I like to think of myself as pretty up to speed when it comes to online security.  I use a VPN, don’t conduct any banking or other sensitive transactions on public wi-fi, use two-factor authentication whenever I can and I use a password manager.  In spite of all the precautions I take, my information is still vulnerable.  Why?  Because companies sometimes don’t do a very good job of securing users’ data.  

I found this out firsthand last week.  I am a casual gamer (mostly console), and I received an email from a gaming company I have an account with stating that my account had been temporarily locked due to too many unsuccessful login attempts.  I immediately start doing a mental inventory in my head: what, if any, banking accounts I have connected to my login (none, yay!); was the company recently a victim of hacking (yes, ugh); was my password compromised (no, just email addresses according to a report in March); should I look at any other of my 100+ accounts (probably not, since this seems to be a targeted hack at the company).  

After a brief minute or so of reflection on the frailty of man’s existence in this cold, cold world, I decided that I need to log in once my account was unlocked, change my password, and enable two-factor authentication on the account, a feature that I was unaware they had until recently.

After doing some house cleaning, I was good to go.  

So, what lessons can the not-as-paranoid learn from this?  As a consumer of the Internet, you need to assume that you will get hacked sometime in the future.  Count on it.  Once you start from that perspective, there are a few key things you want to do, and these are by no means all inclusive:

1. Enable two-factor authentication on any account you can.  Google, Apple, Facebook, and others provide this as an added security feature.  With it, a hacker must have access to your computer, phone, secondary email address, or authenticator app in order to login to your accounts.  Using email and a password isn’t enough. 
2. Use strong passwords, change them regularly, and don’t use the same passwords for multiple accounts.  PLEASE don’t use any permutation of “password”, 12345, ilikesportz, nothingcompares2.  Use alphanumeric passwords that have a combination of uppercase and lowercase letters, numbers, and a special character.  Keep in mind that not all sites have stringent password requirements, so you need to assume responsibility for your password’s security.  Using a password manager like 1Password is an excellent way to create and store unique passwords (Remember my 100+ accounts? I use 1Password to help me remember all of those lovely strings of gibberish that I call my passwords).
3. Refrain from using actual personal information in your secret questions.  Hackers often will try to scrub social media accounts to obtain this kind of information.  The less truthful your answers, the better.   I tend to use nonsense answers like “Chalupa” when asked “What’s the middle name of your first child?” or “Burkina Faso” when asked “What is your mother’s maiden name?”.  Nobody is going to guess that.  Again, a reputable password manager is a great way to keep notes on these kinds of things.

Security online is becoming more and more important as we give companies increasing access to our data.  Don’t assume that companies are keeping your usernames and passwords safe; security is a moving target and companies are often unwilling to spend what is necessary to be proactive.  Taking a few extra minutes to better secure your information will save you a lot of headaches in the future.