Search
Close this search box.

Online Identity – Protecting yourself from Theft

In this digital age, protecting your online identity is essential. Cyber criminals are constantly on the lookout for ways to hack into your accounts and steal your sensitive information. One of the best ways to enhance your cybersecurity is to use strong, unique passwords for each of your online accounts and enable two-factor authentication (2FA) wherever possible.

There are a number of great tools available for the average user to help safeguard themselves. In this blog post, I will walk you through the process of managing your passwords using 1Password and setting up Two Factor Authentication (2FA) using Google Authenticator for popular platforms such as Gmail, Facebook, Instagram, and LinkedIn. Following these tips and expanding on them to the rest of your accounts will make it that much more difficult for a thief to steal your information. Further, if it does happen, it will limit the impact to a single service, protecting the rest of your information!

Importance of Unique Passwords for Every Website and Application

Online Identity - Keyboard showing a thumbprint for an enter key - Passwords are Critical treat them that way!

Why You Need Unique Passwords

Using the same password across multiple websites or applications is a dangerous practice. If a cyber criminal gains access to one of your accounts, they can potentially use the same credentials to compromise other accounts. By using a unique password for each site, you significantly reduce the risk of unauthorized access to your accounts.

To get a view of how this can work, take a look at HaveIBeenPwned, a website that you can lookup your email and see all the breaches you have been caught up in. By having unique passwords for every account, if your password is stolen at foo.com it can’t be used to attack your bar.com account. This is called “Password Stuffing” and thieves count on human laziness – up your game to beat them.

Creating Strong Passwords

A strong password is one that is difficult for others to guess or crack. Best practices say that it should be at least 12 characters long, include a mix of upper and lower case letters, numbers, and special symbols. Avoid using easily guessable information such as your name, birthdate, or common words.

Optimally credentials should be randomly generated and only used for a single application or website. For the best protection they should be changed often, at least every 90 days for critical applications such as email, banking and similar.

Identity Management with 1Password

What is 1Password?

Identity Protection - iPassword application

1Password is a highly recommended password manager that stores and encrypts your login credentials, allowing you to use complex and unique passwords without the need to remember them all. It also helps you generate strong, random passwords for new accounts and can securely store other sensitive information, such as credit card numbers and secure notes.

Using its browser and mobile application plugins, it can automatically fill in your user credentials making it simple to enable the best protections for your user names/passwords. It also can sync across all of your devices so you are protected on your phone, tablet and computer.

Another benefit is 1Password will run security reviews (called Watchtower in the app) of your credentials and remind you if a website supports Two-Factor Authentication (2FA). It will even notify you if a website you use has been hacked – so you know to change your password!

Online Identity Protection with 1Password Watchtower audit

Setting Up 1Password

To get started with 1Password, follow these steps:

  1. Visit the 1Password website and sign up for an account. They offer a free trial, so you can test it out before committing to a subscription plan.
  2. Download and install the 1Password app for your computer or mobile device.
  3. Create a Master Password for your 1Password account. This password should be strong and unique, as it will protect all of your stored credentials.
    • This is the one password you will need to remember – and it is the key to open your password vault, make it difficult to guess and keep it safe!
    • Another option is to look into hardware tokens to protect your 1Password account. A great example is a YubiKey. This option is a bit more difficult, and has a cost for the hardware token. If you are interested in that route read the information and decide.
  4. Install the 1Password browser extension for seamless integration with your preferred web browser.
  5. Begin adding your existing login credentials to your 1Password vault. You can also use the password generator to create new, strong passwords for your accounts. (Strongly suggested!)

Two-Factor Authentication and Google Authenticator

What is Two-Factor Authentication?

Identity Protection: Two Factor Authentication Processes

Two-factor authentication (also known as Multi-factor authentication) adds an extra layer of security to your online accounts. In addition to your username and password, 2FA requires you to enter a temporary code that is sent to a device you control, such as your smartphone. This means that even if a cyber criminal manages to obtain your online identity, they won’t be able to access your account without the 2FA code. What follows is a quick guide on how to install a free 2FA application, and set up the credential protection on a few of the more popular websites. You will also want to check with your financial and healthcare providers on how to do it on those sites as soon as you can. If not faster šŸ¤”.

Google Authenticator

Online Identity - Protecting yourself with Google Authenticator

Google Authenticator is a free mobile app that generates 2FA codes for various online services. It is widely supported and easy to use. To install and set up Google Authenticator, follow these steps:

  1. Download Google Authenticator from the Google Play Store or the Apple App Store
  2. Open the app and follow the on-screen instructions to set up your first account.
  3. You’ll need to scan a QR code or enter a setup key provided by the website or service you’re adding. We’ll cover this process for Gmail, Facebook, Instagram, and LinkedIn below.

Enabling 2FA with Google Authenticator for Popular Online Services

Our online identities are important to us, and having them hacked into can be simply annoying to down-right devastating. Having your email account hacked into or hijacked is even worse as if someone has access to your email, they can have passwords reset across all your other platforms.

To help prevent these attacks, here are instructions for enabling 2FA on some of the more prevalent services. Nearly all services have a 2FA option, and should be used wherever possible – especially financial institutions, healthcare services and again I can’t stress this enough – your email account!

Gmail Credentials

Online Identity - GMAIL security

To set up 2FA for your Gmail account using Google Authenticator, follow these steps:

  1. Visit the Google 2-Step Verification page and sign in with your Google account.
  2. Click “Get Started” and follow the prompts to enable 2FA.
  3. Under the “Authenticator app” section, click “Set up.”
  4. Select your device type (Android or iPhone) and click “Next.”
  5. Open the Google Authenticator app on your smartphone and scan the QR code displayed on your computer screen.
  6. The app will generate a 6-digit code. Enter this code on the Google 2-Step Verification page and click “Verify.”

Facebook Identity

To enable 2FA for your Facebook account using Google Authenticator, follow these steps:

  1. Log in to your Facebook account and navigate to the Security and Login Settings.
  2. Scroll down to the “Two-Factor Authentication” section and click “Edit.”
  3. Click “Use an authentication app” and click “Continue.”
  4. Open Google Authenticator on your smartphone and scan the QR code displayed on your computer screen.
  5. The app will generate a 6-digit code. Enter this code on the Facebook page and click “Confirm.”

Instagram Account

To set up 2FA for your Instagram account using Google Authenticator, follow these steps:

  1. Open the Instagram app on your smartphone and navigate to your profile.
  2. Tap the menu icon (three horizontal lines) in the top right corner and select “Settings.”
  3. Tap “Security,” then “Two-Factor Authentication.”
  4. Toggle on “Authentication App” and tap “Set Up Manually.”
  5. Open Google Authenticator on your smartphone and scan the QR code displayed on the Instagram app.
  6. The app will generate a 6-digit code. Enter this code on the Instagram app and tap “Confirm.”

LinkedIn Credentials

To enable 2FA for your LinkedIn account using Google Authenticator, follow these steps:

  1. Log in to your LinkedIn account and navigate to the Account Security Settings page.
  2. Click “Turn on” next to “Two-step verification.”
  3. Select “Authentication App” and click “Continue.”
  4. Open Google Authenticator on your smartphone and scan the QR code displayed on your computer screen.
  5. The app will generate a 6-digit code. Enter this code on the LinkedIn page and click “Verify.”

Now you’ve taken care of the more popular services, start using 1Password to visit each site, and create a new password – make it as complex as possible. Not having to remember each password allows for long, complex, random and unique passwords for each site you visit!

Wrapping it all up in a pretty bow: By utilizing 1Password to manage your passwords and setting up two-factor authentication with Google Authenticator for your online identities, you can significantly improve your cybersecurity and keep your personal information safe from cyber threats. Start implementing these best practices today to enjoy a more secure online experience.

Yes, 1Password has a subscription cost, but when you break it down its about $35.00 USD a year – a cheap option for peace of mind.

Sharing is Caring

Related Posts

OWASP Security - three monitors one malicious choose well
Computing

More OWASP fun with ChatGPT

Continuing to mess around with my research into things I can do with the ChatGPT-4 Large Language Model and training developers on some basics of the OWASP Top 10 secure

Read More Ā»