It’s a normal day. You’re at school, work, or home, most likely doing your standard routines and minding your own damn business. You become distracted or bored. You pick up your phone, or go to your laptop or computer, and think of doing a “quick” e-mail or social media check. You’re then greeted by a nasty surprise: someone has tried to log into your account(s)—or worse, accomplished that task—and he/she now controls your online life.
Think that’s impossible? It’s not. Ask Mat Honan about how one hacker wreaked havoc on his digital life. That “strong” password you made with your mother’s middle name, your dog’s name, and a few random numbers? Nope, still weak. You probably won’t get hacked because you’re relatively quiet and inoffensive on social media? We used to think that way—until we received security alerts for several suspicious login attempts.
The cold, hard truth is that as long as you’re online, you’re at risk of having your account(s) accessed and taken over without your consent. Instead of welcoming hackers in with open arms, put up a hell of a fight by sprucing up your security measures.
Here are a few new online life rules to live by:
- Never use the same password for multiple accounts! If one goes, the rest follows.
- Use password managers! Consider KeePass (or its variant KeePassX, and mobile versions KeePassDroid for Android and MiniKeePass for iOS), LastPass, and Dashlane. They save all your passwords for you, and help you generate longer and stronger passwords. LastPass also audits all your password for strength, and Dashlane can change all passwords in one click. All KeePass variants and Dashlane offer its services at our favorite price (free), while LastPass offers a free trial then charges you a minimum of US$2 per month (or around PhP102).
- Activate all available security options! You’ve probably heard about two-factor authentication (2FA) by now. Also called two-step verification, 2FA is a security feature that sends a numerical code to your smartphone, which you then type in so you can access your account. You can set it up so you get your codes via text message, or use apps like Google Authenticator or Authy to generate new codes every 30 seconds.
- Make security redundant! Why stop at strong passwords and 2FA for every account? Go all out with security! Activate SMS and e-mail alerts for suspicious activity, and enable account and/or message encryption whenever you can.
For illustration, we’ll show you how to beef up your security on Google, Facebook, Twitter, Instagram, and WhatsApp. There are more websites that now help you put up your fences; check out Two Factor Auth and this handy guide from PC Mag for more details.
Step 1: If you’re already signed on to your Google account, click on your user photo on the upper right and click the My Account tab. After that, click on Sign-in & Security.
You get three options: changing your password, enabling 2FA, or using app passwords for specific linked apps and services that don’t support 2FA. We say you use all of them.
Step 2: Change your password. Again, we recommend using a password manager for this.
Step 3: Enable 2FA. Google can send you prompts on your phone to confirm login, which is the easiest option. Otherwise, you can use a six-digit code sent to you via SMS, or a code generated by your Authenticator or Authy app.
Step 4: Download backup codes. Google provides 10 backup codes in case you don’t have your phone with you; you can download all codes to your computer in .txt format.
We suggest you go further, and review your personal information and privacy, account preferences, and all account activity. Take a look at the other apps you’ve previously allowed access to your Google account, too. Run Google’s Security Checkup as well. Now’s the best time to be thorough.
Step 1: Click on that downward arrow on the upper-right side of your screen and click on Settings.
Step 2: Click on the Security and Login tab. Here, you can do everything you need to: review past and ongoing Facebook activity and logins, change your password, receive alerts about attempted logins, activate 2FA, and even encrypt your notification e-mails from Facebook. Follow the instructions for every security option, and you’ll be fine.
You can also select three to five emergency contacts in the event that you get locked out of your own account. Make sure these contacts are people you trust unconditionally.
Step 1: Click on the Settings and privacy tab.
Step 2: You’ll see the contents of the Account tab by default. Click on Review your login verification methods, which will lead you to options for SMS verification, 2FA, backup codes, and generating temporary passwords.
Step 3: Click on the Password tab. Again, you can generate temporary passwords for associated or third-party apps, or create an entirely new password for your Twitter account.
As with Google and Facebook, we strongly recommend that you go through the rest of your account options on Twitter. Better safe than sorry.
Unlike your other accounts, your main Instagram settings are controlled via the official mobile app. So grab your phone and start tapping.
Step 1: Tap the three vertical dots on the upper-right side of your screen to bring up the Options menu.
Step 2: Scroll down to the Two-Factor Authentication tab. Activate the Require Security Code option, and get Backup Codes for your account. Unlike other services, Instagram sends you security codes only through text message.
Step 3: Tap the left-pointing arrow on the upper-left corner of your screen to return to the Options menu. If desired, you can change your password through the Change Password tab.
Step 1: Tap on the three vertical dots on your screen’s upper-right section, and select Settings.
Step 2: Tap on Two-step verification, and enable the feature. For this app, the added security step is in the form of a six-digit code you set yourself. You can also set which e-mail address to use for your WhatsApp account.