Back in January, I published a post on how I protect my personal and online identity. Today, I am going to expand on that, and explain how you can help secure yourself on popular websites to further protect yourself while online. While I was reading one of my friends from MakeUseOf’s Blog, TheDailyBuggle, Jackson publish a post about computer security principles and practices you should follow. He mentioned a few don’t such as “Don’t Log in to accounts in public places”, but we all know, that can be somewhat difficult to do especially when you’re out all the time. So what can we do about it? Well some popular websites now let you increase your security, and better protect yourself while you are online.
Facebook has introduced a number of security measures to help keep your account secure. Most of them are turned off by default, so you may want to go turn them on. Just head to your Account Settings page and select “Account Security”.
Secure Browsing (https)
If you regularly log on to Facebook through a number of devices, especially through Wifi, you may want to turn on SSL. This will encrypt your session with Facebook so that it can’t be viewed by anyone else. If you think no one else can view your session, just check out the Firefox Extension FireSheep. So next time you use Public Wifi, ensure SSL is switched on.
Record New Devices
I would recommend everyone to switch this one on. If your Facebook does get hacked, you’ll get a lovely email saying someone has logged into a device. If you don’t recognise the name, or haven’t logged on to Facebook through another device, you might want to promptly end their activity and change your password. If you log on to Facebook on a lot of different machines, such as Work, School, Uni; spending 5 seconds to delete an email is worth it compared to not knowing that someone's on your account because they installed a key logger on the computer you were just using.
If you do happened to log on to Facebook on a lot of different computers, it’s always a good idea to check if you have any other active sessions logged in. If you are weary of them, or even forgot to log off when you left another computer, you can easily end their session.
One Time Password
For those in the US, if you are logging on to Facebook through a computer or network you don’t trust and you don’t want to enter your password, you can get a “One Time Password” Just text “otp” to 32665 and you’ll get a password SMS’ed to your phone that will only work once and will last for 20 minutes (if you have a mobile phone registered). Just be careful, because if your phone gets stolen, you might want to de-register your phone on Facebook so they won’t receive the OTP.
Just like with Facebook, you can browse Gmail through SSL. To enable, just go to your Gmail Settings, under the General tab, select Always use https.
Gmail Security Checklist
If you are worried about security on Gmail, they have provided a useful security checklist to ensure you account is secure. It is highly recommended that you complete it. You can access it here.
Monitor Your Account Activity
Just like Facebook, Gmail offers you the ability to see who has been accessing your account and from where. If you click on the word “Details” in the footer of Gmail, you will be able to see who’s been accessing your account.
Tips To Protect Yourself Online
Make Sure You Log Off
When you log into an account on a public computer make sure you press the log off button. Do not simply close the web browser, because your session will be kept. So when the next person goes to visit Facebook to check their account, they will see yours. This is something that you don’t want to happen.
Use Private Mode
Most web browsers allow you to browse in what’s called “Private Mode”. Everything you do in that session will not be saved in the web browser such as cookies, active sessions, passwords, browsing history. As soon as you close the browser, everything will be deleted. However, this does not stop other things recording what you do. Read my post on TechAu, about how you can cover up your tracks while online (link coming soon).
Don’t Use The Same Password
Remembering a unique password for every account you have isn’t hard at all. I, in fact, have probably 30+ unique passwords and I remember every one. How? Just remember one password, and modify it for each site.
For example, think of a secure password such as J3fH($j23. Remembering one password like that can be quite simple; but you don’t want to use it for every account that you have. So what we can do is to modify it slightly.
So take the first 3 letters of a site’s URL or name. For example, let’s look at a secure password for Facebook. We insert the three letters between the 3 and the f, the second letter between the ( and the $ and the last between the 2 and the 3. So our password would become J3ffH(a$j2c3. For Gmail, it would become: J3gfH(m$j2a3. So we now have a unique, but hard to crack password that is also really easy to remember. You can have the middle letter capitalised if you like to make it even more secure, or even use the character next on the alphabet, so your Facebook password would become: J3gfH(b$j2d3.
Try To Use SSL Wherever Possible
As I have mentioned above, Facebook and Gmail offer SSL encryption. So when on public computers, or on a public network, try and browse through an SSL connection. To see if the sites has uses an SSL connection, when visiting a site, enter https://www.sitename.com and note http://www.sitename.com (notice the extra “s” in https. When you are also entering a password, ensure that your page is using an SSL connection so that your password doesn’t get sent through the network in plain text.
Don’t Send Passwords In Emails
When you have to send a password to someone, don’t email the password. What I suggest is to send half the password in an email, and the other half in an SMS message. That way they have to have access to both to be able to read your password, which can be hard for someone who the password is not meant for.
Be Cautious Of What You Download
Sometimes we tend to download a lot of little programs. If you download a lot of little programs, be weary as some of them may contain other files and programs that will capture what you do on your computer. If someone has that information, they can easily grab your username and password.
Be Cautious Of Browser Add-on's
We all love Add-on’s as it adds extra functionalities to our web browsing experience, so make sure you don’t install any plugin that you just find useful, make sure you trust it.
Use Portable Apps
If you are out and about regularly, you may want to install some portable apps on your USB drive. For example, install Portable Firefox, and even Portable Thunderbird, if you want to check your emails. So at least you know, what ever you do, will be stored on your USB drive, and not someone else's computer hard drive.
Watch Out For Phishing Sites
Phishing sites are sites that look like legit sites, but are not. What they try and do is fool you to enter in your account username and password. So it may look like Facebook, Gmail, Hotmail, Yahoo, but in fact they are not. So every time you log on to a website (whether at home or in public), take two seconds to look at the URL to ensure it’s the actually site you want to log in to. Look at the below image, and take note of the URL. It isn’t facebook.com
Are You Now Secure?
I hope that you find these tips useful, and I urge you all to be cautious of what you do online. Make sure you check out my FAQ for more tips on how to protect yourself online.