A Few Things You Must Do
If you do nothing else, VERIFY. If you receive an email out of the blue, notifying you of an "urgent" need to change your password or access your account by clicking on a link, don't click on that link. Even if it looks legit, like it came from Amazon or Netflix, those are easy to fake. This is known as "phishing" and it is a way to get you click on a link that then installs malicious software on your account or prompts you to provide credentials or personal information.
If you receive an email urging you to check or change your password and it provides a link, don't click on it, and instead just go to your account and change your password from within the account. Verify. Verify. Verify.
Get into the habit of verifying everything, and take these next few steps.
#1 Have you already been in a breach?
It is very easy to know if your email, password and personal information has been exposed in a breach. Visit monitor.firefox.com and enter your email into the space. Check the box if you want to be notified if your email is in future breaches (recommended).
We recall the days leading into the 2016 election and the damage done through the slow leak of stolen emails. We don't want that to happen again. And now we are heading into the most important election of our lifetimes.
Since the pandemic, the FBI has reported a 300% increase in cybercrime. We are online more than normal and much of what used to happen in person now takes place through screens. In other words, we are sitting ducks for cybercrime.
Is cybercrime easy? For some people, yes. Very easy.
View the report. What if you have accounts that have been breached?
Change the password for the account(s) immediately.
Have you used that same password for other accounts?
If yes, then change each of those passwords so that each has a unique password (see next step).
Repeat these steps for all of your email accounts.
#2 Use strong unique passwords for each account.
We use unique keys for unique locks on our houses. It's the same thing. When an account is compromised, your email and password becomes exposed. If you use the same email and password combination for multiple accounts, then hackers have access to those other accounts as well. Because many people tend to the same username/password combination, malicious actors can then use the same combination to access multiple different types of accounts.
When using unique passwords, we recommend strong passwords. The longer the password, the stronger it is. The password "November2020" is stronger than 7!G2k17t because it has more characters. The password "I will vote this November." is even more secure. That said, I would avoid references to this November's election, well, just because. If you have questions about whether your password is strong enough, you can check here: https://howsecureismypassword.net/
How do you keep track of all of these unique passwords? That's next.
#3 Use a password manager or password vault.
This is probably the single biggest change to your daily routine, but once you start using a password manager, you will wonder how you ever got by without one. A password manager encrypts and stores all of your unique passwords. Most are then accessed using one very long password (pass phrases are especially helpful here).
Here are a few of the most popular (and usable) password managers:
This LastPass walk though is helpful for getting started
These instructions include video tutorials for getting setup.
This video explains why password managers are important.
As mentioned earlier, the password manager is likely the single biggest change. If you do choose to setup a password manager, then it is highly recommended that you setup two-factor authentication for that password manager account.
#4 Turn on two-factor authentication (2FA) for your email account and other services.
Even though this is the last step, that does not mean it should be ignored. 2-factor authentication (2FA) is the easiest way to keep yourself safe even if your account has been involved in a breach. 2FA is often a setting that you activate in your account.
When you add 2FA t your account, you add a layer of protection. Further, this layer of protection usually involves using a physical device, your phone. While 2FA doesn't guarantee 100% safety (nothing does), this extra layer is generally enough to keep hackers out.
If your email account is through work or an organization, then ask the admin or IT person to please "turn on 2FA" for you. Most businesses it require it these days. And if yours doesn't it is a good question to be asking your IT person.
The Authy guide allows you to search on 2FA for many services. Here are some direct links to services that many people are using:
For AOL users, there are instructions in AOL Help for applying 2FA. Facebook offers 2FA, and provides instructions in their article, What is two factor authentication and how does it work on Facebook? Twitter also provides instructions in the article, How to use two-factor authentication article in their Help Center.
If you aren't sure whether a service you use allows 2FA, type the name of the service and "2fa" into Google and you should get your answer.
This article, Please Turn On Two-Factor Authentication, from lifehacker explains why 2FA is so important.
If John Podesta had used 2FA and verified the email he received prompting him to reset his Google password, hackers would not have accessed his emails. That could be any of us.