Security Lesson 1: 10-Minute Quick Win!
No excuses, become safer than most people RIGHT NOW
Do you have 10 minutes right now? Follow this quick lesson and you’ll be way safer at the end of it.
This lesson is all about improving your security significantly with one action: making a strong, unique and easy to remember password with 2-factor authentication for your primary email.
Why?
Your primary email is the one you use to sign up for other online accounts. If a hacker gets into this email they can easily request password resets for ALL your other accounts tied to this email (including your bank, your Facebook, your Dropbox and so on). They can reset the passwords for every site extremely quickly using scripts, and so this is the easiest hacking path to theft of your assets and your identity.
This is your most important account to protect.
What is a Strong, Unique and Easy to Remember password?
To begin, this web comic teaches us length is the main thing behind password strength. Note this comic is old and 1,000 guesses/second is really low these days, now it’s more like a billion or a trillion guesses/second.
Passwords like this are called passphrases. Hackers know about this method too, so they’ll feed in common dictionaries to try to crack passphrases faster than shown in the comic. To protect against this, take it one step further, and throw a number into the middle of one word, or include a fake word that won’t be in a dictionary, maybe from an inside joke. So “correctsmorsiebatterystapl9e” would be much harder to crack and still quite easy to remember, especially if you called horses “smorsies” as a kid (cute!).
Your email may also enforce capitals, numbers and symbols. To get by this, you could always add in a capital, number and symbol to every password in the same place. Let’s say I always make the 2nd character capital, the 2nd last a 9, and then toss a # symbol at the end.
I’m sitting in a coffee shop right now, with a sign that says “A neon sign for Uncle Billy” on the wall.
An effectively impossible to crack but easy to remember password would be “aNeonsignforunclebill9y#”. If your email doesn’t enforce these rules, “aneonsignforunclebilly” would be also extremely strong (at least for now, before every written phrase is in a hacker database). So just pick a phrase that means something to only you, add a number, capital, symbol if you want and go change your primary email password, RIGHT NOW.
I’ll wait.
Ok, done? Good.
Now, what is 2-Factor Authentication?
What do people mean when they say 2-factor? All it means is that you need your password (1st factor) and a one-time random code (2nd factor) to get into your account. This one-time code is usually sent by text message to your phone. This means that if a hacker in another country gets your password, they also need your text messages to get in.
Major email providers have the option to turn on two-factor. Usually you just log in, find ‘Security’ in the settings of the account, and find 2-factor authentication and turn it on. Then you’ll receive a code by text, enter it to confirm it’s you and boom, you’re done.
Here are links to get set up for various services:
- Google/Gmail: https://www.google.com/landing/2step/
- Microsoft/Hotmail/Live/Outlook: https://support.microsoft.com/en-ca/help/12408/microsoft-account-about-two-step-verification
- Apple/iCloud: https://support.apple.com/en-ca/HT204915
- Yahoo: https://help.yahoo.com/kb/SLN5013.html
- Others: https://authy.com/guides/
Go and log into your primary email and set up 2-factor authentication, RIGHT NOW. Done? Great!
That’s it!
You are WAY safer now that you’ve done this. I of course still recommend going through my entire lesson plan, but you should pat yourself on the back for taking at least this action.
Proceed to Lesson 2: Protect your Devices
Back to the Lesson Plan
Header image credit: Markus Spiske