By ZACH NOBLE
So there I was, surfing the World Wide Web in my oversized long-sleeved polo. I slide on up to this random stranger on a bench, and I’m like, “Hey, lemme just expose all my data to you.”
At least, that’s what it feels like sometimes.
I write about tech for a living, but I can’t remotely claim to feel confident about my security online. I actively do a lot of things that could be dangerous – connecting via public Wi-Fi, plugging in my passwords on myriad devices – and then I trust a bunch of places with my data. You know, like health insurance companies and Home Depot and the IRS.
Crud, they’ve all been hacked.
If I were a smarter, less busy man with a less full schedule and a less pregnant wife, I’d have already gotten around to fully implementing all the items on this list. But, honestly, I haven’t, because I’m a big dumb idiot and I’d rather blog about it instead.
You, on the other hand, don’t have to be a big dumb idiot. You’ll never be completely safe (the Internet is a treacherous mistress), but you can limit your exposure with this tactic septet.
Aiming at the truly lazy and overwhelmed, I’ve tried to rank them from easiest to hardest so you can give up at any point along the journey. (I do actually do some of these things. Just not all. I’m not saying which ones.)
1. Lie …
… to the answers for security questions online. (This is a real suggestion from a respected cybersecurity think tank, and it’s awesome.)
Anybody can look up your high school mascot or your mother’s maiden name, so when you’re setting up a new account and the company prompts you to set up these question/answer combos, you’re basically giving someone a free pass to reset your account if you answer truthfully. Instead, make some stuff up.
What your mother’s maiden name really was doesn’t matter; all that matters is that YOU (and only you) can remember the answer to the question. Plus, you can chuckle silently every time you enter “William Hung” as the name of your first employer.
2. Delete those apps you never use
You downloaded Angry Beavers AND Ornery Beavers, because you wanted Angry Birds but didn’t want to pay for it. Both of the free Beavers games stunk, but you left them on your phone, along with 79 other apps you never use. Bad move. As it turns out, nearly every mobile app out there has some kind of security flaw, and your phone is a gold mine of personal information just waiting to get hacked.
3. Lock your darn phone
Set up a four-digit PIN or other lock-screen barrier. If you don’t, your gold mine is just waiting to be plundered. Bonus: Setting a lock screen PIN automatically encrypts the information on iOS devices.
4. Don’t trust password managers
There’s a saying about a totality of eggs and a single basket.
Password managers are life-changing-ly great only until they get hacked because of course they will, at which point they become kind of a huge pain.
5. Take your passwords seriously
The same folks who said to lie on security question set-ups, the Institute for Critical Infrastructure Technology, recommend that you devise a password-generating scheme that revolves around a book.
Take the first letters of the third sentence on each page, for instance, to generate random strings of characters that you can easily reference with your copy of the book (and if you lose the book, just pop by a bookstore, they still exist!). With this approach, changing your passwords every few months isn’t too tough, since you can just flip a page.
Is that too tough?
Well, at least don’t use the same password for multiple sites. Please?
6. Enable two-factor authentication
Google and Twitter practically harass you until you set this up, for good reason.
Two-factor authentication is a powerful extra barrier that can stop someone from jacking your accounts with just your username and password. It’s so useful, the federal government has held a whole “cyber sprint” this summer that focused on getting federal agencies to make their employees do it.
7. Freeze your credit
This advice is straight from the unofficial patron saint of cyber security, Brian Krebs, so you know it’s legit.
It’s also probably the most intrusive.
You have to go to each of the three (four?) credit reporting agencies to individually request a freeze, and you need to pay $10 or $15 for the privilege. Then they’ll give you a PIN to remember for when you need to unfreeze.
The massive benefit here is that if a ne’er-do-well nabs your personal info, they should be stopped cold when they try to set up a fraudulent account in your name only to run into the credit freeze. The downside, of course, is that you’ll need to get your credit checked from time to time.
When you’re applying for a loan, moving or anything else of that nature, you’ll need to contact the bank/apartment complex/whatever ahead of time and find out which reporting agency they check with. They almost definitely will have no idea what you’re talking about (personal experience). You’ll then either need to push harder to figure it out or just break down and pay to unfreeze with all the agencies (and then refreeze after your loan process is wrapped up).
It’s a massive pain, but considering that your personal information is almost definitely already on the black market, it could be your best defense against paying for some other guy’s shopping spree.
Zach Noble is a journalist who has covered everything from the OPM hack to a rescue dog's retirement party. He's been wrestling to reconcile his bleeding heart Catholicism with his pragmatic libertarianism since that freshman year love affair with Ayn Rand. He tweets erratically as @thezachnoble.