Privacy and security

In the times we live in, it becomes more and more important to think about online presence, privacy and security. Where we used to apply the same username and password for every service 10 years ago, we now (should) know better and use a decent password management tool.

Recently I noticed a tweet by Tom Verhoeff about the apps that have access to your online (social media) accounts. This was a great reminder for me to contact my direct family members and mention a few privacy and security “best practices”. They are very generic so I decided to post them online, maybe for myself as a good reminder in 2 years from now.

It’s wise to do this checks every year or so. The easiest way is to create an item in your calendar with a yearly (or whatever fits your behavior best) recurrence to check this again.

I am trying to write this down as an easy-to-read guide with links that link you directly to the content that is needed. Hopefully this makes it easier to share this with the people you care about to help them improve their privacy and security as well.

Photo by Philipp Katzenberger on Unsplash

Important notice about free services

I’ve decided to put this note at the top since it’s really important.

Some services I mention in this post are paid services. I know consumers are spoiled with free products nowadays, but please be aware that if something is free, you are probably the product. So be wise and pay for your most important services or make sure you truly understand how the services are staying alive (e.g. making money) if they are free.

Check apps that have access to your online accounts

Many apps request access to your online (social media) accounts. Some are “funny” and you want to try them out, some are things you really need at the time you provide access to them.

Below is a list of services and the direct links where you can view the connected apps:

Service Link
Dropbox https://www.dropbox.com/account/connected_apps
Facebook https://www.facebook.com/settings?tab=applications
Google https://myaccount.google.com/permissions
Instagram https://www.instagram.com/accounts/manager_access/
LinkedIn https://www.linkedin.com/psettings/permitted-services
Microsoft https://account.live.com/consent/manage
Twitter https://twitter.com/settings/connected_apps

Shared data

Sometimes you, accidentally or by purpose, share data from your cloud storage (e.g. OneDrive). It’s wise to check this once in a while since most of the times the shares should be temporary but are forgotten and last forever.

OneDrive

Go to OneDrive, then click Shared at the lower left in the main menu. Make sure to unshare everything that should no longer be shared.

Multi-Factor Authentication (MFA)

Most account services such as Google, Microsoft, etc offer MFA. This means that even if a person (with or without bad intentions) gets a hold of your password, they cannot login to your account since a secondary form of authentication (e.g. via an app on your phone) is required.

Whenever Two-Factor Authentication or Multi-Factor Authentication is available on a service, it’s highly recommended to enable it.

Service Link
Apple https://appleid.apple.com/account/manage
Google https://myaccount.google.com/signinoptions/two-step-verification
Microsoft https://account.microsoft.com/security

Passwords

Since a few years it’s very common to use a separate password for every online service, webshop, etc. Unfortunately I noticed that it’s too hard for most people to apply this in practice, especially if you are not really computer-savvy.

There are several good online services that can manage passwords for you. I highly recommend using an online service you trust that works on all of your devices. Below is a list of services that you could check out.

Please be aware that I have no preference for one or another and it’s your own responsibility to pick one.

Service Link
1Password https://1password.com/
LastPass https://www.lastpass.com/

Have I been pwnd?

Have I been pwnd is a great service by Troy Hunt.

Whenever new data breaches are found or reported, they are added to the database to make you aware that you were (not) part of a data breach.

You can check this once by searching for your email address, but you can also subscribe so you get instant notifications whenever a new breach that contains your email address is detected.

If your account was part of a breach, it’s super important to change your password for that service and all other services where you use the same username / password combination.