Hackers are developing more and more complex techniques for breaking into devices and networks, but for the most part, the latest and greatest hacking strategies aren’t what works. Rather, good, old-fashioned, easy methods are what hackers use to gain access to the average user’s data — methods like phishing, man-in-the-middle attacks and packet sniffing. These techniques aren’t particularly high-tech; instead, they rely on users’ poor security knowledge and laziness.
Thus, by arming yourself with information about security — as well as a few security programs worth your time and money — you can effectively combat the most common types of digital threats. To that end, here are some security secrets hackers use to infiltrate devices and networks, which you can use to protect yourself into the future.
Public Hotspots Are the Least Safe Locations for Devices
As productive as you might be when you set up camp at a coffee shop, you probably don’t want to connect your precious laptop and smartphone to that public Wi-Fi. Whenever you are connected to a network, other devices on that network can access your device with relative ease. That means any malicious actor (read: hacker) in the vicinity of that coffee shop can get into your laptop and smartphone, plant malware, pilfer data and more.
They do so with what’s called a man-in-the-middle attack. This consists of sitting in the space between your device and the network receiver, where they can see everything and everyone connected to the network. It is possible to prevent these kinds of attacks — but only with encryption and similar network security tools that are rarely found around public hotspots. If you must use Wi-Fi in a public location, you should set up a virtual private network on your devices, which will shield your tech from view.
Eight-character Passwords Aren’t Good Enough
The vast majority of internet safety tips and tricks will tell you to make an eight-character password that doesn’t contain common or identifiable words and consists of a mixture of upper- and lower-case letters, numbers and symbols. This information is more or less useless.
Hackers aren’t going around manually inputting passwords to break into user accounts; they employ advanced programs that can test thousands of character combinations in minutes. Thus, the longer your password, the more combinations that hackers need to try, and the less likely it is that they will hit on the right one. One security expert advocates for 72-character passwords — but most everyone else says somewhere between 12 and 20 characters is key, as long as they are appropriately random.
One way to ensure you remember your longer, randomized passwords is to make a sentence or story out of them. For example, the phrase “My favorite number is 11, and my dog Chewie is too fluffy” results in a virtually unguessable code like this: Mfav#=11&mdCh=2f.
Two-step Authentication Is Easy and Effective
Then again, one password might not be enough to keep out malicious actors. Even the longest and most random passwords are easily collected using simple malware like keyloggers, which run in the background and capture every stroke you make on your keyboard. However, if you employ two-factor authentication, you can ensure that even someone with your password won’t automatically get access to your data.
You likely already use two-step authentication without realizing it. Accounts at banks, on Google and on some other social media sites require you to input two or more contact methods (like a phone number and an email address), so they can reach you when they suspect someone unauthorized is trying to log in. You can download two-factor authentication tools to use in other cases, like logging into your computer or opening especially sensitive files.
You Really Do Need to Update Everything Constantly
As annoying as software updates are, they are critical for device security. Not only do updates close up security holes, but they also announce those holes to anyone who is listening. Usually, updates are published alongside a list of changes and fixes they address — which means savvy hackers can simply look at the updates to find potential vulnerabilities and exploits they might have missed. Then, anyone who has failed to update recently (which is a sizeable number of users) will fall victim to a relatively cheap and easy cyberattack.
It is especially important that you update your antivirus protection, ideally automatically. By doing this, you will keep your antivirus software free of vulnerabilities, but you will also ensure you have the latest and greatest protection against threats.
On one hand, internet security seems impossible. Indeed, no matter how thoroughly you protect your devices and network today, tomorrow some hacker in Estonia could discover a tiny exploit and bring your system to the ground. On the other hand, security really isn’t that hard if you employ the right tools in the right ways. By knowing the risks and modifying your behavior to avoid them, you can always stay safe online.