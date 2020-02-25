%MINIFYHTMLb943602787400371e4c2b58be7a08db211% %MINIFYHTMLb943602787400371e4c2b58be7a08db212%

Have you taken steps to protect your data online? If not, you should, experts say.

"I think many of us begin to think about our cybersecurity when we are unfortunate enough to be abused," said Viktorya Vilk, director of the digital security and free expression program at PEN America. "Be proactive, not reactive."

Vilk and Manuel Egele, an assistant professor in the department of electrical and computer engineering at Boston University, offered the following tips to keep their information secure online.

Use a different and long password for each account.

"It's the simplest, and we all know it, but very few of us are doing it," Vilk said. "You want to use a different password for each account."

You must use at least 16 characters, with a combination of numbers and symbols. The minimum of 16 characters is because hackers are using algorithms to "pass,quot; passwords permutations, he said.

"The longer you set a password, the longer it will take for a machine to do so, and the more likely someone will give up," he said. “Therefore, you want to use passwords that are as long as you can support, but 16 characters is a good baseline. And the phrases work very well. "

Do not use the following information in passwords because hackers can easily find it online: your birthday, a pet's name, your maiden name, your mother's maiden name and your high school, she said. As with the security questions, you won't want to use anything that someone can successfully search on Google about you, he said.

For which accounts should you create a long and secure password? All of them, Vilk said.

"You may not think it is a very important account, but if someone can enter it, then they will have access to all kinds of private information about you," he said. "That is why it is important to keep even the passwords of the accounts that really do not interest you much."

Get a password manager.

If you wonder how you will remember all those 16-character passwords, the answer is to use a password manager.

"These are browser add-ons or separate programs that will generate strong and random passwords for each of the services you are registering in and then remember them," Egele said. "The important thing about this is that all these passwords and logins are stored in encrypted form and locked by the master password. So basically, at the end of the day as a user, you just have to remember the master password."

Many password managers are free. Do your research to make sure you choose a reputable one, Vilk said. Examples of password managers provided by experts include 1Password, DashLane and LastPass.

"It's really easy to use these things, but I don't think there is a large enough fraction of people using password managers," Egele said. "There really is no reason not to."

Configure two-factor authentication on all your accounts.

When you configure two-factor authentication (2FA) in your accounts, if someone attempts to log in to your account from an unrecognized device, you will receive a message asking you to authenticate by entering a unique use code delivered by the application or text.

"It's basically like an additional layer of security, so it is much harder for hackers to access your account," Vilk said.

It is preferable to obtain the code through an authentication application, such as Google Authenticator or Authy, rather than through text messages due to the possibility of SIM theft, he said.

The SIM hijack, Vilk said, is "someone calling your cell phone provider, pretending to be you and saying:" Oh, I have a new SIM card and a new phone number, can you route all my traffic to my new number? & # 39; And then, suddenly, the codes you're getting that are supposed to go to your phone go to someone else's number. "

The way to protect yourself from SIM theft is by calling your cell phone provider and requesting that no changes be made to your mobile phone account without you providing a special PIN number. A useful suggestion from Vilk: for example, don't make the pin obvious when using your birth date.

You can find a list of accounts and platforms that support two-factor authentication at twofactorauth.org.

Find out if your email has been part of a data breach.

If you want to know if your email account has been part of a data breach, you can go to haveibeenpwned.com and write it.

What should you do if so?

"Be sure to change the password on that account and never use it again," Vilk said.

You can also request to be notified if your email is part of future data breaches by using the "notify me,quot; tab on the site, he said.

Be diligent with your privacy.

"Be very careful with what you share," Egele said. "If you don't share it with any property online, nobody can steal it."

For example, "Is it really important that Facebook turns years old?" Egele said. "I guess your true friends know your birthday."

"Birthday is almost always an important ingredient in identity fraud," Egele said.

For example, if someone tried to gather important information about you to, for example, open a credit line in your name, it simply made it easier by providing your birthday date, he said.

Also, check the privacy settings in your accounts, he said.

"If you are diligent about your privacy settings and are diligent about who you share information with, that certainly limits the intentional exposure of the information," he said.