Ep6: Securing Your Online Accounts
In this episode of Byte Sized Security, host Marc David dives deep on best practices for locking down your online accounts, including:
- Creating strong, unique passwords - Using passphrases, password managers, proper length and complexity
- Enabling multi-factor authentication - Using authenticator apps, security keys, SMS codes, and other factors
- Securing MFA backup codes - Storing offline, not on your computer
- Using advanced authentication options - Like biometrics and video selfie verification when available
- Monitoring account activity - Setting up alerts for suspicious logins, transactions, and changes
- Revoking unnecessary third-party account access
- Turning on enhanced security settings - Like fraud monitoring and access restrictions
- Responding to account breaches - Changing passwords, contacting companies, freezing credit
- Maintaining good account hygiene - Signing out, updating credentials periodically, deleting unused accounts
For full episode recaps, subscribe to Byte Sized Security wherever you get your podcasts or visit bytesizedsecurity.show. See you next time!
---
I do hope you enjoyed this episode of the podcast. Here's some helpful resources including any sites that were mentioned in this episode.
--
Sites Mentioned in this Episode
- More than a Password - Multifactor authentication (MFA) can make you much more secure. Taking the extra step beyond just a password can protect your business, online purchases, bank accounts, and even your identity from potential hackers.
- People Are Still Terrible at Creating Passwords
- How To Freeze Your Credit With Experian, Equifax and TransUnion - This article from Clark Howard provides excellent guidance on how to freeze and unfreeze your credit with the three major credit bureaus to prevent identity theft.
- Five things to do to protect yourself online | FTC Consumer Advice
- Threat Modeling: The First Step on Your Privacy Journey - Privacy Guides - An excellent resource to figure out how to balance security, privacy and usability.
--
Find subscriber links on my site, add to your podcast player, or listen on the web players on my site:
--
Support this Podcast with a Tip:
Transcript
Welcome back to another edition of Byte Sized Security, the podcast
:sharing bite-sized cybersecurity lessons.
:With new account breaches happening constantly, it's clear that relying on
:weak, reused passwords alone is no longer enough to protect our digital lives.
:That's why in this episode, I'll be diving deep on best practices for
:securing your critical online accounts.
:I'll explore the elements of strong passwords, using unique
:passwords for each account, proper password storage, and cutting-edge
:authentication methods beyond passwords.
:I'll also provide tips on monitoring account activity, handling breaches,
:and overall account hygiene habits.
:If you want to lock down your online accounts to reduce your risk of
:cybercrime, phishing, and identity theft, this episode is for you.
:Your online accounts are the gateway to your digital life, containing everything
:from financial data to personal communications to identity information.
:That's why the accounts themselves, and the ways you secure them, should
:be one of your top priorities for boosting your cyber protection.
:I'll start with some key tips for creating strong, unique passwords
:for every account, since your password is still typically the
:first line of defense preventing intruders from accessing an account.
:First, length matters when it comes to security.
:Use passwords of at least 12 to 14 characters, or ideally even longer
:passphrases of 20+ characters.
:Longer passwords are exponentially harder for hackers to crack.
:Include a random mix of uppercase and lowercase letters,
:numbers, and special symbols.
:Avoid dictionary words or personal info that could be uncovered.
:And definitely don't use the same password across multiple accounts, as breaches
:often compromise passwords to many sites.
:Ethan, can you explain the concept of password re-use?
Ethan:Sure Marc.
Ethan:You know that e-mail password you do not care if somebody knows
Ethan:because it's just for spam e-mail?
Ethan:Well did you use that password on a site you do care about?
Ethan:Password re-use is how one site's password gets compromised and that's input into a
Ethan:program that tries that email and password combination on thousands of websites.
Ethan:Next thing you know, somebody is getting free Uber rides on your account.
:To aid in remembering complex unique passwords, use passphrases
:- long passwords built from multiple words, like "CrazyCat&HatFly4Ever".
:This makes it easier to recall but still secure against guessing.
:You can also use a password manager app like 1Password or Bitwarden to
:securely generate and store strong, randomized passwords for each account
:rather than manually creating them.
:Just be sure to use a very strong master password for the manager itself.
:Now let's discuss multi-factor authentication, which adds
:a second layer of identity verification beyond just a password.
:Options include SMS codes, authenticator apps, security keys, or biometrics
:like fingerprint or facial recognition.
:In case you missed it, Episode 2 of Byte Sized Security named, "Securing
:logins with two-factor authentication," covered this topic in depth.
:Multi-factor authentication blocks access to accounts even
:if the password is compromised.
:So it's absolutely critical to enable on any sensitive logins, especially email,
:financial services, cryptocurrency, and accounts storing personal information.
:Authenticator apps that generate 6-digit time-based one-time codes
:are generally the most secure and convenient multi-factor method.
:Though security keys you physically plug in provide the strongest protection.
:Enable multiple factors on as many logins as you can.
:Of course, you'll want to store any backup codes needed for multi-factor recovery in
:a very secure place, not on your computer.
:And take care not to have your primary and secondary factors ever compromised
:together, or that defeats M F A's purpose.
:A cybercriminal needs to only circumvent your weakest
:security layer to gain access.
:One potential drawback of physical hardware tokens is
:some compatibility Issues.
:Not all online services support hardware tokens, so you might still
:have to rely on other 2 Factor Authentication methods for some accounts.
:But hardware tokens do offer enhanced security.
:Hardware tokens are immune to many common attacks such as phishing,
:man-in-the-middle, and replay attacks.
:Since the token is a physical device, attackers cannot easily duplicate or
:intercept the authentication code.
:While hardware authentication tokens offer robust security benefits, they
:come with their own set of challenges.
:The decision to use them should be based on individual needs, the
:value of the data or accounts being protected, and personal preferences.
:There is a link in the show notes to how to figure out
:your own personal threat model.
:For your most high-value accounts like banks or crypto currency
:exchanges, explore any advanced authentication options offered
:beyond standard multi-factor.
:For example, some financial institutions allow using biometrics or video selfie
:verification when accessing accounts, adding further identity proofing.
:And there is the concept of Passwordless logins which eliminate the need
:for users to enter a password.
:Instead, they rely on something the user has like a mobile device or
:something the user is like a fingerprint.
:Solutions like 1Password offer this by sending a secure link to
:a registered email or device, or using biometric authentication.
:But it may not be accepted on every site where 2 factor
:authentication is more standard.
:In either case, you will probably need a trusted device to authorized
:the request like your phone.
:Using an authenticator app is just as easy and familiar and serves a similar purpose.
:Most authenticator apps like Authy, will allow you to set a different
:PIN or use biometrics to open the app to use the 6 digit code
:being asked for enhanced security.
:So even if somebody has your phone and it is unlocked, they would still
:need a PIN or biometrics to open the authenticator app to get the code.
:Now I'll touch on a few other important account security habits
:beyond your login credentials:
:Carefully monitor account activity for any unauthorized
:access attempts, transactions, or changes to account details.
:Many services let you set up alerts for suspicious activity.
:Be cautious of third-party apps and sites requiring your login credentials.
:Only provide to reputable services, not random websites.
:And revoke access once no longer needed.
:When available, enable the highest account security settings, like fraud monitoring,
:restricting account access locations, and mandatory strong authentication.
:If you do have an account compromised, respond quickly.
:Change your password immediately and enable Multi Factor
:Authentication if not already on.
:Contact the company to secure the account and assess damage.
:Scan devices for malware.
:And place fraud alerts with credit bureaus if personal data was exposed.
:Lastly, maintain overall good account hygiene habits.
:Sign out of accounts after using services.
:Change passwords if breached or you have reason to be suspicious.
:Delete old unused accounts lingering online.
:And make sure your email, phone and security options
:are kept current on accounts.
:Applying all these security layers will greatly reduce
:the risk of your credentials being your cyber Achilles heel.
:Enabling multi-factor authentication and using strong, unique passwords remain
:two of the most impactful steps you can take to lock down your digital kingdom.
:I know that's a lot of account security ground we covered today.
:But staying vigilant over your online logins is one of the wisest
:investments of time you can make to protect your data and identity.
:I hope these tips give you a blueprint to significantly harden your defenses.
:In the show notes, I will link to a resource where you can quickly,
:easily and for free, lock your credit.
:This simple thing that almost nobody does, will stop thieves from getting loans
:and credit authorizations in your name.
:Identity theft is real and really difficult to unravel.
:By locking your credit, you can make it harder for your identity to be
:stolen and you do not have to subscribe to a monthly service to do this.
:It is free and easy to do.
:Again, check the show notes for a step-by-step how-to guide to easily lock
:your credit at the major credit bureaus.
:That wraps up this episode of Byte Sized Security focused on properly
:securing your critical online accounts.
:Enable multi-factor authentication, use strong unique passwords and
:password managers, monitor activity, and maintain good account hygiene.
:Account security should be the cornerstone of your overall cyber protection strategy.
:And be sure to check the show notes of this podcast for helpful resources
:specific to securing your online accounts.
:Until next time, stay safe in the digital world!