I've heard a lot of people talking about online security lately.
Some people are still confused about when to open up an email.
Some people are frustrated about juggling so many passwords, while others still have 123abc for a password -- yes, I ran into this the other day.
Others are worried about letting people see personal information on Facebook.
This primer is the "two-bite brownie" response to online safety, or "cybersecurity." A security fanatic could write a few books on this topic, but this is what you need to know to cut out most of the risks online (making it safer than crossing the street).
If you have only a few passwords, make them unique. No problem. Something like Qt43abst. Here are some fun ideas for choosing unique passwords.
If you have several hundred to remember, that is just not practical. For most websites, you will need a base password, or a series of base passwords, each for a different kind of website.
But make sure that passwords to anything critical are unique. By "critical" I mean where money can be accessed or vital personal data altered. For instance:
- Bank accounts
- Email account
- Domain name
- Home WiFi
Make each of these unique, because if somebody hacks one website and gets a list of passwords, their bots will try them out very quickly on all sorts of important websites (especially PayPal and banks).
Some people still think they can hide personal information from the world. And maybe they can. How far you want to go to hide your identity is up to you. But there are two key principles to remember:
- Whatever information you put on Facebook, Twitter or anywhere else can be used to identify you. So make sure those aspects are not the identifiers used to unlock your bank account or give access to anything else that is critical.
- Never post online about what a great vacation you are having or that you are at the intersection Tenth and Main. There is a good chance that somebody somewhere is just waiting for you to announce that you have left your castle unattended. If you insist on torturing your followers and friends with a pic of your dinner at Chez Mario, wait until you get home and start the post with "Just got home from..." The same goes for vacation photos.
So many people blog, run their own business or have a second online career on the side. That means you have a website that can be hijacked for a plethora of nefarious purposes.
There are too many things that can just shut down your business. Whether the website is your lifeblood or a little extra income on the side, you don't want those headaches. Follow the security tips here to at least cover the basics.
In 2016, do I have to remind anybody of the importance of anti-virus software? Unfortunately, yes. I use Kaspersky. Norton and MacAfee are also mainstream. If you are not in-the-know, don't trust any others, because there are always some hackers trying to get into your computer through their so-called anti-virus products.
Hackers are constantly trying to get into your bank account through email. And there are an amazing number of people who are not sure when they should click on a link in an email.
Here are four rules of thumb to keep you safe:
1. Check if the email is from someone you know and trust, or a company you do business with.
2. Hover your mouse over the link to click, and see what URL (web address) shows up in the bottom left of your browser window. It should match what the email claims it is.
This can be tricky.
Look only at the word before the .ca or .com. For instance:
Real URL: blog.amazon.ca
You know this is really Amazon, because Amazon comes right before the .ca
Fake URL: amazon.wonfict.ca
You know this is fake, because Wonfict comes right before the .ca
In the second example, somebody who owns Wonfict.ca wants you to think that you have landed on Amazon. This is a lot like the Queen transforming herself to look like a trustworthy old hag, so that Snow White will bite the poison apple.
In real life, biting the poison apple is logging into the fake Amazon site, thereby sharing your login credentials with its owner. Big deal, you say? Who cares if someone gets access to your Amazon account? True... but if you ignore my earlier advice, his bot can send your Amazon login credentials across the web to see if they will also unlock your PayPal account or your bank account. That's what happened recently with hacked LinkedIn accounts.
3. If it's from a friend and it smells funny, email them back to see if they really sent you the email, or if a hacker had hi-jacked their account.
4. If the email is from a company, bank or otherwise, never click on the link. Go into your browser and type in the real address of the company and log in directly from your browser. Don't follow a link in an email.
The Internet has the power to destroy a person's reputation forever. Feel like swearing at somebody? Want to show off a tattoo in an extraordinarily private place? Don't. Instead, ask yourself this question:
Would I want to see this announced on a marquee on Main Street?
If the answer is "No," don't post it, even privately in a direct message or chat. Once posted, it is no longer in your hands, and someday a hacker might have way too much fun with it.
There is much more to cybersecurity than can fit in an article or even in a dozen articles. But with this simple cybersecurity primer, you'll be well-armed against most threats.
Follow HuffPost Canada Blogs on Facebook
MORE ON HUFFPOST:
At All Things Digital's D11 conference in May, Motorola's Regina Dugan introduced several possible password alternatives -- one wearable. Dugan displayed a temporary tattoo containing "antennas and sensors" that would transmit a unique signal that could then be picked up as part of a passcode on a digital device. Like any temporary tattoo, it could be peeled off at any time and would last only up to a week.
Dugan also introduced "password pills," small vitamin-like pills that users could eat at breakfast. The pills' contents -- activated by stomach acid -- would send out an "18-bit, ECG-like signal," similar to the kind used in an echocardiogram. The signal would work as secure authentication on digital devices, and last about 24 hours -- until the pill was passed out of the body.
Technologist Amal Graafstra has been injecting radio-frequency identification (RFID) chips into people's bodies since summer of last year. When hit by a radio signal, the chip emits a signal of its own: Forbes describes it as "a unique identifier number that functions like a long, unguessable password." Hackers like Graafstra have programmed smartphones, computers and even car locks to recognize the signal given off by their implanted chips.
The technology now used in Microsoft and Android's picture passwords may be our best hope for replacing alphanumeric codes: after all, unlike tattoos, chips and pills, they're already on the market. But experts question the security of such gesture-based authentication; though taps and swipes may be harder to guess than strings of numbers and letters, telltale smudges and even covert video recordings could allow hackers to break in.
Companies including Diebold and Finnish startup Uniqul have started experimenting with facial recognition as authentication. The good news? You're unlikely to forget your face. The bad news? Currently many facial recognition systems can be fooled by photographs.
Every person's heartbeat is unique -- so unique that no pattern of beats ever repeats twice. This may make heartbeats perfect passwords; Taiwanese scientists have recently devised a heartbeat-utilizing encryption scheme based on the mathematics of chaos theory. Currently the Taiwanese system is still a prototype, but researcher Chun-Liang Lin hopes to eventually "build the system into external hard drives and other devices that can be decrypted and encrypted simply by touching them."
Like heartbeats, eye movements are unique, hard to forge, and possibly excellent passwords. Researchers at Texas State University - San Marco are currently studying ways to turn eye movement into authentication.
Follow David Leonhardt on Twitter: www.twitter.com/amabaie