Preventing account takeovers
Each day thousands of accounts are compromised by hackers and bots crawling all over the internet. This has many obvious repercussions for the owners of these accounts as they could: lose access to their data, be victim to identity fraud, could lose their finances, have their data sold on the dark web etc.
This happens a lot since many of us prefer convenience over security. Companies also do quite a bad job at teaching their users about security basics. Securing accounts doesn’t take as much time as people might think and in this blog I’ll go over how to prevent your accounts from becoming compromised.
Firstly, lets go over our passwords. There are a few rules to follow to ensure they are nice and secure. If you would like to see how passwords are generally broken check out my other blog post (https://0xdaniooo.medium.com/creating-secure-passwords-fabc9a9b3074).
A few simple password rules to follow are:
- Having a different password for every account, website etc
- Using long complicated passwords
- Using a mix of lower and upper case characters
- Using special characters and numbers
As you can see, following these rules can lead to some inconvinience when you take into consideration how much time it’ll take to create these passwords and then store them somewhere safe. The good thing is you don’t have to do much work when you bring a password manager into the mix which is the next thing that we’ll explore.
Passwords managers have become great apps to have on your device in the latest years due to how much they offer to their user. My personal favourite is the Myki password manager (not sponsored to say this).
It offers quite a lot of great functionality such as:
- Securely storing all your passwords
- Generating strong passwords
- Fully free for regular users, allowing you to store as many accounts as you wish
- Offers secure notes to store your data inside them
- Information isn’t stored on the cloud, everything is local
- Autofill on websites via browser extension
- Syncing across all your devices
Using a password manager like this means you can generate your passwords inside the app and have it kept securely without having to write it down anywhere which greatly saves time the more accounts you have. The additional features are also great bonuses that can make life easier for you.
So you’ve now got a secure password but we’re not done yet. If a hacker found your password in a data breach they would be let in without a problem which is where Two Factor Authentication (2FA) comes in. This provides an extra layer of security as you need to provide this special code after a successful username and password match.
Think of a bank card, someone might be able to steal that but without the PIN (second form of authentication) they wouldn’t be able to use that card in an ATM which is exactly what 2FA does. Even if a hacker gets your password, they will need to enter this code to get any further.
Setting up 2FA is quite easy and can usually be done from the security settings on the app or website. The common form of 2FA is to have an app which holds all the codes for you however you can also purchase special hardware keys such as Yubikeys which are even more secure (as they are physical objects).
Two factor authentication can be done easily with Authy. To generate codes for the app, you either scan a QR code or enter a code which then matches the Authy app with your chosen account. Afterwards the codes will update every minute based on a special mathematical calculation. This also means you can use the app when offline.
Important: Make sure you write down the recovery codes for the accounts you add incase you lose accesss to your second form of authentication. This can be done in many password managers inside the notes which keeps them secure and at hand.
Now that your account is secured let’s make sure to keep the security up to date. This means changing your passwords every few months or a year to ensure whatever passwords might have leaked to the dark web are no longer in use. It can also be useful to check the Have I Been Pwned website where you will be able to enter your email, phone number or even password to see if there are any information leaks online.
If you follow the advice featured in this blog, you should be pretty safe from account takeovers in the future. It can be quite an inconveniance to do all this work but it’s a neccessary task if you wish to avoid having to rescue your account from a hacker online. Hope this helps you keep your accoutns stay safe :)