January 28, 2022
Ngô Minh Hiếu was once a fearsome hacker who spent 7 1/2 years incarcerated in the U.S. for running an online store that sold the personal information of about 200 million Americans. Since leaving prison, Hiếu has become a so-called white hat hacker, attempting to protect the world from the sorts of cybercriminals he once was.
These days, Hiếu said, it doesn’t take much hacking to access sensitive details about Americans. Companies and governments routinely leave databases exposed online with little or no protection, as we’ve reported, giving cybercriminals an easy way to harvest names, emails, passwords and other info. While in prison, Hiếu wrote an online security guide for the average internet user. As he and others have pointed out, it’s impossible to create an impenetrable shield. But here are some of his tips for how you can mitigate your risks, along with some other practical online security advice.
1. Stop reusing passwords
Make 2022 the year you finally stop reusing passwords. Once a password is exposed in a data breach, as routinely occurs, cybercriminals may use it on other websites to see if it grants them access and lets them take over an account or service. To help you generate lengthy, difficult-to-guess passwords without having to commit them to memory, use an encrypted password manager such as 1Password or LastPass. These services, which typically charge $3 to $4 per month, also monitor databases of breached passwords, like Have I Been Pwned, which can identify some passwords that have already been made public.
2. Delete unused accounts
Another benefit of using a password manager is that every time you create a new account at a website, you can log it in your password app. The app will track when you created a password and when you last modified it. If you notice that you haven’t used a website in a few years, and you don’t think you’re likely to use it again, delete your account from that website. It will mean one less place where your data resides.
3. Add an additional layer of security
Use multifactor authentication — which requires a second, temporary code in addition to your password to log in to a site or service — whenever…