No matter how many measures you take to protect your personal information, the unfortunate truth is that no computer is truly safe. Any device that connects to the internet is theoretically vulnerable to being hacked, which means everything from your bank account to your credit cards to your social media accounts could be compromised, if your personal data were to fall into the wrong hands.
Lucas Apa, a hacker and penetration expert with Seattle-based security company IOActive, says “nothing can be 100 percent secure. Because technology isn’t static. New technology emerges faster than security experts are able to find and remediate vulnerabilities.”
Thankfully though, technology has adapted to these scary times, and there are plenty of measures you can take to protect your online (and offline) accounts. So although there’s always some chance a bad-intentioned hacker (or you know, the NSA) could get their mitts onto your email address, texts, and social media, things like password managers and two-factor authentication are concrete steps that even tech-phobes can (and should) take to secure their online activity.
Complex spoke with Apa, who shared several security recommendations for how to keep your devices, accounts, private information safe online:
1. Choose a secure messaging app
From WhatsApp to Facebook Messenger, there are many options for sending messages to friends, family, and colleagues. But which is most secure? Apa says the best messaging app consumers can use right now is the encrypted messaging and voice calling app Signal.
Because Signal’s security protocol is open source, independent experts can play with the protocol and find vulnerabilities that could allow hackers to grab messages and files, Apa tells Complex. And unlike other messaging apps, Signal does not store any messages or files on their servers. So even if their servers got hacked, there would be nothing to find. This also means that messages and files sent through Signal are safe from the government—the only data stored is a timestamp with the last time a person connected to the app.
WhatsApp fails on the storage front, according to Apa. “When information is stored on servers, they can be obtained by federal authorities. The messages are stored automatically through iCloud or other syncing methods,” meaning your messages are still out there on the app’s server. WhatsApp also stores contacts, which could also potentially be summoned. Facebook Messenger fails, too, save for the "secret conversation" mode.
So if you want to make sure nobody can access your messages and files sent through a messaging app, skip Facebook and WhatsApp altogether (or at least for really sensitive information), and download Signal.
2. Get two-step verification for your email
If your server offers it, Apa recommends adding two-step verification to your email address. While a password can be obtained through other means (such as phishing), a second step password is a random set of characters sent directly to your personal device, which means an attacker would need both your email password and your phone, tablet, or laptop to access your email account. Adding two-step verification only adds a few seconds to your log-in process, and could potentially save you a lot of trouble if a hacker tried to get your emails.
3. Check who's been accessing your account
Security measures aren’t perfect, so while Gmail, Facebook, Twitter, and other companies have plenty of their own protocols in place, it's smart to add your own. “Because security features that users can modify and activate [in social media accounts and email] are limited, it’s a good idea to check the access logs on personal accounts,” Apa explains. In other words, make sure login records match your own activity. If there’s an IP address or timestamp that doesn’t look familiar, it could mean someone other than you accessed your account, and you should change your password ASAP.
4. Have a strong phone passcode
Speaking of passwords: not only do individual accounts need strong passwords, but Apa says that choosing the right password for your phone or tablet is also vital. If someone steals your phone, a 4-digit password is going to be easier to break than a 6 or 10-digit password (as long as it's not something predictable like 111111), so it’s a good idea to opt for a longer one. Apa says that a 6-digit code should be sufficient, but there’s no harm in using the maximum amount of digits your phone allows.
5. Use trusted devices
“Avoid logging into private accounts from public computers,” such as at the library or school computers, Apa advises. “Many times people get hacked because attackers can install keylogger software [software that tracks keystrokes on a device] on public computers, and within a couple of days, tons of passwords can be obtained.” If you have to check your email or Facebook away from a trusted device, consider updating your password later that day, so that even if your password was obtained by someone else, they won’t be able to use it to gain access to your accounts.
6. Seriously, for the love of God: Choose a strong password
As we all know, a number of celebrities have paid the price for choosing weak passwords in recent months, including Facebook CEO Mark Zuckerberg, whose Twitter and Pinterest accounts were hacked in 2016 after hackers cracked his lackluster password: “dadada.” Zuck should know better—and so should we. A strong password is key for protecting private data. Further, Apa says that passwords should be one per account: “Don’t use the same password for Gmail that you use for business email or social media. If you have the same password for one account and you get hacked, hackers will use that same password to try to access other accounts.”
If you have a hard time keeping track of a long list of complex passwords, Apa suggests installing a secure password manager such as KeePassX. We should also update all of our passwords periodically.
7. Install encryption software
Lastly, Apa says that anyone can and should install encryption software on their computer(s). By encrypting the files and date on your computer, this software makes it difficult for attackers to access information stored locally on your device. For Windows, Apa recommends Blocker, and FileVault for Macs.