It seems to be coming up more and more, both a topic at the water cooler and the nightly news (and when I say “nightly news,” I really mean the articles all your friends post that show in your Facebook feed). What’s the topic? It’s online security!

Just in the last month, we’ve learned about the “Heart bleed” vulnerability and some hacker highjacking a baby monitor video camera (it’s freaky enough of a thought to have someone spying on your family with a taken-over web cam but the even freakier infrared photos I saw on facebook, ya gotta admit, were sure to elicit clicks to the story – I’m talking about the one with the baby looking right at the lens in the dark, with that night-vision-eyes-with-big-lights-in-the-center-of-the-pupils-giving-disturbing-feelings look. Well played, original Facebook poster. Well played.)

What’s the sunny side to all this anxiety? Well, it gets us discussing these very worthy and helpful things.

So what I’m about to give you is just three digestible things you can do right now to step up security and increase your peace of mind.

Actionable Thing No. 1: For the love of all things glorious and holy, please, pleeeeeeease…

Make your passwords difficult

Now you can research this on the web and find all sorts of people giving you tips on how to do this. My recipe? Mix these four ingredients: UPPERCASE LETTERS, lowercase letters, numb3rs, and speci@l charac#ers.

Not to get too deep into your inner geek here but think about it – If I said, “I’m thinking of a one-digit number. Guess it.” You’d have a 1-in-9 chance of getting it right. (1-in-10 if I included “zero”)

If I said, “I’m thinking of a letter. Guess it.” You’d have a one-in-26 chance of nailing it. Not too bad of odds. I’d play the lottery more with those kinds of odds.

Now… think of a four letter word. Get your mind out of the gutter. Let’s talk math. How many combinations are there?

Well. 26^4 = 456,976 (and that’s IF you allow a letter to be used more than once)

That sounds like great odds, right? For security – I mean, what are the chances that someone would sit at a computer and try to figure out a four letter password?  Not very high, right?

Here’s where you’re gonna feel really smart. It doesn’t work like that. People don’t sit down to hack your Facebook account like that so they can spam all your friends with tagged posts featuring discount shoes.

People use tools! They use scripts. They use apps. They do all this on their smart phone.

A script can run thousands of combinations on that passwords in seconds, not days.

Now how do you feel about those odds?

So… make ’em hard. Use all four “ingredients” and draw it out for at least 12 to 20 characters!

Bonus: St@y @way fr0m th15 technique too.


If you thought of replacing an “E” with a “3,” (clever, eh?) then don’t you think some brilliant coder is going to program that into his script?

Double Bonus: Does your email have Two-Factor Authentication? Turn it on, especially for your work mail. You’ll get a text message with a short set of numbers that you’ll need to login. (Gmail, Dropbox, Facebook, Apple, PayPal, Yahoo!, Amazon, Microsoft users…  you have it). I personally have it set to do this every 30 days… or whenever “the system” recognizes that I’m at a different computer.
Triple Bonus: Avoid using the same password for all your accounts.

If you’re asking my opinion, don’t use the same random-difficult password for more than one! It’s not so bad. There are apps available so you don’t even need to remember them.

Actionable Thing No. 2: It’s going to add 12 seconds to your day but…

Just Lock Your Phone.

Locking Your Phone Is Easy SecurityNo one plans to mess up. No one woke up this morning and purposed themselves to go out into the world and fowl up some way … to trip down the stairs, to forget their lunch or…  to lose their phone (or have it stollen).

So it’s a small step you can do right now. Go to your phone’s settings. Look for it. On the latest iPhone, the setting is labeled “Touch ID & Passcode.”

Other Android Phones have that connect-the-dots feature. Whatever. Just use it.  It’s cheap insurance.

actionable thing no. 3: Ever said to your kid, “You don’t know where that thing’s been! Don’t touch that!”

So, especially regarding emails…

Don’t Click (or Touch) links that you don’t know where they’ve been. 

Or … to be more accurate, “where they’re from.”

Ok, so this one’s more ‘preventative’ than anything but a worthy contender of this short list. These guys out there are getting good. Really good – by the day, it seems. At the origins of that spoof email that is scaring you about your PayPal or Chase account closing down within 48 hours blah blah blah… just don’t fall for it.

“Get Your Geek On” time: Know how these work?

You click on something

A very reputable and trustworthy-looking page comes up asking you for your login and password

You fall for it… you enter them (I mean the page looks “reeeally trustworthy”)

That info gets sent to a bad guy’s database. He (or she) has your info.

You might even get sent to a resulting ‘confirmation’ page to keep you from thinking anything about it.

Here’s a trick.

Beware. If you believe you are on the remedial end of the tech scale, just skip this.

  • But (on an iOS device) touch-and-hold that link, see that URL (web address) that pops up (along with the prompts to  “Open,” “Add to Reading List,” or “Copy”)?
  • Or on a computer, right-click > Copy Link Address. Pull up something benign like Note Pad or Stickies > Paste it.

Does the resulting URL in either case LOOK like it came from PayPal? Or does it have something fishy like “cheap-cialis” in the URL?

See? They’re tricky, aren’t they?

Don’t you know most everyone sending you emails anyway? Even if it’s a place like ours – some value-providing service provider – you’ve most likely come across it or can at least make the connections why a particular vendor may be reaching out to you [given the particular industry you’re in].

Bonus: Just know it: PayPal, Chase, Bank of America, Your local bank… no financial institution will EVER ask for such sensitive data in an email. At best, they’ll prompt you to call – so they can verify you (and they won’t ask for your account number, so beware if you’re prompted for such sensitive data right off the bat). And even then, they will NOT ask for your full social security number (that’s why we have those “Childhood Pet” security questions).

So there it is. The three things you can do (or start doing) today.

  • Change your passwords to something lengthy and difficult.
  • Lock your phones and tablets.
  • Take much caution and skepticism with email links.

It’s a little bit of cheap insurance but … isn’t your information worth it?

Leave a Reply