A dedicated writer and digital evangelist.
These days, reports of major data breaches happen so often that people are beginning to tune them out. After all, most people who have had their data stolen don't actually end up suffering any visible consequences. Therefore, it's all too easy to meet the news of each new security incident with a casual shrug.
The problem, however, is much less about what actually happens as a direct result of these breaches. It's more about what could happen. Imagine, for example, that you're about to settle in for an evening of words with friends. Upon opening the app though, you find that you can't log in. Then you recall hearing about a recent data breach involving the service. So what, you think, as you go through the password reset procedure – except that now you can't get into your email account either.
As it turns out, you've forgotten that you had the same password set for your email account as the one that was stolen. By the time you run through a mental list of other places where you've used the same credentials and remember that you've used it for your online banking access too…
The point is, every data breach brings millions of users closer to a digital reckoning they'd rather avoid. And with the average American maintaining up to 130 online accounts at any given time, everyone's at risk. The good news is that there are some pretty simple ways to decrease the odds of becoming a victim. Here's what they are.
The first step in the process of protecting yourself online is to get rid of as many unnecessary accounts as you can. If you present a smaller attack surface, you'll have less to remember and fewer places you need to defend. Get started by refreshing your memory about any accounts you may have forgotten about.
Go through your emails to see who's sending you "we miss you" emails trying to get you to log back in. Then, go through this handy list of popular online services to find others you may have subscribed to (it even tells you how to delete each type of account).
Finally, do some Google searches of the usernames you commonly use – you may be surprised at how many results you get.
Although most people know by now that reusing passwords is a bad idea (but do it anyway) most don't realize that reusing usernames is almost as dangerous a habit. In fact, using different usernames for each account is almost as effective a defense as using different passwords.
That's because it's not at all uncommon for websites to store usernames in their backend databases with little to no encryption or obfuscation. If you use the same username all the time, a determined attacker can use it as a roadmap to finding all of your other accounts – just like you did in the previous step.
If you're unlucky, they may locate an account with poor security, and use it as a springboard to getting access elsewhere.
Although more and more websites now offer two-factor authentication (2FA), a shocking number of people never bother to turn it on. From a personal security perspective, this is an act of gross incompetence. Google's own data proves that 2FA can prevent the vast majority of account takeover attempts.
With that said, you'd be insane to not turn it on. So, your next step is to visit this database of sites that offer 2FA and turn it on in as many of your accounts as possible. Then email the rest and ask them what's taking them so long to offer what should now be a standard account security feature.
The last step is to recognize that you're bound to slip a little bit into your old poor security habits. By this, I mean there's a pretty good chance that you'll go back to signing up for every website that asks you to and end up with another unmanageable pile of accounts.
To minimize that eventuality, make it standard practice to use disposable email services for accounts you know you probably won't use again. Then, use a random password generator to make sure whatever password you use has nothing to do with any other account that's actually important to you.
If you feel it necessary, keep a list of the username and password combinations in an encrypted file in case you need them. If you forget one, you can always sign up again, but it's a safe bet you won't ever know you've forgotten an account in the first place.
I think that any reasonable person would agree that the steps mentioned here aren't difficult. They represent a tiny effort to take back control of your digital life and keep it safe from would-be attackers. The best part is that once you get things under control, it's very easy to keep them that way.
The bottom line is this: you have the power to keep the near-daily data breaches from becoming very real problems for you. So what are you waiting for?
Images licensed via the contributor's Adobe Stock account by Rawpixel.com, rcfotostock, antoniofrancois, and Africa Studio.