Are your personal and professional data secure? A few modest actions in three key areas—accessing your accounts, browsing the Web, and using your devices—can significantly improve the security of an academic’s digital life.
Secure Your Accounts
We always start with passwords. They’re very important, they’re often not that great, and they’re very easy to fix. You can follow some simple best practices to strengthen them:
- Avoid commonly used passwords like “123456” or “password.” For more guidance, review the annual worst password list from the Internet security company SplashData. (And, obviously, do not use any of the passwords found on that list.)
- Instead, use passwords that contain long, complex, nonsensical phrases intermixed with numbers and special characters—The New York Times has some helpful tips for generating these. Keep each password unique to its account.
- Since keeping track of all of this can be burdensome, consider using a password manager like 1Password or LastPass. These services require you to create one master password; then, they create strong, unique passwords for all your accounts. While it might sound counterintuitive to store all your passwords in one place, these companies do take security seriously. For more detailed information, we recommend reading “The Best Password Managers” on The Wirecutter.
Strong passwords, however, are only the first step. Enabling two-factor authentication (2FA) provides an extra layer of security. With 2FA, you first enter your password, then the service sends you a second piece of information to verify your identity, through a text message, an e-mail, a phone call, or an app.
Many widely used services offer 2FA. Two Factor Auth—an open-source, frequently updated project—details these offerings and provides links to the appropriate documentation.
While strong passwords and 2FA will increase the security of your accounts, you still remain vulnerable when browsing the Web. Technology companies in particular tend to be very interested in collecting and analyzing the browsing habits of their users. By implementing a few small changes, however, you can begin to lower your exposure to these threats.
- Look at your browser and see whether the URL starts with “http” or “https.” “HTTP” stands for “Hypertext Transfer Protocol,” which allows servers and browsers to communicate and powers the Web. “HTTPS” is the secure version of this protocol that encrypts data in transit between servers and browsers. When visiting a site, especially if you’re going to be entering any personal information, make sure that “https://” precedes the URL. To force secure connections as much as possible, try the HTTPS Everywhere browser extension developed by the Tor Project and the Electronic Frontier Foundation.
- Learn more about who tracks you online by installing an extension like Ghostery or uBlock Origin. These extensions show all the third parties that track you on a given site and allow you to block them.
- Search engines like Google track you even when you use a browser’s incognito or private modes. If you would like to opt out of this tracking, try using a search engine like DuckDuckGo that clearly states that it does not collect or share personal information.
- Consider using a virtual private network (VPN). A VPN allows you to use your public network as if you were directly connected to a private network. This has a number of security benefits, such as encrypting data in transit and assigning your device an Internet protocol (IP) address not tied to your geographic location. A VPN might be provided by your institution, or you might need to purchase one. Picking one will require some research, but The Wirecutter provides a decent overview for those interested.
Lock Down Your Devices
Information security usually starts with online accounts, but the physical devices everyone relies on day-to-day also offer opportunities to strengthen your information security profile.
- For phones and tablets, opt for a passcode longer than four digits. A six-digit passcode is a good start, but an eight- or a ten-digit passcode is even better.
- Keep your operating systems up-to-date. While the constant nudges to install updates might annoy you, they do serve a purpose. Updates almost always include patches to known security bugs. (There’s a black market for these bugs, too.)
- Consider encrypting your hard drive using BitLocker for Windows or FileVault for Mac. Be careful if you decide to take this route. It requires some technical know-how, and you could lock yourself out of your own hard drive.
Even everyday browsing and shopping information is very valuable in the aggregate for marketing companies and corporations. But beyond this, academics often handle sensitive data—research on human subjects or confidential information about student health or immigration status.
While navigating between security and convenience always involves tradeoffs, we believe that these suggestions offer a good balance of security and simplicity. Making even one change can make a big difference.This work is licensed under a Creative Commons Attribution 4.0 International License.
Beth Seltzer is chair of the Committee on Information Technology and academic technology specialist at Stanford University.
Tom Lewek is the MLA staff coliaison to the Committee on Information Technology and head of technical project management at the MLA. These recommendations were presented at the Committee on Information Technology’s 2019 MLA convention session, Commonsense Information Security.