- Use a password manager. One of the worst things you can do is to use the same password over and over again. Another no no is to use passwords that are easy to guess, e.g., Password or 12345 or even something you think is clever like P@ssw0rd. I know a number of people who create good passwords and write them in a book. Okay, if that works for you. I exhausted my good passwords years ago and now suffer from password overload. One of the benefits of a password manager is that they create randomly generated secure passwords for you on demand. And they can be accessed wherever you are so you don't need to generate a new password when you're traveling and the app you need for your hotel reservations has mysteriously forgotten your password. Your trusty password book is a thousand miles away and seemingly your only option is to do a password reset and hope that all works out in a timely fashion.Of course, you will need a good strong password for your password manager - preferably a phrase you can remember.
- The Best Password Managers for 2019 PCMag - this is a review of paid services
- The best password managers for 2019 and how to use them CNET - offers free and paid options
Two factor authentication can take a number of different forms. The least secure is a text, phone or email message giving you a code you need to enter into a form as verification. The reason it's the least secure and effective is that if you're being targeted, there's a good chance the culprit trying to gain access to your accounts may have already accessed phone data and/or email. There are authenticator apps. I use one from Google. It continuously generates random number combinations. Of course, if you lose the device where the app is, or you don't have Internet access, you're out of luck. In addition there are physical devices or fobs. We have one for the state that works like my Google authenticator constantly generating random numbers. There are also fobs that act as keys. You plug them in and they unlock access to devices, apps, websites. The downside here is that you always have to have the fob with you.
- Two-factor authentication: How and why to use it - more information from CNET including how to set it up on a number of frequently used sites
But one should make the leap eventually. Major releases often include major fixes for bugs and security flaws. And the more incremental periodic updates throughout the year should just be downloaded and installed automatically. These include patches to serious security vulnerabilities. You don't want to wait on these.
Microsoft saves up most of their updates for a monthly "Patch Tuesday". This is generally on the second Tuesday of the month. This is when Microsoft rolls out updates for Windows, Office, Internet Explorer, etc. It is not a features update that one needs to be concerned about but rather important security updates and tested bug fixes. But you should also note that if the security update is important enough, Microsoft won't wait until the second Tuesday but will release it as soon as it becomes available.
Automatic updates are the easiest way to make sure that your devices have the latest security and bug fixes for your computer, phone, tablet.
But you may very well have other Internet connected devices that also need security and bug fixes. Your router is an important and vulnerable piece of hardware that is frequently overlooked. Be sure to change the default password and keep router firmware up to date. In fact, just about every IoT (Internet of Things) device is also subject to the threat of hacking and misuse: smart plugs, smart bulbs, smart TVs, smart thermostats, streaming devices (Roku, Amazon Fire TV, Apple TV), video doorbells (Ring, Nest), baby monitors, home security systems, voice assistant/speakers (Amazon Echo, Google Nest/Home, Apple Homepod), smart appliances (refrigerators, microwaves, crockpots controlled by apps via the Internet). Often times, brand names will update automatically. Or you can go into the app or visit the product website to download and install updates. Unfortunately, many of the bargain brands won't ever offer updates. Beware of those. As in many other situations, you get what you pay for.
- 9 Main Security Challenges for the Future of the Internet Of Things (IoT) - not to scare you but a good rundown of things to consider when shopping for and maintaining smart devices for your home.