Have you considered Target Hardening your online accounts?
Popular recommendations suggested to help protect online accounts, include the use of a different password for your Email addresses, Social Media Accounts, and especially for your Online Banking Accounts. Essentially we are encouraged to treat our passwords like we would our underwear – Change them regularly, Keep them private, and for God’s sake don’t go sharing them with anybody.
If you really want to ensure your online life is secure, it is time to consider having a different Email address, for each of your Online accounts. Creating one Email Address specifically for each Online Account, especially for your Online Banking accounts.
Why should you use a different email address for every online account ?
If a company you have an online account with experiences a data breach; those responsible will know your Personal Email Address and Username. This is very valuable information. Now all that is required, is figure out the password, this can be achieved by simply running a script or attempting to brute force the Password.
Once the password is known, the Email account is now compromised, enabling the intruder to gain access to a lot more of your personal information. Emails can be scanned to search for bank account details, online statements, or other information which can be sensitive. Data breaches have occurred where users created a passwords list and hid it in an email, to help remember them.
This can cause a lot of problems for the user if it were to be discovered. Another common scam is for the intruder to send emails from the compromised account to people in the contacts list, asking them for money under the pretense that the sender is in need of urgent financial assistance to help you out of a situation.
If the target has uses only one email account, they are incredibly vulnerable as this is a Master Account which has been used to connect to all other services. This one email address has been used for logging in to Amazon, Ebay, Facebook, etc. An attempt can be made to access these accounts with the password connected to the compromised account. If this fails, further attempts can be made to log in with the compromised email address, using the “Forget My Password” option.
Using a Two Factor Verification will strengthen the account against this form of attack. Once enabled, the account requires a second form of verification, a code sent to your mobile device, normally a 6 digit code, once entered gives access to the account. Without a second way to verify an account, it is just a simple matter of resetting the password.
Your digital life is now no longer your own. The Hacker can now take full control of your online life just by creating their own passwords which will lock you out of your own accounts. They may choose to post embarrassing content on your Social Media accounts, transfer money, delete important data, such as your contacts, and even delete the sentimental images saved in your cloud accounts. The potential for damage that can be done is frightening.
Now is the time to “Target Harden” your digital life. This can be easily done in a few simple steps:
- Use a different Email address for each on-line account
- Ensure you use a different passwords for each account
- Change them and change them regularly, once every three to six months.
- Create a long Password
- Never reuse a Password
- Consider using a password manager which can help you generate new passwords and store them.
Two Factor Authentication
- Add an extra lock on your Digital Door. Two-factor allows you to use another layer of security to increase the protection of your account.
- A onetime code is generated and can be sent to you either using an app like Authy or Google Authenticator, or you can get the one time code sent to your phone.
- The two factor code will expire in 30 seconds, before it then changes to a new code making it hard for any remote observer to guess the access code.
- With so much Personal Information available online it is more important than ever to secure and protect it.
Mr Rory Harrison MSc
Forensic Computing, Cybercrime
Personal Privacy Expert