Four Ways to Protect Yourself Online

This article originally appeared in the February 2017 issue of The Florida Writer, a magazine by the Florida Writers Association. They hold their conference in Orlando every October, and Erik will be giving talks on blogging for writers and humor writing.

Twitter was down for a lot of the Northeast during the Florida Writing Conference this past October (2016). In fact, a lot of streaming and Internet sites were down, including Spotify, Netflix, and even The New York Times.

That’s because a major Internet hub was hit with a DDOS attack — a dedicated denial of service, pronounced DEE-doss — which tied up a major portion of the Internet on the East Coast. In short, some “bad actors” (what Internet security people call the bad guys) were sending massive amounts of data to that one particular hub. Imagine the Three Stooges all trying to go through a door at the same time.

It coincided with a question I got during my personal branding talk at the 2016 Florida Writers Association Conference.

Cybersecurity image of a padlock over a screen of jumbled text. TaskRabbit was hacked by cybercriminals, so we thought this was an appropriate image for an article about how to protect yourself online.“How do you protect yourself online?” a woman asked. Unfortunately, we didn’t have time to discuss it — I could have spent an entire hour on that subject — so I thought it was worth an article here instead. Here are four ways you can protect your blog, your social media accounts, and even your personal safety online.

1. Use a Password Vault to Generate Random Passwords

A lot of people use simple, easy-to-remember passwords, which can be broken by a hacker’s software in a few hundredths of a second. That means you need complex passwords that are difficult to figure out, but those are hard to remember, especially if you use a different password for each account (which you absolutely should do).

That’s why there are apps that will not only store your passwords, they’ll automatically log you into your accounts. That means you can use complex, nearly-impossible-to-crack passwords without ever having to remember them.

I use 1Password, although LastPass and KeePass are also options. I like 1Password because it operates on Mac and Windows, and works on multiple devices, including my laptop, mobile phone, and tablet, and on every web browser. And I can generate 20-character passwords that use lowercase and capital letters, numbers, and special characters, which look like *8)R83CRD[$3cuZGq.

I can also use it to string together four random words instead, which is easier to retype, should the need arise. I generated manpower-lite-feather-pacific for this example, and checked it on a password strength calculator.

According to GRC.com, manpower-lite-feather-pacific would take “7.32 hundred trillion trillion trillion centuries,” at 1,000 guesses per second, to crack (most hackers can only guess a few hundred times per second). And *8)R83CRD[$3cuZGq would take “1.34 billion trillion centuries.” (Check out www.grc.com/haystack.htm if you’d like to test your own passwords.)

2. Turn on Two-Factor Authentication Everywhere

You can also ask for additional protection on certain websites, in case someone ever actually does hack into them. That additional protection is a 6-digit numeric code that is texted to you when you log in to that website. It’s a random number, and is only used once for that particular login. It will even expire after a few minutes.

Services like Gmail, LinkedIn, Twitter, Evernote, Apple’s iCloud, iTunes, and even GoDaddy all use two-factor authentication.

When I log in to my Gmail, I’m immediately presented with a dialog box that asks for my 6-digit code. I grab my mobile phone, and within seconds, the 6-digit code has been sent. I enter it into the dialog box, and I’m finally allowed in to my Gmail. That means if someone ever does guess my password, they can’t get past the second factor. This is important, because if someone were to control my Gmail, they could use the “Forgot My Password” feature on every service I belong to, and dismantle my entire life.

3. Never Share Deeply Personal Information

We all like to tell our friends when we’re having fun, so we can rub their noses in it. We share photos of us on vacation, at dinner, at the beach. But you may want to consider who else can see your updates, photos, and personal information.

Just by looking at your social profile and your various photos, people can tell when you’re away on vacation, as well as where you live, while other people are just concerned for their personal safety and people finding out their whereabouts.

To that end, I always recommend the following:

  1. Never share photos while you’re on vacation, only afterward. Don’t tell people when you’re not at home for an extended period of time.
  2. If you live in a smaller city, and don’t want people to know where you live, list a bigger nearby city as your hometown in social bios. For example, if you live in a Louisville suburb, just put down that you live in Louisville.
  3. Don’t share photos of fancy or expensive gifts you received. You don’t want to give thieves a shopping list.

4. Keep Your WordPress Blog Secure

If you host your own WordPress blog on a third-party server, pay careful attention to your security. Your host will manage their server’s security, but you’re responsible for your own blog. (If you use WordPress.com, they’ll manage all security for you. Just make sure you have a solid password!)

There are hundreds of security plugins to keep your WordPress blog secure. I prefer Limit Login Attempts, which will block IP addresses that try unsuccessfully to log into my account eight times, and they’ll email me about the attempted break ins.

Next, I’ll copy that IP address, and then add it to the list of blocked IP addresses in WP-Ban. This permanently bans future login attempts from that IP address, which shuts out any “zombie attacks” — infected computers that are programmed to attack other computers.

Finally, delete the Admin account on your WordPress blog. When you first create a WordPress blog, the default account is called Admin, and it’s usually the account hackers try to break into.

When you first set up your WordPress blog on your server, create a new administrator account with your name. Then, go back and delete the Admin account. That way, hackers can try and try for “7.32 hundred trillion trillion trillion centuries,” but they’ll be knocking on a door that doesn’t even exist.

It’s easy to protect yourself online, thanks to the available tools and best practices the experts have created. The hard part is remembering to stick to them and make them a habit. But if you can follow these steps, you can better protect yourself and your loved ones from an otherwise-unsecure Internet.

Photo credit: TypographyImages (Pixabay, Creative Commons 0)

Sorry, no related content found.

Be Sociable, Share!
    0 Shares
    About Erik Deckers

    Erik Deckers is the President of Pro Blog Service, a content marketing and social media marketing agency He co-authored four social media books, including No Bullshit Social Media with Jason Falls (2011, Que Biz-Tech), and Branding Yourself with Kyle Lacy (3rd ed., 2017, Que Biz-Tech), and The Owned Media Doctrine (2013, Archway Publishing). Erik has written a weekly newspaper humor column for 10 papers around Indiana since 1995. He was also the Spring 2016 writer-in-residence at the Jack Kerouac House in Orlando, FL.