How to Minimize the Risk of Being Hacked and Locked

This morning, I read many posts about hacked Facebook accounts. What's the problem? I don't know. But here are few things to consider to lower the risk of locking your account after being hacked, especially when your livelihood is on the line.

Photo by Daria Nepriakhina on Unsplash

Make sure to set up and update your recovery email address or phone number.

Here's the truth: if you haven't set up your recovery options, you have no chance of recovering your accounts. That's how serious it is.

Screenshot of Facebook recovery account.

Set up your recovery email address or phone number.

When signing up, make sure to use an email address that you can access. Most likely, the site will require you to verify it. Don't use fake/non-existing one because you will suffer when the time comes when you need to recover your account.

Keep your recovery options updated.

In recovering your accounts, various sites will usually send codes to your email address or phone number to verify if you truly have the right to access those accounts. You might regret that your accounts are still using an old phone number or a deactivated email address.

Create a "strong" unique password for each of your accounts, but you should not rely on your memory to remember them all.

Long phrases are more secure than c0mp!3X but short passwords.

People often think that a password is "strong" if it has combinations of small and big letters, numbers, and symbols. Well, it's partly true. Look at the comics below.

A comics about password strength. By Randall Munroe. Source: https://xkcd.com/936/

As shown above, the password "correct horse battery staple" is more secure than "Tr0ub4dor&3". So, the goal is to make long and random passwords instead of complex but short ones.

You may also try to capitalize the first letter and end your password with a period like a sentence. You can also add a random number in between the words like "Bugnaw gabii 143 hangin suga." This way, you can easily create long but random passwords.

Create a unique password for each account, and let password managers do the remembering.

"The only secure password is the one you can’t remember." - Troy Hunt

You can't remember all your passwords. That's why you need the help of password managers like Google Password or 1Password. Using them, you can quickly generate and store random passwords. You don't need to save your passwords in your inbox.

A comics about security. By Randall Munroe. Source: https://xkcd.com/538/

However, if you don't trust password managers because it is like "putting all your eggs in one basket," then suffix every password with a secret passcode. Read more: Try Salting Passwords if You Don’t Trust Password Managers.

Don't share your passwords, and change them regularly.

"Treat your password like your toothbrush. Don't let anybody else use it, and get a new one every six months." - Clifford Stoll.

The quote above may be self-explanatory but often not practiced.

Opt to receive alerts/notifications when you are hacked or compromised in a data breach.

"Security is all about risk mitigation - you never actually become 'secure,' you merely decrease your risk." - Troy Hunt

Receive notifications if you are included in data breaches by subscribing to Have I Been Pwned (HIBP) or Firefox Monitor.

TL;DR:

1. Make sure to set up and update your recovery email address or phone number.
1. Set up your recovery email address or phone number.
2. Keep your recovery options updated.
2. Create a "strong" unique password for each of your accounts, but you should not rely on your memory to remember them all.
1. Long phrases are more secure than c0mp!3X but short passwords.
2. Create a unique password for each account, and let password managers do the remembering.
3. Don't share your passwords, and change them regularly.
3. Opt to receive alerts/notifications when you are hacked or compromised in a data breach.strip.

I hope that this post will help you. So, go and change all your passwords now!