Justin Massey

Justin Massey

Software Security Engineer

Contact Me

Securing Your Accounts

Ok. You have ended up here because you are concerned about the security of your accounts on the Internet. Whether that reason may be proactive or reactive (darn hackers...), I am here to help you out. The journey to being safe online is not easy, but I will cover the basics on this page. I will add different types of accounts as time goes on, but these should get you started. I will first cover what 2 Factor Authorization means and why it is important. Second, I will define what a secure password is. Finally, I provide information on how to secure your accounts such as Google and Facebook.

Two Factor Authentication

Two Factor Authentication, often referred to as 2FA, is referred to many times in this document and is your account security's best friend. If you don't care to know why you need it, skip this section. But first, repeat after me: "I will enable 2FA on all accounts that support it."

Formerly, authentication was most commonly a user name and password. However, there are 3 different ways to authenticate someone and they are the following:

  • Something you know example: a password or passphrase
  • Something you have example: your phone, a key fob, etc
  • Something you are example: your fingerprint, your face, etc
The phrase "Two Factor Authentication" means using two different authentication methods to authenticate who you are. What it doesn't mean is: enter your password and then enter your childhood best friend. These are two things you know. Most commonly your two factors are something you know (a password) and something you have (your phone). If you enable the 2nd factor as your phone, it requires an attacker to not only steal your password, but also your phone. This simple step increases your security on your account many orders of magnitude.

What if you lose your phone you ask? First, it depends on how you setup the 2FA. It is possible to setup the 2FA to be a text message (which is not recommended, but is better than not having it - read why here) or using a free app such as Google Authenticator. If you did set it up as a text message, once you get a new phone you can login. However, when you set up the 2FA, you can access your "backup codes" which can be printed off and stored in a secure place. In case you lose your phone, you can use one of these backup codes to log back in. Enough about 2FA for now.

Secure Passwords

For every account you have, it should have a secure password. A secure password should be the following:
  • Unique to each account
  • 12 characters (it does not need to have one uppercase, one lowercase, one number, one special character)
Your next question is likely: how do I remember unique passwords for each account? I recommend using a password manager such as LastPass to store your passwords. You can access the passwords on your computer and your phone. It can even generate passwords for you. An alternative is the old school way of writing your passwords down on a sheet of paper and leaving them at home. This is the best way to store your passwords, but I am not opposed to it especially for people who are less computer friendly. Do not save these in an excel spreadsheet on your computer!! If an attacker hacks your computer, he has access to all of your passwords now.

Google (GMail, YouTube, etc)

  • Use a secure password
  • Enable 2FA (link)
  • Review accounts that have access to your Google account (link)
  • Review any passwords that don't require 2FA (link)
    • Note: an attacker may use this as a backdoor to your hacked account

Facebook

  • Use a secure password
  • Enable 2FA (link)
  • Review accounts that have access to your Facebook account
    • Login to Facebook
    • Click the icon in the upper right and corner
    • Click Apps and Websites in the left side menu.
    • Review apps and review what you don't want to have access to your Facebook account

Twitter

  • Use a secure password
  • Enable 2FA (link)
  • Review accounts that have access to your Twitter account (link)

Amazon

  • Use a secure password
  • Enable 2FA (link)

Paypal

  • Use a secure password
  • Enable 2FA (link)

LinkedIn

  • Use a secure password
  • Enable 2FA (link)

GitHub

  • Use a secure password
  • Enable 2FA (link)



If you have questions, comments or want me to add info on securing your account on another website, please tweet at me @jmassey09