It's very easy to hack someone when they're not correctly securing their account. Being hacked could result in permanent loss of virtual property or even your reputation being damaged. Avoid being a victim by following these best practices.
Disclaimer: This assumes that the security infrastructure of the company is well protected. There is not much you can do if the company itself is hacked or if there is a vulnerability in their systems.
Why would someone want to hack you?
Even if your account has no monetary value(E.g no credit cards attached), hackers will likely still want your account. There is a lot that a hacker can do with your account so long as you've built some form of identity with it.
- If a hacker has your Facebook account, they may use it to message your family members or old friends saying they need some money.
- Maybe the hacker was paid by someone to try ruining your reputation; They can do this by posting lies and bad things about yourself.
- They may simply turn your account into a bot account to message thousands of random people. The message may instruct to check out a virus-filled website. If those people check out the virus filled website and get hacked, maybe at least one person will have more valuable information to steal.
If your account has monetary value, then there could be clear intent. If they are to hack your bank account, it would be easy to instruct the transfer of your money. If it were a video game account, they may transfer some of your game money to their account; Maybe even troll you by spending it on worthless items. If it were an Amazon or eBay account, they may use it to purchase items and send them to a public address they can pick up from.
Enable Two Factor Authentication (2FA)
2FA is the requirement of two passwords to log into your account. The second might be a 6 digit number sent as a text to your phone. This code is changed every time you try to log in. This is a great precaution to set because if someone watched you type your password, they still won't be able to log in if they don't have your phone.
Use a complicated password
A strong password is incredibly important to your account security. An easy password makes you vulnerable to prying eyes. Computers can crack it in seconds by testing millions of passwords a minute. At the very least of protecting your account, you should use a long and complicated password. A complicated password is hard for someone to remember if they are just watching you type it. A long and complicated password can take a supercomputer a few thousand years to brute force and solve.
A good rule of thumb for a strong password is to:
- Use at least 10 characters.
- Use special characters like "!", "?", and "#".
- Capitalize random letters.
- Keep it unrelated to your identity.
Test your password with this brute force calculator:
Use unique passwords
Using the same password for multiple websites is a massive risk. If someone figures out your login details on just one website, they'll be able to login to your other websites. They can test the login details on some of the most commonly used websites, like Facebook, Amazon, eBay, Google, Netflix, etc.
Every time you create a new account, use a password you've never used before. Although, this can get tricky if you're active on the internet. Especially if you're following the tip above to use complicated passwords. Remembering complicated and unique passwords for 20 different websites is no easy task. A tip to remember many unique passwords is to follow a pattern. For example, start your password with something you've always used. At the end of that password, include every other letter of the website's company name and finally, the number of letters in the company name. For example, if making an account with WeAreDevs, your password could look like, "PasswordWAEEVS9."
If following a pattern is too much for you, then consider using a password manager like LastPass. Though you should be aware of the risks of using a password manager.
Protect your device
Protecting your device is as important as protecting your accounts.
Don't plug in random USB devices
Some hackers may leave what seems to be a USB flash drive. Out of curiosity, you might plug it into your computer to view its contents. Maybe you just plainly need a flash drive, so you take it home. They might behave like normal and you're able to read and write files, but it might have hidden contents. For a week, you've probably been using it and plugged it into school and friend's computers. Then all of a sudden, all of those computers have some kind of malware installed like a virus or ransomware. Maybe even a RAT could be installed so they can wirelessly browse your computer without you knowing. This is possible because some USB device's firmware can be overwritten to execute code once they're plugged in.
Don't download random files
This essentially poses the same problem mentioned with USB devices above. The difference is the trigger to execute the malicious instructions. When you download a random file online, such as those sent by a stranger in a public chat, opening them can trigger malicious instructions to execute on your device. Understand that anybody can create a malicious file or website. Not all files are made by large and reputable companies.
Don't leave your computer unlocked in public spaces
We usually leave our accounts logged in to websites on our personal devices. If you use Facebook, you probably never bother logging out of it on your phone's FB app. It is a bit tedious after all to log in over and over for your frequent visits. If someone finds your phone and you left it unlocked, they have access to everything on your phone. Meaning they can open up websites and other apps where you haven't logged out. They can use this opportunity to change your email and confirm it from your email app, which then gives them the ability to send a password reset request to the new email. Just like that, your account is stolen. Of course, you can email a support request to the company to get your account back. Though you might end up waiting a few days for a response and a few more for investigation. This gives the hacker plenty of time to do what they want.
Be cautious logging into public computers and leaving your phone in public spaces. Always set a password on your personal devices like your phone and laptop.
There is a lot you can do to protect the safety of your account. Set a good password, enable 2fA, and protect your devices. There is still more you should do to protect your account, but these are some of the best practices.