Living in this complex digital world demands a massive amount of trust. Trust in our own knowledge, trust in each other, trust in large institutions… In general: digital participation requires that we trust 3rd parties almost entirely. We seem perfectly content to hand over our sensitive data, blindly agree to the terms and conditions, and dust our hands of the matter. Because, what choice do we have? Surrender our identity, or disconnect entirely.
As a result: there’s surprisingly little we can do to prevent identity theft, in the grand scheme. Amateur cybercriminals may go after you, personally – but the professionals know not to bother. They’re too busy hacking those 3rd parties who hold everyone’s data — more money in that line of work. See, for example: the recent Facebook hack, where hackers stole the location data and search histories of 30 million people. That information is worth a whole lot more than the contents of some random checking account. And there’s nothing we can do to stop it.
That said: you don’t have to live a paranoid, reclusive life to be reasonably safe online. Those devastating organizational hacks are much rarer, and their perpetrators far more sophisticated than the low-level hackers who’d go after your identity. In the latter case, online personal protection is a matter of identifying the path of least resistance to your sensitive information and patching it up. For most of us, that involves two actions: software updates and password maintenance.
Software Updates
People are notoriously bad at keeping their machines up-to-date. How many times have you opened a friend’s computer, only to discover that it’s running an operating system two, three, even four iterations behind?
Apart from practical concerns like speed, functionality, and access to new features – out-of-date software and applications are a security hazard. Many of the most-common cyberattacks directed at individuals rely on flaws in outdated software. Web browsers, pdf readers, spreadsheets, and word-processing tools are all vulnerable.
Take, for example, the WannaCry ransomware attack of 2017. Affecting 200,000 Microsoft computers in 150 counties – this cyberattack targeted victims who had not applied a crucial security update, which had been available for weeks. Unfortunately, many organizations and businesses using the systems did not bother to install the patch – citing 24/7 operation, lack of personnel, or ignorance of the importance of the patch.
The hack caused over a billion dollars in damage.
Keeping software up-to-date gives you a much lower chance of becoming a malware victim.
Software companies endlessly monitor and test their products for new hacks, new vulnerabilities, new exploits that they didn’t catch the last time around. Just set your machine to auto-update. You’ll be thankful you did.
Password Maintenance
It’s absolutely insane that we still rely on passwords. They suck. We shouldn’t be using them.
I realize that I’m getting too emotional. But this is one of my most sincerely-held opinions. For one, most people dramatically misunderstand how passwords, in general, actually work. On top of that: the sophistication of password hackers – and the programs they use to decode them – has risen exponentially in recent years. Hackers can crack even the most difficult, obscure passwords in a matter of days. Even if your password is something like “Gmail123!” – one that meets the requirements of a “strong” password – the Hashcat program can guess it in about 6 hours.
Worse, studies show that most people reuse their passwords at least once. So if that hacker gets into a low-security account, it’s all the easier for them to access a high-security account.
But, in our world, there are still plenty of places where we need to use passwords. And even though studies have shown we’re not actually that bad at remembering passwords – nobody can remember the dozens of unique, solid, and randomized passwords required to browse the internet safely.
But good news! There’s a solution: password managers.
Consider applications like Lastpass, 1Pass, or Bitwarden. These programs were designed for one purpose: to create, secure, and keep track of good passwords. And they all work on the same concept. I’ll explain, in brief:
You create a vault protected by a “master password” in which all your other passwords are stored and encrypted. Those passwords can also be changed/created by the password manager to be lengthy, random, unguessable, and hard-to-remember. So, all you need to do is remember your master code – and the program does the rest of the work.
It may feel unwise. After all, what if a hacker accesses your 3rd party password manager? Isn’t my head the safest place to keep this information? But, the risk of a low-level criminal successfully reusing one of your passwords, stolen or leaked from elsewhere, is still far greater than a sophisticated hacker targeting your database of passwords. Some password managers even store your information, encrypted, in the cloud – an enormously expensive security procedure, making the data nearly impossible to access. As a matter of fact: LastPass has been hacked twice! But in both breaches, no passwords were stolen because they were stored so securely.
Password managers genuinely are the safest option for our current cyber-climate. Explore the options, and see which one offers the right features for you. Most of these programs are free, or low-cost.
