Santa will soon come down the chimney, but there are potential entry points into your home and digital life that you should never leave open.
Many of us associate early December with the first snowfall, Holiday preparations and the beginning of Advent. And what better way to celebrate the preparations for the most wonderful time of the year than mark Advent with special treats, especially after a year like none other?
At WeLiveSecurity, our goal and our wish for you and your loved ones is to be and stay safe online. This is where our Cybersecurity Advent Calendar series comes in. Along with daily tips shared on ESET’s Twitter account, we will, in the run-up to Christmas, publish a series of articles containing advice you can easily implement into your daily routine and ultimately gift yourself better online security and privacy.
Let’s dive right in.
- For a whimsical Holiday, make sure none of your passwords appears on the Naughty List, also known as the list of the most popular passwords. If it does, be good and change it!
The first step – protect the entry points. You would not leave your door unlocked and let anyone but Santa come down your chimney, right? Likewise, using safe login details and good password hygiene is essential.
Overused passwords may be easy to remember, but they are just as easy to crack. Commonly used passwords, like the infamous “123456”, “qwerty” or “password”, among many others, provide an easy path for hackers. There’s hardly any comfort in finding out that any of your passwords figures on the Naughty List – do yourself a favor and change it.
- Christmas elves are working hard this season, and so are cybercriminals. Protect yourself by using strong passwords – or better yet, passphrases!
The best credentials would be easy for you to remember, while impenetrable for cybercriminals. Hackers will often use brute-force attacks to crack their targets’ passwords. The longer the password, the longer it takes them to crack it. Passphrases, comprised of a succession of words, are ideal, as they can be extremely complicated to brute-force while easy for you to remember.
For example, it takes no time to crack “qwerty” or any infamous password, while my nickname, “Gaby”, can be cracked in the blink of an eye. Hackers could crack a random password like “#a3i5P” in about an hour, which might, however, be also the time it would take you to retrieve it from memory. On the other hand, it would take many years with today’s computing power to crack “GabyHasASuperNiceCat”, which you probably already remember.
This short video can also help you create strong passphrases:
- Recycling gift bags can help the planet. However, recycling your passwords will only hurt your safety and privacy.
If you often read WeLiveSecurity, you know that we cover major data breaches almost every week, while many smaller breaches go under the radar. Cybercriminals have more than one tool up their sleeves when it comes to breaking into your accounts. One common tactic is credential-stuffing attacks, where hackers use previously breached credentials from an account or service to try to get into another account or service.
If any of your login credentials have been stolen and you use the same username/password combination for other accounts, criminals could access these with no effort. Never recycling your login details makes criminals’ lives harder – and keeps your own life safer!
- Sharing is caring, and that’s doubly true during the Holiday season. But it’s not a good idea when it comes to passwords.
Do not share your passwords with anyone. Others may not be as careful as you are. Moreover, if you share your credentials with several people, who might then also share them with their friends, roommates, etc., you’ll soon lose track of who has your credentials.
If you absolutely need to share your access with a relative or close friend, a more sensible (and safer) approach might be to log them in directly yourself and ideally only into low-value accounts where you don’t store your most sensitive personal information.
- Use a trustworthy password manager solution to keep all your passphrases safe with only one passphrase for you to remember.
You may be thinking about everyone during this season, and all through the year. There is good news. You do not have to spend too much time and energy to remember all your credentials – even passphrases!
A trustworthy password manager will safely store your login data. But what is a password manager? In short, it is an application or service designed to save and store your credentials in an encrypted vault to protect them. Moreover, it can also generate complex, and therefore safer, passwords for you to use – though you can certainly create your own, of course.
To access all your credentials, you will only need to remember one password or passphrase. This unique password – also known as “master password” – enables you to access your vault of login credentials for apps, services, websites, and more.
- A safety breach could be the Grinch who stole your Holiday spirit! Regularly check that none of your accounts has been breached.
As mentioned above, breaches are sadly a common theme of our time. Since there are countless online platforms and services and the threats are ever more acute, chances are you won’t be able to shield yourself from a breach affecting your data – even if you implement all the best safety policies.
Therefore, it’s important to check regularly to see if your credentials have been stolen. Services like HaveIBeenPwned can provide you with valuable insights, as they gather lists of emails and passwords that have been compromised in past breaches.
A search on this service will not only turn up a list of breached accounts associated with your email, but also the type of data that were compromised. You should certainly change your password for all the breached services associated with your account. Moreover, if you reused the same credentials on other services – which you of course do not, right? – you should also change those. Some breaches also include financial and credit card information. If applicable, you may want to contact your financial institution and credit card provider (for example), as well as check your future statement for suspicious transactions.
- You stack gifts under the tree, but you can also easily stack safety layers. Implement 2FA whenever it is available.
If you are a frequent WeLiveSecurity reader, you have probably heard a lot about two-factor authentication (2FA). Two-factor authentication – or better yet, multi-factor authentication – means that logging into an account would require more than merely the login credentials. It is based on the three classic authentication factors, more commonly known as “something you know, something you have, and something you are”. You obviously know your password, but others may also know it. It is, however, unlikely that a cybercriminal would also have access to your phone, for example. Therefore, 2FA authentication requiring you to log in in using both your credentials and a code supplied, for example, by a hardware security key or an authenticator app would provide you with simple, yet effective, safeguards.
If anything, this really is the main takeaway from this week’s article: For the most part, better protecting yourself and your data is not complicated, and it certainly doesn’t require a technical background. All you need is an understanding of the threats and ways cybercriminals operate, some easily available tools, and a willingness to protect yourself and your loved ones!
Stay tuned for next week’s advice, which will cover safer online shopping. In the meantime, why not sign up for our newsletter?
written by Gabrielle Ladouceur Despins, ESET We Live Security