Making your information a bit more secure.

In the light of recent events, here are a few ways to make your personal information a bit more secure, and keeping private things private.

1. Never use the same password for all your accounts.

This is a must follow rule. This cannot be stressed enough. If you don’t think you can remember all the different passwords, try at least using different and very complex passwords for your primary emails, and any accounts that contain sensitive data like your bank account.

2. Protect yourself from being social engineered

To my knowledge, social engineering is basically hacking the person. No, it’s not Inception. It’s more of a con, or tricking a person for information gathering. You may be surprised on how easy a person is can give up vital information if a question is presented correctly. Here is a cheesy series of questions that can possibly have you expose an answer to a very common security question.

Social Engineer (SE): “Do you have any pets?”
Victim (V): “Yes, I have two cats. ”
SE: “Oh, that’s very nice! I have a cat as well. I call him Shadow since he’s super sneaky. ”
V: “That’s a clever name, I called mine Lucy, and Lilly.”
SE: “So are these are first pets?”
V: “No, my first pet was a dog named Scout.”

And there you go. You just gave up the answer to your own security question, “What is the name of your first pet?”. Given the “hacker” has done a lot of research, they will know what questions to ask, and how to ask them. This is a very small example of what could happen. It’s good practice to be cautious on what you share with strangers, even if they seem like they can do no harm.

We humans like to share, that’s why social media is blowing up, but some information needs to be kept private. Nowadays, with a few keystrokes and a couple of clicks, you can find out a lot about a person. It’s scary. So keep in mind what you share on social media.

3. Use 2-step verification.

Use 2-Step verification whenever possible, especially your email account, and bank accounts. Sites like Gmail, Facebook, and DropBox already offer this, and it’s definitely something you should take advantage of.

For the people don’t know what 2-step verification is, it’s basically a method of verifying the person that is logging in is actually you. I’ll use Gmail 2-step as an example.

When you log in, with the correct info of course, to Gmail from an unrecognized device, such as a friend’s computer, it will initiate the 2-step verification. Now, what this does is it helps Gmail know that the person logging in is actually you, well hopefully. Instead of going directly to your inbox, Gmail will ask you for a code, which is either sent to via SMS to a phone number , or an alternate email address, which you can set up during the account creation or even through the account settings. So assuming neither your phone has been compromised, a.k.a. stolen, nor your alternate email, Gmail is assured you aren't being “hacked”. Depending on the website, when a new device is added to your list of “recognized” devices, an email is usually sent out notifying you that someone has logged in from that device.

Now you may think this is either time consuming, or it’s too much work, it actually is not, and it’s worth the trouble. Here’s why. Majority of the websites websites now use email as a mean of password retrieval. Sometimes the site doesn't even require a username, just an email to retrieve a password. Now, if a hacker has access to your primary email address, then they have the means to access all your accounts that use that email address. So in a sense, it’s worth the trouble to set-up a 2-step verification.

4. Don’t backup EVERYTHING on your mobile devices.

Apple iOS and Google Android are both notorious for backing up everything to the “cloud”. Given that it is convenient and you don’t lose data when you switch phones, or if your phone dies, it still has it’s faults.

A short lesson on the “cloud”. There are many different types of “clouds”, the one most commonly known is cloud storage. Basically, storing all your stuff online. Now, cloud storage is not some mystical thing that just happens to be on the internet. It’s just a bunch of servers, sitting a very nice, very clean, and usually very big air conditioned building in the middle of nowhere where land is super cheap. That’s cloud storage. The other clouds, we don’t need to get into.

Now, back to backing up your personal data, specifically on your mobile devices. For both iOS, and Android, you are given an option to opt out of backing up everything you do on the phone, and that is a very wise option to take. Not everything you do on your phone needs to be backed up. For the majority of the users, they will opt in to back up their data to either iCloud, or Google Drive, and when they do that, they select to backup EVERYTHING. You can actually select what categories you want to back up, and you don’t have give into the urge that you NEED to back up EVERYTHING. Make sure to check your settings on your devices to see what is being sent up to the mystical cloud.

If you really need to set those photos and videos on automatic backups, use DropBox. Set up an account, and enable 2-step veritifacation. Then on your device, enable the “Camera Upload” option in your DropBox app.

5. Use a SaaS (Software as a Service) like LastPass.

This is regarding the first rule. If you have trouble remembering multiple passwords, this is for you. LastPass is a service that helps manage passwords, and it’s all encrypted. It is very secure if you used correctly. LastPass offers different 2-step verification methods, which you definitely need to do. The only downside is that you store all your passwords and account information in one place, with one master password, which should be super hard to crack if you’re smart about it, and not use a simple password like 1234.

There are also similar products like 1Password.


Show your support

Clapping shows how much you appreciated Yufei Fu’s story.