I’m sure you saw the evening news not too long back where they announced another security breach that occurred. It really doesn’t matter when you read this post since it happens on a regular basis.

Company’s are sending emails about how their system was breached due to human error, or a newly discovered security breach in a software that allowed a bad actor to reach into their system and obtain your PII or personally identifiable information.

However with these breaches occurring more and more often, individual users are still doing the same thing; reusing old passwords, changing their password by incrementing the year, or using their pet’s name who they share on social media daily.

I have outlined some steps that will help secure yourself from compromise. These steps may or may not stop the breach of a single account, but it could prevent multiple accounts from becoming susceptible to the same breach.

Do not reuse passwords…

…or at least avoid using the same password for every account

When you use the same password for every account and many websites, portals, and other systems use your email as the username, you make it easy for a bad actor to gain access to all of your accounts.

By using different passwords for every account, you can make it much more difficult for someone to gain access since they would need to also compromise that system as well. If you had used the same password as you had used on the compromised website, they could have used it on the non-compromised site to gain access to your account.

“But, I can’t remember all of those different passwords”

I hear it daily, there are solutions, you can use a password that is similar an identifier for the website or system. This would make each password unique, while making it easier to remember many different passwords.

For example:
– Rand0mP4ss@fb for Facebook
– Rand0mP4ss@bank for your online banking account
– Rand0mP4ss@twit for Twitter, now known as “X”

Do not reuse passwords for financial accounts

If you won’t stop reusing passwords for all of your social media accounts, blogs, streaming services, etc.; You can at least create a completely different password for your financial accounts, such as banks, brokerages, and retirement accounts.

Don’t make it easy for the bad actors to get access to your hard earned money.

Avoid using words, terms, phrases or dates that have special meaning to you

“Roman is having an OK day, and bought a Coke Zero at the gas station. Raise the roof.”

People love sharing their interests and life with the people around them, even when those people couldn’t care less at times. It has become even worse with social media, we all know that one person that posts too many pictures of their cat named “Vixie” and if your found out their password had their cat’s name in it, you wouldn’t be shocked.

Unfortunately, we all do that, at least a little. It is something that helps us remember our passwords easier, and makes us a little more happy when we use them. As much as I want to tell you to not use them at all, I won’t. There is an extra step you can take to avoid it, while still using it. Just replace letters with numbers, or replace them with symbols. For example instead of using “vixierules2017”, replace a couple of characters to create “v!X!eRul3s2017”. This helps you create a happy little password, that you can remember better, and provides you better security.

Create strong passwords

Brute force attacks are still out there, while many sites have security measures to prevent these, some don’t. Create strong passwords by using at least 12 characters, utilizing upper and lower case letters, numbers, and symbols. You can increase security further against brute force attacks like dictionary attacks by completely randomizing your password.

Yes, I hear you, you can’t remember all those randomized passwords, just keep reading.

Don’t put the correct answer in security question fields

It’s amazing how many people answer security questions or password reset questions with personal information that is readily available on the web or social media.

What was your high school mascot? I can look at your Facebook profile, see your high school, then search for the mascot. Suddenly, i now know your security question answer in minutes and could potentially reset your password.

While many websites are dropping security questions as a recovery option, there are still websites that use it. If you have to fill them out, answer them with incorrect or nonsense answers in order to prevent social engineering attacks on your accounts.

If available, enable 2FA or MFA

While not all websites have 2FA (2 factor authentication) or MFA (multi factor authentication), if the website offers it, I recommend enabling it. This increases your security significantly since a bad actor with your password would have to compromise your password and gain access to your cell phone (most common), security key, or email in order to gain access to the account with 2FA/MFA enabled.

Also, many of these sites will alert you of failed 2FA/MFA attempts which can be an early alert of a password compromise, prompting you to change it, even before the compromised company alerted you.

Utilize a password manager

Remembering a different password for every account you have would be nearly impossible without noting it somewhere.

Cloud-based password managers while convenient are not invulnerable to compromise, but they do provide a balance between security and accessibility. Many of these come with a subscription cost that varies from service to service. We recommend that you look into 1Password

Little black books are becoming all the rage. The nice part is, bad actors can’t compromise it over the internet (at least not without you directly giving them the information), your only concern is loosing it or leaving it lying around to where others can read it.