Privacy Protection Strategies

This month I am finally returning to my series on privacy and protection. In February we discussed who wants your data, what we need to protect, and why we need to protect the data. This month I want to present some strategies for securing and protecting your information.

Use Strong Passwords

The first strategy is to use strong passwords. A good, strong password is longer than 12 characters and uses number, symbols, and a mix of upper- and lower-case letters. Passwords should be different for each web site and updated at least once a year. Some techniques to create good, strong, and easy to remember passwords most recently appeared in the January 2020 column.

Use Multifactor Authentication

Multifactor Authentication (MFA) adds another layer of security to your login credentials. Normal authentication requires that you provide a user-id and a password as your login credentials. MFA requires additional proof as part of the login process. The most common MFA tools today are receiving code on your cell phone and entering the code into the login screen or using an authenticator application like Google Auth or Authy to generate a one-time passcode again entered into the login screen. This technique proves that in addition to your primary credentials you are in control of a device you are known to own.

Other MFA mechanisms include responding with a fingerprint to a notification sent to your phone or simply responding to a phone notification that you are trying to login. Fingerprints prove that you can unlock the device known to be owned by you.

Account Recovery

Sometimes a password is forgotten even when using a password manager to help remember passwords. Most systems offer some form of account recovery. This is a necessary but dangerous thing. Make certain that you always have at least two private email accounts on different services. The extra account can often be used to recover credentials from other accounts. Create email accounts on multiple services (like Gmail, Outlook, Yahoo, and AOL for example) in case one service isn’t available when needed.

Many systems will ask you to provide answers to questions that only you should know. Questions like what was the name of your first pet or favorite teacher. This is actually a very poor security practice, as the questions and answers are often the same on multiple sites and are often not protected like passwords. To keep the systems bad practices from putting your accounts at risk, I suggest you make up answers to these questions. Based on the name of the website, select from a list of animals for pet names, trees for street names, or flowers and fruits for people, for example. So, when Amazon asks me for a pet name, I might reply alligator, or if Facebook asks me for teacher, I might say forsythia.

In Closing

I may go into more detail about using lists for security questions in a future column, but for now, stay safe and protected.