There may be more sensitive and important accounts like those connected with money management and savings and other less important ones, like online gaming accounts, but the most correct way to approach online life is to consider all online profiles with the same relevance, especially when it comes to protecting them from hackers.
Every Online Account Matters
Facing security violations against a banking account has different consequences when compared to those connected with a violation of a gaming or online movie streaming account. Still, the best way to stay safe when using the internet is to start dealing with accounts as if they are all critical and worthy of the same level of security. Facing a hacker attack against a personal account may have practical consequences that become more critical when money is involved, as well as psychological ones. At the end, an online account is like a digital home where people tend to keep all the things that may have some importance to them. It may be their money, emails or photos; yet, there is a common element to all the violations committed against accounts, independently from how important they are to someone’s life: they are an intrusion into something people own. If one wants to relate this to something outside the internet, a violation against a banking account is like having a thief entering someone’s house and emptying the vault hidden inside it, while the same violation against a gaming account may be compared to the thief managing to access the cellar and stealing some goods that have not much relevant monetary value. Still, it is a violation of private property and, more specifically, an intrusion into someone’s private life. If the general internet user used to adopt the same way of thinking when it comes also to their digital life—without ending in a banal categorization of accounts in which banking needs military level security while cloud archive containing photos of the cats can be easily protected with just ‘1234’ as the password—maybe there would be a far better culture of online safety. Finally, there are universal rules when it comes to protecting an account from hackers, so applying all of them to every online identity without making categorizations is surely the best way to behave responsibly when it comes to managing online accounts.
Multi-Factor Authentication Is Safe but Not Yet So Common
Multi-factor authentication ensures the best safety because it adds a third layer of validation not based on already known credentials but on something generated at the moment. It can be a temporary OTP code sent via SMS or generated through an authentication app or an authorization provided through a physical token or an app installed on a device. The following table shows how multi-factor authentication can play a crucial role in online safety. The main issue with multi-factor authentication is that, despite its relevance for online safety, it is still not an option enabled by all online service providers. When one thinks about this third authentication passage, the first websites that come to mind are those of the most influential online companies like Google, Facebook, Twitter, Microsoft and Apple. Also, online banking services enable the user to add a third authentication factor, most of the time by enforcing it as a default choice. The user should think about how important this additional layer of safety is for every online identity without relegating it only to bank accounts. The biggest issue with multi-factor authentication is still the lack of popularity it has among online service providers. While a Google or Facebook account can be easily protected with multi-factor authentication, small online stores, online games platforms and other services managed by small and medium companies do not always offer this third layer of safety. That’s why one should enable it whenever available, but never consider it as if it is the only safety measure to take, as not every online service supports it. Using strong and unique passwords on different websites is the most basic security advice almost everyone gets when instructed on how to strengthen their accounts from hackers. Still, there is much more to ensure your online safety, with or without multi-factor authentication.
1. How to Manage Passwords
Using strong and unique passwords for each account is the first step to improving online safety but, sometimes, one doesn’t think about the basic need for this strategy to work: ensuring also safe storage of the different credentials we are going to manage. Storing them in an encrypted password manager is a good idea but also the password manager of a browser synced with a Google, Microsoft, Apple or Firefox account may be a good alternative, even if this solution is less safe than having a specific software with encryption included. It all depends on the devices one sync their passwords with, how often are they kept updated, how many users have access to, how much is ensured the safety of the account used for syncing passwords with.
Using Google Password Manager
Google Password Manager is already integrated with the same account used for Gmail and other services, making it easy for everyone to keep credentials in safe storage even without relying on external services. If we are already loyal to the Google ecosystem, we can enjoy having our passwords stored there. These will then sync across all the devices we use with the Google Chrome browser.
Can Credentials Saved on Google Password Manager Be Hacked?
Google is safe enough to consider low-risk the likelihood of having our login data leaked due to an attack. Google services are critical, so engineers behind them put their best effort into keeping them safe at all times. Of course, no system is 100% secure, yet, storing passwords on a Google Account is a great idea to balance security and convenience, especially if we protect the account with multi-factor authentication and avoid jailbreaking our mobile devices.
2. Using Custom Email Addresses
Custom email addresses bound to a registered domain name are often associated with an added value to the online identity of companies. Having a personal domain name may work also for individuals establishing their online identity, even if they don’t have a website (a domain name can be easily associated even with a social network profile). At a small yearly price, a domain name can be of great value. Still, not many people may imagine it can also play a great role in protecting accounts from hackers. To better understand, let’s imagine a user who runs most of their online life around the Google ecosystem. He has a Gmail account and stores documents on Google Drive and photos on Google Photos. He may decide to register a domain name through the Google Domains service, which is already tied to their Google Account. Then, he can create email aliases that can connect to their main Gmail account, so that every email sent to the aliases is forwarded to it. Having the ability to create aliases with a personal domain name means having a great power tool that definitely strengthens the security of online accounts: unique email addresses in addition to passwords. This means that the same email address can be used as if it is a secondary password, by generating long and random aliases that end with the domain name. The following table can be an example of how the password manager list of someone using this security technique may look.
3. Stay Safe While Surfing the Internet
This last piece of advice ends in the banal recommendations almost everyone knows. Still, there is no point in setting unique email addresses and passwords if one falls into the first phishing email they receive, doesn’t update their antivirus software and surfs suspicious websites. Considering that social engineering and phishing attacks still work well despite the various ‘it will never happen to me’ ideas many people may have, one should also think of the first basic safety rules before applying the most advanced ones, like generating email aliases for each account and applying multi-factor authentication whenever available. Only with the combination of basic and advanced security rules can one achieve something that may be considered the highest level of security they can aspire to reach. This article is accurate and true to the best of the author’s knowledge. Content is for informational or entertainment purposes only and does not substitute for personal counsel or professional advice in business, financial, legal, or technical matters. © 2022 Alessio Ganci
