Hello! If a friend linked you here, it’s because they care about your online accounts from getting seriously steamrolled. While there’s always a degree of risk, these steps will cut that risk significantly. Where at worse, if one account becomes compromised, it doesn’t give the keys to everything else you have.
There are two parts to how I protect my online accounts. One is free but available for a few services. The other is buying a piece of software. Together they do change the philosophy of how you create and manage online accounts, but you’ll be much more secure by doing it.
Part 1: Two Factor Authentication (TFA)
The idea is having not only a fixed password to log in (one factor), but a code which is either given to you or using a secret algorithm to generate a one-time code (second factor).
When enabled, your login process will be something like this:
- Log in with your username & password.
- Site asks for yourTFA code.
- Some websites will text or e-mail you this code.
- Some websites will have you already pairing with a phone app.
- Others will allow you to use an authenticator program on your phone.
- Enter in this code.
As it’s nature, this is a per-service feature. Google, Facebook, Twitter, and a few others have it set up, but to make it all easy on you, use this website:
Some services require texting you, e-mailing you, or use a custom application to download to your phone. Most others use a set of standards that allow you to pick your own application. For that, you have two apps you can use on your phone:
I use Authy as it’s more robust and a better interface. Most sites will only mention Google Authenticator, and Authy will support all that support Google’s app. Either way, you’ll be asked to scan a QR code to enable TFA. It’s a standard protocol between them, so you have a choice on which app works for you!
Part 2: Get a good Password Manager
I use 1Password. It’s great, well supported, and you’re buying an off-line software. You can use Dropbox or whatever for cross-device file system to move the data between. The PC/Mac licence is $50 and $10 for iOS, or $10 for Android. While that is $60 between your phone and computers, it’s one-time fee. This is the best solution in protecting all account that don’t do two-factor authentication.
I also recommend buying from them directly (not though the Mac App Store) for desktop. It’s the only way to get the cross-platform license now or to upgrade to the cross-platform license later.
There’s also LastPass if you want a completely cloud based turn-key solution, but I’m going to explain 1Password as that’s what I use. AgileBites didn’t pay me, I just recommend what I’m using to great success.
Step 0: What am I doing?
You will be changing every password in every service to complex passwords. Each account will be unique and no one service will have the same password as the other.
You won’t need to remember them but rely on 1Password to store and use them. You will have one password to unlock 1Password’s vault. A PASSWORD YOU SHOULD ONLY USE FOR 1PASSWORD.
Step 1: Install 1Password
Install the software, then install all the browser extensions on every browser you have installed on your computer. 1Password supports Chrome, IE, Firefox, Opera, and Safari.
Do this for every computer you intend to use.
Step 2: Change them passwords!
This is a step you’ll constantly do. At first it will be a bit time-consuming to update all of your commonly used accounts. Once you go over the hump, then it will be apart of your regular use.
When you go to a site, this will be the workflow:
- Login to the site and 1Password will ask to save that login. Do so.
- Go directly to the change your password function for the service.
- Instead of making up a new password, use 1Password’s browser extension to randomly generate a password! It will even copy the new password into the form twice.
- Submit the change password form.
- 1Password will ask to confirm the update to the account.
That’s it! You’ll keep doing that a lot, but you’ll eventually have a unique password for every account you have.
There will always be the looming threat of an account’s password getting leaked or discovered. Ultimately a leak of passwords will happen from some company stupid to store them in cleartext. But using these tips will prevent access to your other accounts just because one compromised account.