How to secure your online identity


Seeking private investigator services? Get a free consultation today.

Introduction

If you are interested in how to secure your online identity, look no further. The 21st century is becoming more and more attached to cyber infrastructure and reliant on computers as a whole. In this day and age, it is not optional to opt out of online activity. The best way to protect yourself is to have a fundamental understanding of computer systems and follow the steps below to safe guard your privacy.

Get a password manager

LastPass, Dashlane, 1Password, and Keeper are all excellent choices of password managers that can be used to securely store passwords. This is required to maintain the lists of passwords you will have to juggle, even if you use a service like Google single sign on (singing in to a website with your Google account). Password managers will help you store your passwords in a safe way. They also typically come with or integrate with dual factor authentication mechanisms which is a necessity we will discuss a bit later. Further, they can be used across all your devices and automatically input usernames and passwords to save on time typing them. Most have the ability to store other information such as notes and credit cards as well. A password vault will be protected by a master password, more on this below.

Audit your passwords

The reason you want a password is because you need to create separate passwords for any and every account you have. You should never use the same password twice and it would be impossible to do this without a password manager/vault easily accessible.

Many people know that you should not use the same password twice but they do not understand why. The answer is rather simple, data breaches. When websites and companies have poorly designed security and are compromised such as the Equifax breach, their password dictionaries can be downloaded. These dictionaries contain hundreds of thousands, sometimes millions, of passwords. When the attacker generally gets their hands on this database it is leaked or sold on the dark web. Once there, other attackers can use this dictionary to conduct a dictionary attack on your usernames on other accounts. This reduces the time it takes to gain unauthorized access into your accounts because they already have your password. Never reusing your password defeats this problem in most circumstances. Do not reuse your password, ever!

Use strong passwords

As mentioned previously, your password manager will have one primary master password that will allow you to access all your other passwords. This master password should be at least 20 characters long and be composed of letters, upper and lowercase, numbers, and symbols. You should craft this password in such a way that it is not using real words but is memorable. Substituting certain symbols for letters such as c@r is considered a real word and should not be used. Rather, you should consider using bits of words separated by symbols such as Reedi.zaelly#461-daz . (Don’t use that as a password) This will help you memorize the password without exposing it to any word that is in a dictionary, helping to thwart attacks built on dictionary attacks.

For every other password that is stored in a password vault, consider using a password generator. Many password generators will automatically create random strong passwords and are integrated into your password vault. Once generated, the password vault will normally save it and associate it to your username, solving the issue. Your passwords should contain a minimum of 14 characters and meet all the same restrictions as your master password.

Use dual factor authentication

Dual factor authentication focuses on what you have as a part of your authentication process. Authentication is the computer trying to decide whether or not you are who you say you are. Typically, this is done by the use of passwords and then tokens. However, sometimes a password just is not enough. The best way to strengthen your account, especially your password vault, is to set up dual factor. Dual factor will send you a code to your phone or password application after you enter your password. Think of it like a second means of protection. Even if your attacker somehow compromises your password, they would not have access to your dual factor mechanisms, functionally locking your account.

Audit social media and ensure it is private, or rid it altogether

Individuals will always continue to overshare on the internet things about them that they otherwise wouldn’t and certainly shouldn’t. This is an easy way for attackers to scope out information about you. Many people post their locations and various bits of other data that can be used against them. Security questions that ask for your pet’s name and mother’s maiden name are normally easily found on social media sites. It is imperative that you restrict or remove your social media presence and not use public bits of information for authentication (password) means. If you absolutely have to have it, be sure to keep it as private as possible. You want to minimize the amount of information available regarding your online identity.

Use anti-malware / anti-virus & keep updating

If you have Windows 10 and keep rolling updates then Windows Defender is already included and will generally suffice. However, there are additional services such as Comodo anti-virus that will add an additional layer of security with a HIPS (Host based Intrusion Prevention System) that may offer a slightly more sophisticated layer of security than the built in Windows Defender.

Updates are incredibly important to your system’s security. Always allow updates to roll when they are available. Putting off updates can seriously compromise security regardless of what other measures you take.

Audit tracking and location settings

No one should know where you are, where you are going, or where you’ve been every day, so Google should not know either. Be sure to audit and disable tracking services for advertisements, location services, sharing settings for media, and audit single sign on permissions. These services track your online identity and associate presence. Search for services you no longer use and revoke permissions for them to use your accounts. If you use Google or Microsoft to sign into other applications, this is single sign on (SSO) and should be audited routinely. Services can be exploited to leverage access into your account so each website you use SSO with should be trusted.

Do not use Microsoft accounts to sign into Windows

Microsoft loves this idea because they have mass control over every PC, however this should be avoided at all costs in order to secure your online identity. You should never use a Microsoft account to sign in to a local PC that you own. When you set up your PC, be sure to make a local user and not sign in with an email. If that Microsoft account is ever compromised, it could potentially compromise every PC you’ve ever been signed in on. This can be a disaster waiting to happen as it is a single point of failure, but far less secure than LastPass as it includes many tracking services that most people cannot manually remove, private network, file access, and has little utility in the risk assessment game. Just don’t waste your time or expose yourself to this risk.

Use an identity guard solution

There are many services out there that monitor your private information and online identity on the internet and the dark web, and will alert you if something is found. Additionally, they may protect your credit by asking if someone is attempting to run up a debt in your name. Best yet, many of these services cost less than $10 a month. Banks, credit unions, credit companies, and cyber security companies offer these services and they are certainly worth it. It is another layer of security that will protect you from a ‘defense in depth’ approach. If someone attempts to use your information without your permission, you will be alerted. (link)

About us

Spectre Intelligence is a private investigation and intelligence firm located in sunny Round Rock, TX (Austin area). If you need investigation or cyber security services, visit us at www.spectreintel.com and www.spectretechnology.com