This post may contain affiliate links, meaning at no additional cost to you I may earn a small commission when you click a product or company link. As an Amazon Associate I earn from qualifying purchases.
Sometimes it feels like the Internet owns us. Practically everything we do we can do online–our shopping, our interaction with friends, our research… We have accounts everywhere and could feasibly live almost our entire lives without ever leaving the house. (Not that it would be healthy to do so. But it would be possible.)
With so much of our lives online, it’s crucial to know how to secure our online accounts. On our homes we install locks and security systems to protect our physical assets. But what are we doing to secure our online assets?
Table of Contents
Your most important account
Before we talk about how to secure your online accounts, it’s worth taking a moment to discuss which of your online accounts is the most important.
Hint: It’s not Facebook or Instagram or any of your social media accounts. It’s not even your Amazon account (as much as we all love our free 2-day shipping!)
Believe it or not, your most important online account is your email account.
Yes, I know… You’re probably thinking, “I never get any real emails anymore. It’s all junk that I don’t remember signing up for or shopping ads for sites I once bought shoes from. Or spam.”
If you’re like me, you probably have about 1000 unread emails because it’s just too daunting to go through and delete everything you don’t care about.
But here’s something else that goes to your email account: your password reset links. Anyone who knows your email address and has access to your email account has access to any other account connected to it.
Someone with the keys to your email account basically has the keys to your entire life on the Internet.
So how can you keep your email account (or other accounts) from getting hacked?
1. Don’t click on random links.
Have you ever gotten an email that says something like, “There’s a problem with your account. Click here to login and fix it”? Here’s a tip: don’t click that link!
Here’s the thing. It’s super easy for hackers to make a link *look* legitimate when it actually goes to a fake site they’ve set up.
For example, they may take a site like gmail.com, replace the “l” with the number “1” and send you to gmai1.com. Then they create a login page that looks like the real gmail login page, or at least close enough to fool some people. You enter your email address and password to “fix” your account, they take note of the information you entered, and voila. They have access to your email account.
Fortunately, spam filters do a decent job of filtering out these kinds of emails, but the emails still get through sometimes, so it’s important to recognize them when they happen. According to this report [PDF] 91% of online attacks begin with this kind of attack.
Instead, if you need to log in to any online account, type the site address directly in to the browser address bar. This goes for your email and for any other online account you have.
By the way, sometimes those links come from people you trust, too, and I see them sometimes in my Facebook messages. So just keep your eyes open. If your best friend’s email account was hacked, that link they “sent” you may actually be a way for the hacker to access your account too.
Related: What Happened When I Deleted the Facebook App
Fun story: once I got an email from a friend who was supposedly sharing a Google document with me. I had no idea why that friend would be sending me a document, so I replied to the email to make sure that it was actually from the friend.
I said something like, “Just wanted to make sure this is actually from you.” Turns out the hacker was still in my friend’s account and replied with, “Yep, it’s from me. Go ahead and open the file.” I hovered over the link to see where it went, and it was definitely NOT to the Google Docs site. So I deleted the email and sent my friend a text to let her know what was up.
For more on identifying these emails, check out my post on the anatomy of a phishing email.
2. Make sure you’re using a secure password.
The key factor here is length–the longer the password, the better–but randomness helps too. Generally speaking, the longer and more random your password is, the better. Adding a couple numbers or symbols to a dictionary word is *not* strong enough. Need help creating secure passwords? Check out these tips.
3. Don’t reuse your email password anywhere else.
Just don’t. It’s a really, really, really, really, really bad idea. Because you better believe that if that other site gets hacked the bad guys are going to be trying that password on your email account… Or any other online accounts they think you might own.
4. While you’re changing duplicate passwords… delete any unused accounts.
It’s not that unused accounts are dangerous, per se, but the fewer online accounts you have, the smaller your attack surface is. It’s often those online accounts we’ve forgotten about that get hacked, and from there it can be a small step to get into more important accounts. (See above about not reusing passwords.)
5. Turn on two-factor authentication.
These days most important online accounts provide two-factor authentication. Basic two-factor authentication involves the combination of something you know (your password) plus something you have (some sort of code generator).
In most cases, turning this feature on means you’ll get a text or have an app on your phone that gives you a random number to enter when you login to confirm it’s *actually* you (or at least someone in possession of your phone) and not just someone who figured out your password.
So long as a hacker isn’t physically in possession of your phone, setting up two-factor authentication is a pretty simple way to protect yourself even if a hacker gets your password.
6. Set a PIN or passcode for your phone.
While we’re on the topics of phones… You may trust your friends and family 100% and not feel like you need to set an unlock PIN for your phone. That’s cool–my husband and I know each other’s phone PINs. That doesn’t mean I don’t set a PIN.
I’m willing to bet you never leave the house without your phone. Am I right? What happens if you forget your phone somewhere? What happens if someone picks it up and gets into your email app and sees that you get emails from your bank?
It’s so easy to set a PIN, and the extra security is worth it.
Related: You probably don’t need encrypted email. Here’s why.
What do you think?
How many of these tips do you already practice? What areas of securing your online accounts do you need to work on?
Want more tips like these?
I invite you to join my Facebook group, where we are “Discovering Digital Intentionalism.” Join us to become part of a growing movement of individuals seeking to declutter, organize, and optimize our digital lives.
