Root Down InfoSec

Five easy ways to prevent account takeover

Luke Switzer- August 18, 2018


1. Auto-updates

Updates are continuously released to patch security holes. Set it and forget it; this step takes seconds and is your first line of defense. Flip that switch & automatically install system updates. Keep your apps, OS & browsers updated, simple enough.


2. Password managers

How many 32-character passwords can you remember? Get on board with password managers like 1Password or LastPass. Your common password takes roughly an hour to crack while a great password can take years. Encrypted with biometrics for added security, these apps also come with tools to alert you if compromised in breaches. Generate, fill & sync across all your devices. iOS 12 supports using many of these by default.


3. Two-factor authentication

Passwords are great, but weak ones are useless. Codes sent via text message? Insecure and easily intercepted. With 2FA so readily available, it’s unwise to keep avoiding it. Go the route of Duo Mobile or Google Authenticator, both free & straightforward. Taking it a step further, use a physical key like Yubikey.

Say goodbye to app verification codes, just tap the key or hold to your device. Yubico recently sold out of the popular 5 series, though we recommend waiting for them instead of using Googles Titan product; at least until a look into Googles firmware & supply chain is addressed.


4. Widely adapted browsers

Chrome, Safari & Firefox all have proven track records of frequent updates and quick patch times. If you use extensions or add-ons use the in-browser tools & beware of copycats: Check permissions you grant and verify the developer identity before installing.


5. Blindly trusting content

Fake emails account for a huge amount of cybercrime. Credit cards and banks are pretty well protected, smaller & easy to impersonate companies also spend less on fraud prevention.

Nearly all recent complex hacks are traced back to a spear-phishing attack (a targeted and seemingly authentic message sent to a member of an organization) Check the URLs you’re clicking in emails by hovering or copy & paste them to remove any monetization and tracking IDs.


TLDR; We’re not ‘the IT guy’

The difference between privacy and security is something we all should and understand a little better. While turning off your location might stop a targeted advertisement, using a router with default settings compromises your entire device and any data transmitted. Look into a VPN service to anonymize your traffic should you be forced to use an unsecured network (airport, hotel, etc.).

The cybersecurity community doesn’t get much praise; quite the opposite. It’s now an inevitable risk & something to take more seriously with each passing day. What we stand to lose in the form of digital assets rapidly changed from bank fraud to corporate takeover. You could easily sink your own by responding to the wrong email. Undoing the mess can take months and cost up to $10 billion to fix.

Root Down Digital