1. Use a Strong Password
For those that aren’t familiar with this term, a Strong Password is one that contains (where permitted by the website or service) a combination lower case letters, uppercase letters, numbers, punctuation or other special characters to make up a password. The longer the password is, the long it will take for someone to guess or hack your password. This is an area where I am probably as guilty as everyone else is on this. I have a “favorite” password or two that I liked to use in the past. This kept me from having to have a way to keep track of all the passwords that I used on different websites. With more websites adding additional layers of security such as challenge questions, etc., I have had to start using a password manager app to help keep track of the different passwords, the challenge questions and answers used on a particular website, the recovery procedure if I am locked out of a website, what additional login procedures I have used for that site, etc.
I use a password manager app called mSecure. It is a multi platform (i.e. Windows, Mac, Android, iPhone, etc) app so that you have close to the same interface regardless of how you are using it. It also has several different ways to synchronize the password database so that you should also have the same version of the login information on each of your devices that you use it on. There are a variety of apps to choose from in this area, so look for the one that best works for you.
2. Use a Unique Password
This one will be a bit of a pain but the time taken to do this will pay off in the long run. Look at it this way, if one of your logins on a particular site is compromised or hacked, you have taken a step to minimize the potential for additional website logins to be breached as well. Most password manager apps have the functionality of helping you generate a unique password. There are other apps that do this as well. A search of the app store for your phone or the internet for you laptop/desktop should show you some options to look at.
Different websites have different rules for how you can make your password strong. Some will let you use “special” characters such as * or +, others wont let you use those characters but will make sure that you dont use a password that can be looked up as a dictionary word. Some will not allow the same character or number to be used repeatedly. Remember, the more uniqueness you can have in a password makes it that much more difficult for someone to hack your account.
3. Enabling Two Factor Authentication
- Click “Settings” under the Account menu (looks like the outline of a head and shoulders of a person) at the top of the Dashboard.
- In the Security section, enable “Two-factor authentication.”
- Enter your phone number.
- Enter the password for your account
- You will receive a 6 digit code that you will enter to confirm that you have received the code
- Now decide whether you’d like to receive the code via text or through an authenticator app (we’re into Google Authenticator). We recommend both in case you need to use one as a backup.
- Click the button beside Generate code via Authenticator App.
- Take a screen shot of the QR code and file in a safe place noting the service and user id associated with it
- Follow the procedure for the authenticator app you are using to activate the QR code while it still valid
4. Application Passwords
There are times such as when you link your Tumblr account with something like IFTTT and using 2FA (Two Factor Authentication) won’t be an option. This is where an application password will be useful. You will want to generate a different Application Password for each situation like this that you have. In that way, if one app does get compromised, you have the ability to block access from that app without having to redo your authentication setup.
5. Email about account activity
This is an option that I like to take advantage of when it is available. It serves as a check and balance on your existing authentication settings so that if you start getting emails about account activity, you know that it is something that you need to take a look at. You can always turn it off at a later date but if you aren’t getting a flood of emails about logins, then it would hurt to leave it enabled.
For other posts in this series, please use this link – http://www.ronnutter.com/category/social-media/
If you would like to be notified when my book “Protecting Your Online Presence”, please click on the title and you will get an email as soon as the book is released for publication. Thanks for your interest !!.