePass community is full of passionate developers who make great looking apps for KeePass, such as MacPass for MacOS. A good alternative is KeePassXC, in many ways a better and more complete version of KeePass, which is also being updated by a group of enthusiastic developers.
You might think: is a digital safe, well, safe? That’s a good question, and an understandable concern. LastPass has been hacked twice, for instance. Passwords have never been stolen though, because those are stored in a very secure digital vault.
Websites and apps often ask you to use a password with digits and numbers. But what’s a strong password? Many people consider
[email protected] to be one, but in reality it’s quite easy to crack 🔨 for hackers. That’s why you might want to consider thinking in passphrases instead of passwords.
Phrases are long but easy to remember, which are two prerequisites for a good password. A passphrase like
I eat 2 whole pizzas every week is easy to remember and quite difficult to crack. Don’t hesitate to use spaces in your passwords; an option that often gets overlooked.
It’s also possible to create a password by putting seemingly random words together. Use Diceware if you choose to do so. Diceware is currently the safest way to create a password you can actually remember.
- Use a password manager, preferably one of the above.
- Use a passphrase or Diceware for your password.
- Write down ✍️ your password manager-password and keep it in a safe place, to ensure you never lose access to your password manager.
- Use your password manager to generate passwords 20 characters or more and let the password manager store these passwords for you.
The iCloud Keychain is a handy way to save passwords if you want to stick to using Apple products 🍏 . Keychain can generate passwords and automatically fill them out when you need them. The options are somewhat limited when compared to other password managers, but Keychain is a safe choice, if - and that’s a big if - you secure your iCloud account with a strong password and two-factor authentication.
IN YOUR BROWSER
Browsers like Chrome and Firefox offer the option to save passwords. It’s a pretty easy way to log into websites you use often, but the downside is that browsers usually generate weak passwords. A password manager is a better choice.
A PASSWORD BOOK
Pen and paper 📝 can also be used as a password manager. Make sure to use unique passwords and store them with care. And create a copy that you store in a physical vault, should you need a backup. When you’re expecting company - like friends, family, a mechanic or plumber - take extra care not to leave your list of passwords out in the open.
A useful tip is to have all of your passwords start with the same word, which you don’t write down in your password book. Simply remember it. If someone gets a hold of your password booklet, they still won’t be able to use any of the passwords you’ve written down, because they’re missing one essential component that’s safely stored in your brain.
No matter how strong your password is, it could still get stolen. That’s why it’s important to check whether your passwords have been stolen by hackers. The website Have I Been Pwned keeps track of hacked websites and warns you when your information pops up. With the single click of a button, you can see if any one of your accounts has been compromised. It’s recommended to do this every now and then, just to be safe.
If you sign up for Have I Been Pwned, you even get a notification 🔔 when the system detects your email address in stolen files. That way, you’ll know exactly which of your passwords has been stolen, based on the service or website it was taken from. If the site finds your email address amongst stolen files, you should immediately change the corresponding password. If you do that, the biggest threat - a hacker logging in using your password - has already been averted.
To limit the consequences of a stolen password, you can use two-factor authentication (2fa), which is a relatively new security method.
You can activate two-factor authentication via the services you use, if they support it. After logging in with your username and password, from now on you’ll have to complete a second step. Usually, the service will ask you to enter a code that’s been sent to your smartphone (using text messages or so-called authentication apps).
Why go through all this trouble? If a hacker manages to get your login information, that person will also need the code that is sent to your phone as soon as they try to log in. It’s highly unlikely that they can access your phone as well ⛔. Two-factor also alerts you to malicious login attempts, for instance when you receive a code out of the blue. That way, you’ll know someone else has tried to gain access. You can check which services, apps and sites support two-factor authentication on this website. Google, Apple, Facebook, Instagram, WhatsApp and Dropbox are just a few of the services offering two-factor authentication features.
LOGIN CODES VIA TEXT MESSAGES
Receiving login codes via text messages is easy: you link your phone number to an online service and enter the code that is sent to you to log onto the corresponding website or app. Hackers can get access to these login codes by intercepting your text messages 💬, but for most people this form of security is sufficient.
CODES VIA AUTHENTICATOR APPS
A safer way of two-factor authentication is to use an authenticator app. These apps let you scan a QR-code, which is like a barcode for your smartphone’s camera. The QR-codes are provided by the service that you want to secure. After you scan the QR-code, a security code appears on screen for 30 seconds, after which a new code will be generated. These random codes allow you to authenticate your login attempt, letting the online service know that it is really you who is trying to access your account. 1Password, LastPass Authenticator, Authyand Google Authenticator can all generate these codes. Take caution when using Google Authenticator, however. If you lose the phone on which you’ve installed the app, or if it gets reset, you will lose all of your login codes. The other authenticator apps mentioned above can synchronise codes across all devices on which you’re using them.
The lock 🔒 in the address bar of your internet browser shows that you’re using an encrypted connection. This means that the information that you’re entering on the website, like your password or credit card information, is being sent securely and can’t easily be intercepted by a hacker. Make sure you only enter sensitive information on websites that show this lock in the address bar. If the website address starts with https://, that also means it’s secure.
Also be aware that the lock icon doesn’t mean you can actually trust the website you’re visiting 🚫. Many phishing websites designed to steal your login information use the lock to try and gain your trust. Pay extra close attention to the website address, and check whether it’s correct or not.
- Correct: https://www.facebook.com (facebook.com is the main domain)
- Wrong: https://www.facebook.tech (.tech is not the correct domain extension)
- Wrong: https://facebook.login.net (login.net is the main domain)
- Wrong: https://www.faceb00k.com (the two o’s have been replaced with two zeros)
A backup lets you access your files if something goes wrong. What if your computer breaks all of a sudden? What photos 📷, videos 📹 and documents 📃 do you really want to save, and which files do you need for your administration? Those are the files you should back up.
A backup safeguards your important files, even if your computer breaks down, your phone gets stolen or ransomware makes your computer inaccessible. A backup will get the show on the road again in no-time.
It’s recommended that you keep both online and offline backups. You can create online backups with a cloud-service ☁️ like Dropbox, and offline backups using an external hard drive. Make sure you check whether all saved files are still there and working properly every now and then.
Phishing attacks are usually easy to recognise. Take a fake email which was seemingly sent by Bank of America, for example. The email claims that your debit card has been blocked, even though you don’t have an account with Bank of America 🏦. Logical thinking goes a very long way when it comes to protecting yourself.
But phishing emails can also look very realistic. Therefore, it’s always a good thing to check the sender’s email address. If the sender uses
@bankofamerica.bankmailservice.com, you will know that the email wasn’t actually sent by Bank of America. If it was genuine, it should say
Pay attention to strange or incorrect use of language. Many phishing emails contain grammatical and spelling errors and they might address you with
Dear sir/madam. Most organisations know who you are and address you with your first name.
Often times phishing emails try to scare you 😨 by claiming that your bank account has been blocked or that you have outstanding debt that needs to be paid. They might even claim that you’ve won something 🤑. If you’re unsure about the nature of an email, call the organisation that allegedly sent the email. Don’t use the phone number listed in the email though! Look it up on the official website.
Before clicking a link in an email, always check its authenticity. You can do this by hovering your mouse 🖱️ over a link without clicking on it. The web page where the link wants to take you will appear on your screen. You should be able to see whether it is a valid link or a phishing attempt. On a mobile device, you can press and hold the link to copy it. Create a new email and paste the link into the body of the email to read the complete web address.
If you don’t trust an email or the links in it, use your internet browser to go to the website of the organisation the email claims to be from, and log in there. Usually, you’ll find all recent invoices and messages there. You can always call 📞 the organisation to ask whether an email you received is actually sent by them.
An important rule to live by:
If it seems too good to be true, it probably is.
If you have a Google account, Password Alert - an internet browser plugin - can be a big help. Password Alert sends you a warning when your Google password gets entered on a fake login page. Installing this official Google plugin can be a lifesaver, given how important Google and Gmail are to a lot of people.
It almost goes without saying that you shouldn’t just click on any link, even if it’s sent by a friend or colleague. This is good advice for whatever situation you’re in; whether you’ve received a link via email, through social media or in a text message. A smartphone can be hacked by pressing the wrong link.
This doesn’t happen often, so don’t get scared of every link you receive. But if you don’t trust it, inspect the link 👓 first using the methods described above.
It also pays to be wary of attachments in emails. Viruses often get spread this way, which can grant hackers access to your device. They’ll do this by hiding a virus in a seemingly innocent file, like a Word document.
Hackers also hide viruses in
EXE-files. The best course of action would be not to open Word- or Excel-files on your computer. Open them in the Google Docs website. If there’s a virus hidden inside, your computer will not get infected. The best way to open PDF files is by using your internet browser. Click on a file and use your mouse to drag and drop it into a new browser tab. Or right-click on the PDF file and select
open with -> your browser of choice.
If you don’t trust a file, you can download it ⬇️ to your computer, but don’t open it! After downloading the file, upload it to VirusTotal. VirusTotal is a website that analyses files and tells you if they contains viruses. Do take note that Google and VirusTotal will have access to your file after uploading it.
Public WiFi networks, such as
Starbucks WiFi, are not safe. Hackers can track your browsing habits and try to steal your login information. Use your 4G connection instead, or create a password protected hotspot on your phone. A hotspot (Android, iPhone) lets your laptop connect to the internet via your smartphone’s 4G connection.
If you insist on using public WiFi networks, make sure you only log in to websites that display a lock. Websites with a lock encrypt the information you enter, which prevents easy access by hackers. This advice also holds up for WiFi networks of restaurants 🍟 and hotels 🛏️. These might be password-protected, but are still being used by a lot of people.
Pay attention to welcome screens when connecting to public wifi networks. These pages may ask you to install an app, certificate or a piece of software. Connecting to the internet doesn’t require you to do this, so it might be sign of hackers trying to gain access to your smartphone or laptop. If you have doubts, ask the network provider if the request is legitimate.
Finally, it’s important to realise that a password-protected wifi network isn’t necessarily safe. These wifi networks can also be under a hacker’s control.
It’s also strongly recommended that you use a virtual private network - VPN for short - as soon as you connect to a public WiFi network. A VPN builds a digital tunnel for your data traffic. That way, others won’t be able to see what you do on the internet, protecting you against hackers.
Most people have heard of VPNs because of Netflix. A VPN allows you to trick the internet into thinking you’re in a different country 🌎. By connecting to American servers, users would also get access to the American version of Netflix, for instance.
A VPN also comes in handy if you don’t want your internet provider to know what you do online. You can keep a VPN connection running indefinitely. The one downside is that it can slightly lower your internet speed 🐢.
The best and easiest paid VPN services are Private Internet Access, NordVPN en Freedome, costing three, five and four USD per month respectively. AirVPN and Mullvad are aimed at more experienced users.
Never use a free VPN service. These services are known to sell your private information, like the websites you visit. If you’re short on cash, you can always create a free account on TunnelBear or WindScribe. These free services give you 500 megabytes or 10 gigabytes of data traffic per month, respectively. More than enough for those few occasions when you absolutely have to log onto a public wifi network.
This advice might seem somewhat obvious, but a lot of people leave their laptop open while they’re off using the toilet 🚽. Aside from the risk of your property being stolen, someone could also use your computer with criminal intent while you’re not around, especially when your laptop isn’t closed and locked.
Always set your laptop’s automatic lock to a very short period
(one minute). Your device will then lock itself if you have to leave it unattended. This isn’t a perfect safety measure, however. Always try to take your laptop with you if you need to leave your seat or spot. Even if it’s just for a moment.