Your online identity security can be a vital factor in your life. Your social security number, credit card information, and medical history can fall into the wrong hands if you’re not careful about how and where you share your data online. If you really care about your data, there are tools and techniques you can utilize to protect yourself from cyberstalkers, advertisers, and hackers in a time when digital lives are a high commodity.
Why Privacy & Security of Your Online Identity Matters?
While you may not have anything to hide, there are still many things in your digital and personal life you should want to protect. As it mentioned above, your online identity security plays an important role in your life. Your phone number, your computer, your smartphone, your online accounts, your bank accounts, your email address, your home security system, even your home. These are all items you’d probably want to secure with passwords, biometrics, and other tools made available to you.
In 2018, there were a number of significant data breaches. Collectively, they affected hundreds of millions of people worldwide, and you may have been one of them. Listed below are some of the biggest hacks of 2018.
- Cathay Pacific Airways: A data breach containing passport information, credit card numbers, and email addresses. 9.4 million users affected.
- Ticketfly: A hacker exploited a vulnerability in the website which led to a leak containing names, home addresses, email addresses, and phone numbers. 27 million users affected.
- T-Mobile: 2 million users affected. Hackers stole personal data belonging to T-Mobile customers.
- Facebook: Attackers gained access to millions of highly sensitive data. 29 million users affected.
- Google+: 52.5 million users affected. A bug in Google’s software exposed customer data to the internet. Fortunately, there were no reports of hackers discovering this vulnerability.
- Quora: 100 million users affected. A data breach that led to leaks containing names, email addresses, encrypted passwords, and data from user accounts.
Online Identity Security & Anonymity
You can easily terminate all of your personal accounts and use the internet as little as possible. That would create a small digital fingerprint. Actually, you should be able to enjoy the internet without completely sacrificing your digital freedom or forfeiting your digital identity to profit-driven companies like Google and Facebook. Now it’s time for you to follow these steps for having online identity security and becoming anonymous.
Best Security Practices
Everyone should learn the security recommendations in this category. These tips will not inconvenience most of you but will likely neutralize basic hackers. So if you care about your online identity security try to take these steps. Let’s start.
1. Use Two-Factor Authentication
Two-factor authentication (2FA) adds an additional layer of security to online accounts. You should enable it on as many websites and apps as possible. TwoFactorAuth.org has a comprehensive list of sites currently supporting 2FA, including Apple, Binance, IFTTT, Instagram, and Snapchat are just a few.
2. Don’t Give Away Your Info on Social Media
This is another step to improve your online identity security. Hackers can easily gather bits of personal information about you collected across all of your social media accounts. While posting your date of birth on one website and your phone number on another may seem harmless, hackers can gather and use that information to social engineer their way into other accounts you own.
- Phone numbers: A hacker with your phone number(s) can social engineer your cell phone provider into forwarding text messages to an anonymous number they own. This would allow them to bypass SMS-based two-factor authentication protections.
- Addresses: Your home, work, family, and friends addresses should never be shared online. Address sharing is as a convenience tool and it is. It allows your friends and family to easily find you during a meetup, but it also allows hackers to easily locate your geographic location with terrifying accuracy.
- Names: Hackers may use this information for social engineering attacks, identify theft, and other illegal activities.
- Photos: A hacker may decide to use your selfies in a catfishing scheme which can result in legal issues or public embarrassment for you and your family.
Generally speaking, submit as little personal data to social media websites as possible. If a particular website doesn’t absolutely require your real information to sign up, don’t include it.
Avoid strangers online. Try to avoid communicating or sharing any kind of information about yourself. Patient hackers and cyberstalkers will gradually be able to collect small pieces of personal information about you to compromise accounts or discover your home address. Remember, people can be easily social engineered and tricked into revealing their passwords and security question answers. Try to consider your online identity security and beware of cybercrimes.
3. Get Rid of Unnecessary “Friends” on Social Media
Some people keep too many “friends” on Facebook. We’re talking about friends of friends and people we’ve never met in real life. A hacker can easily engineer these interactions, attempting to infiltrate your private accounts.
Cyberstalkers on social media may follow you to track your whereabouts and activities. However, you may not always be the primary target. Hackers may use you to pivot to one of your children, friends, or relatives. Similarly, catfishers may follow you on online to steal your photos for fraudulent activities which could result in criminal charges again you.
As a best practice, take an afternoon to go through all of your social media accounts. Unfollow people you don’t actually know in real life and minimize the number of photos you upload to websites.
4. Use These Smartphone Best Practices
For having online identity security, smartphone security is a complex topic. For now, we’ll have a look at general best practices that may make it more difficult for hackers to compromise your mobile devices.
- Uninstall apps. Less is more. If you don’t absolutely need an application, uninstall it. Uninstall unused and shady applications immediately. It’s not uncommon for hackers to embed backdoors into Android apps and upload them to the Google Play Store. And it’s not uncommon for developers to have innocent apps that are later updated with malicious intentions.
- Turn off Bluetooth. If you absolutely need Bluetooth enabled, then, of course, use it. However, there are quite a few Bluetooth exploits in recent years. Bluetooth security is far from bulletproof. A number of critical Bluetooth vulnerabilities have been disclosed in recent weeks.
- Turn off location services. If an app doesn’t absolutely require your location to operate, turn off its access to your device’s geolocation. Or at least, turn it off as soon as you’re done performing the operation.
- Use stronger PINs and passwords. For physical security, don’t use short and easy-to-guess PINs or passcodes. Studies have shown the PIN “1234” is used by 1 in 10 people. This is a dangerous practice. Passcodes greater than 6-digits or passphrases containing letters and digits are strongly recommended.
- Use a VPN. They are available for both Android and iOS and encrypt all data traffic in a secure tunnel. It can be slower, but it’s well worth the extra security. It also masks your IP address so you don’t have to worry about companies or hackers gaining access to it. There are some downsides too, which will learn about in a couple sections.
- Use 2FA. Already discussed above.
- Use a password manager.
5. Use Password Managers for Strong Passwords Everywhere
At least 53% of the respondents confessed to not changing their passwords in the past 12 months. Despite news of a data breach involving password compromise.
This is an unfortunate fact that needs to change. The use of a complex password is vital to the security of your online accounts. If a website has its user database leaked to the internet, a strong password may prevent brute-force attacks against encrypted hashes. This kind of data breach can lead to the compromising of other online profiles you own and is often thwarted by complicated passwords and two-factor authentication.
If a website requires your mothers maiden name or first pets name as a security question, use a randomly generated string as the answer and store it in the password manager. Never use real security question answers. Password managers are great for this.
KeePassX is an open-source password manager for macOS, Windows, and Linux that allows anyone to easily secure their passwords and personal data locally. An attacker would need to first hack the target’s computer to compromise the KeePassX database.
If most of your web browsing is done on mobile devices, you can try a password manager like LastPass. With LastPass, your data is stored in the cloud, which can be dangerous. It’s still better than nothing.
6. Make Use of Virtual Private Networks (VPN)
VPNs will not make you anonymous on the internet. VPNs are far from a bulletproof solution but are recommended as a basic line of defense in this Easy category. In later categories where we can’t afford to trust their “no logs” policies, VPNs are not recommended. Below are some pros and cons readers should consider.
- Enhance security on local networks by preventing man-in-the-middle attacks.
- Access websites without revealing true IP addresses to websites administrators.
- Hide website activity from ISPs (e.g., torrent downloads).
- Bypassing ISP blocks, filters, and caps (in some cases).
- Provider knows who and where you are.
- Provider can log web traffic without your knowledge or consent.
- Does not make you untraceable or totally anonymous on the internet.
- Slower speeds (usually).
- Can be difficult to install and setup.
- Forced to place blind trust in the VPN provider.
VPNs can be beneficial in some cases. Most notably, they prevent ISPs and attackers on your network from manipulating and collecting your web traffic. The unfortunate side effect of VPNs is we’re forced to trust third parties (the VPN providers) over popular ISPs like Verizon. The upside to this is: we know for a fact corporations like Verizon don’t have the best intentions with customer data. With VPN providers, there’s a chance the provider we choose won’t share Verizon’s practices.
Free VPN solutions should be avoided as they may inject ads and crypto miners into customer web traffic. Gadget Hacks recommends Windscribe for iOS and Opera for Android.
7. Use These Router Security Best Practices
This the last step for improving your online identity security. Securing Wi-Fi routers can be difficult as they’re all designed with varying features and unique graphical interfaces. Instead of showing how to secure a single type of router, we’ll outline a non-exhaustive number of security recommendations everyone should adhere to.
- Update the firmware. Router companies often issue bug and exploit patches. It’s important to keep the router firmware up to date and have it check for updates automatically if possible.
- Disable remote administration. Some routers allow for remote access by default. Without knowing it, hackers may find your router on the internet and seize control of it.
- Change default passwords. Never use the default passwords. This goes for the Wi-Fi password other devices use to connect to the router, but also the admin portal which allows you to change sensitive router settings. There are many websites dedicated to sharing default admin passwords.
- WPA2 encryption. Only use WPA2 encryption. Weaker encryption options like WEP will leave your router extremely vulnerable to attackers.
- Disable WPS. WPS is a feature designed into most routers that are supposed to make secure access to your router without a password more convenient. Unfortunately, this feature is usually enabled by default and can be easily exploited by hackers.
- Be persistent. Change your Wi-Fi password every few months. It’s a pain to reset the Wi-Fi password on all your devices, but this tactic will keep hackers guessing … literally. If a hacker has captured a WPA2 handshake and spends several weeks trying to crack it, changing your password will render the captured handshake useless.