We recently introduced our six-part series focused on getting back to the basics of online security and privacy. These six fundamentals reinforce that, even in today’s tech-centric world, the basics of staying cyber secure are not scary. They’re not really all that technical, and anyone who uses an internet-connected device is able to make a huge impact on their own cyber security, as well as the cyber security of others. To help you be more cyber secure, follow these six rules:

  1. Keep a clean machine
  2. Protect your personal information
  3. Connect with care
  4. Be “web wise”
  5. Be a good online citizen
  6. Own your online presence

Last time we talked about keeping a “clean” machine.  This time we’re looking at protecting your personal information.

Protecting Your Personal Information

A major cause of unauthorized access to personal information or secured accounts is simply that a bad guy has somehow gotten (or guessed) someone’s username and password. Once this happens, the bad guy can steal the victim’s identity, which can bring about lots of problems for the victim, such as long-term reputational harm – or ringing up thousands of dollars of bad debt, resulting in a bad credit rating. When this happens, the victim may not be able to get a mortgage, a credit card or a checking account.  But the good news is that protecting your secure accounts and personal information starts by simply making a few small changes in how you log in online.

Use a unique password for each account

Password reuse for multiple accounts is one of the most common ways accounts are hijacked. When passwords are reused, having your credentials stolen from one website (which may not have the best security) means that bad guys can now plug those credentials into other websites to gain access to your information there. For example, if my login credentials to a jukebox app on my phone are compromised, and I use that same username and password to access my bank’s website, whoever has my jukebox credentials also has access to all of my money. Yikes!

If it’s available, use multi-factor authentication

Multi-factor authentication provides an extra layer of security beyond just your username and password. Many websites and online services offer this free extra security to help make sure the person logging in is really you, not someone who stole or guessed your credentials.

Here’s how it works: If you’re using just the standard username and password method to log in, you’re being asked for something you know (your username and password). But when you add multi-factor authentication to the mix, you’re going beyond that—using something you know PLUS something you have, like your mobile phone or tablet. The website will ask for your credentials and send a code to a phone/device that it knows belongs to you. It’s easy to see why adding this extra little step to your login routine can stop bad guys in their tracks when they try to sign in as you.

For more information on protecting your online information by making it harder for bad guys to get to it, check out lockdownyourlogin.org.