These good hackers have more than a few tricks up their sleeve
You’ve cleaned out your computer and secured important files – now what? Keeping your digital identity secure doesn’t end there.
As the 11th of February marks Safer Internet Day, it’s only wise to retrace your online footprints and determine where and how cybercriminals might follow your trail.
We’ve asked hackers (the good ones) for tips on how to keep identity thieves and fraudsters from tracking you down and prying open the locks on your accounts.
Get a password manager
“I use a password manager to store my passwords – it also generates them for me, which saves me [time and effort] coming up with new ones,” shared Katie Paxton-Fear of HackerOne.
British hacker Tom Hudson also recommends using the tool and creating a unique password for each of your accounts, preferably ones “auto-generated by your password manager.”
Know how and where to leave ‘clues’
On top of using a password manager, Paxton-Fear said she also jots down clues to her password on a piece of paper.
“I know it sounds super insecure but, for some passwords, I write down a hint,” she said. “It’s better to have something written down physically than stored digitally anywhere other than a password manager.”
“Obviously, I keep these written password hints in a safe location, always on my person, and keep good physical security measures – not writing what the hint is for or taking pictures of the hint.”
Enable multifactor authentication
Fredrik Alexandersson, a Sweden-based hacker, also struggles with remembering passwords. It doesn’t really matter to him which password manager one uses “as long as you use it in combination with two-factor authentication,” he said.
Multi-factor authentication adds another layer of security, both Paxton-Fear and Hudson suggest.
This means using two or more methods of confirming your identity and access to an account – whether it’s through a password and another security code; a password and a fingerprint scan; or a password and a physical key.
The logic is simple. “If a password is compromised, the account does not also become compromised,” Paxton-Fear explained.
Hudson, for his part, suggests using non-SMS-based methods, such as Authy or Google Authenticator, for receiving your additional security code.
Also use the ‘notify me’ service on haveibeenpwned.com “to help identify when your account details might be compromised,” he said.