Flummoxed By Online Security? Here Are Some Simple Tips
Many of us feel powerless about online security. When hackers can get around the defenses of giant corporations such as Target or J.P. Morgan Chase, it’s hard to imagine how regular folks stand a chance. But a new effort by AARP, Microsoft, the state attorney general’s office and the Federal Trade Commission aims to let people know what they can do.
KPLU asked Andrew Becherer, technical vice president for the computer security consulting company NCC Group, for three tips.
1. Exercise “good password hygiene.”
That means you should have a different password for every account. Becherer says he knows that sounds daunting, but there are ways to keep track of all those passwords. One way is to use a password manager – software that stores all of your passwords for you. You just need to remember one password that gets you into the password manager.
“I use a free one called KeePass, which is available on Windows and Mac OS X and Android and iPhone,” Becherer said.
He keeps that software on a little USB thumb drive on his key chain with a backup on his home computer. Becherer says another password manager to consider is LastPass.
2. Use a virtual private network whenever you log on to a public Wi-Fi system.
“When you connect to the coffee shop Wi-Fi, at that point, you’re using this shared network and you’re vulnerable to attackers,” Becherer said. “But once you start your virtual private network, it builds a tunnel through the coffee shop, over the Internet to the VPN service provider.”
That involves paying money to a virtual private network provider and downloading some software. Becherer recommends a Seattle-based VPN provider called Cloak.
3. Use extra security features for logging in to email and other service providers.
These extra security measures are known as “second factor authentication features.” One example of this is when you log into your email or Facebook or your bank account from a new computer and then get a text message sent to your phone. Then you might have to type a code into the web site in addition to your password to be able to get in. That provides you with extra assurance that some hacker can’t get into your account just by using the password.
You can also get a device called a U2F authenticator that plugs into a USB port to prove that you are who you say you are as you log in to a service such as Gmail.