Stay safe in your online life, too

During the COVID-19 pandemic, many of us are turning to the internet to connect, learn, work and entertain ourselves from home. We’re setting up new accounts, reading more news, watching more videos and scrolling through social media at an all-time high. These are excellent ways to stay connected while being physically distant, but they do come with a set of concerns worth noting.

Pick strong passwords for new accounts

Streaming movies or ordering takeout or groceries online for the first time? You’ll need an account and password for that. It’s tempting to use groceries123 as your shopping site password or princess for your streaming site, but it’s smarter to use a strong password.

Weak passwords can be more easily guessed or cracked through “brute-force attacks” on networks. A strong password is your first line of defense against hacking attempts and unauthorized access to your accounts. Some tips to strengthen your passwords:

Do

Don’t

Do use long passphrases by combining two or more unrelated words. Also use numbers or special characters, but don’t rely on substituting @ for a or 3 for e, which are overly used and well known. Don’t use the word “password,” or any combination of it. “P@ssword!” is just as easy for hackers to guess.
Do make your passwords at least 8 characters long. Aim for a minimum of 12-15 characters. Don’t use short, one-word passwords, like sunshine, monkey or football.
Do use a combination of upper- and lower-case letters, numbers and symbols. Don’t place special characters (@, !, 0, etc.) only at the beginning or the end.
Do include unusual words only you would know. It should seem nonsensical to other people. Don’t include personal information like your birthdate, address or family members’ names.
Do keep your passwords protected and safe, like encrypted in a password manager. Don’t share your passwords. Also don’t put them on a piece of paper stuck to your computer.
Do spread various numbers and characters throughout your password. Don’t use common keyboard patterns like asdfjkl; or obvious patterns like 111111, abc123 or 654321.
Do create unique and complex passwords for every site. Don’t use the same password everywhere.
Do use an extra layer of security with two-factor authentication (2FA), especially for your primary email account Don’t think a weaker password is safer because you have 2FA.

[Read more about how to create strong passwords]

Every account needs a unique password

When you’re setting up a new account, you might be tempted to reuse an old password, thinking the likelihood of your grocery store getting hacked is low. The unfortunate truth is that every account is vulnerable, and you need to protect them with unique passwords.

Here’s why. If you used the same password for your grocery account as you did for an account that was previously breached, a bad actor could gain access to your new account.

Password reuse is an easily avoidable security problem. When setting up new accounts, a good password manager can help you select something complex and unique that you never would have thought of on your own, save it securely for you, and make it available when you need it. Firefox can do that for you by generating complex, unique passwords, saving them and letting you access them from your different devices. You can also protect them behind a primary Password.

Pause if something seems suspicious

Malware and phishing are ongoing threats to online safety, and we all may be more susceptible during this vulnerable time. Phishing is a common email scam in which bad actors impersonate a service, person or company you trust. They look like the real thing because they mimic the design of authentic emails, like those from your bank or email provider. “Spear phishing” is more targeted and sophisticated, hence the name, and uses your detailed personal information to trick you.

These scams are often perpetrated over email, but they also come in the way of phone calls, with callers claiming to be from your bank or credit card, the FBI, the IRS, your student aid provider, and so on. They also sometimes show up as text messages with sketchy links. Scammers will concoct stories about how they detected suspicious activity on your account, how your bill is overdue, how you’re owed a refund, how your test results are back, and so on (read more from the FTC).

The typical goal of these criminals is to get you to unknowingly enter your password into a fake website, download a malware program that can infect your device through an attachment like an image or document, or offer up other key personal details they can use to access your account.

Netflix Scam Example Email
An example of a phony email designed to scam people. Source: U.S. Federal Trade Commission

Think carefully before you fill anything out. Does this email or text seem out of the blue? Does something seem off about it? Are you being asked to log in to an account to update something?

Don’t click, and don’t enter your password, authentication code or personal information (such as your date of birth, social security number, bank or credit card details) anywhere if you’re suspicious. Open your browser, and type in the address of the company website instead, or give them a call directly.

Here’s a screenshot of an email phishing attempt we received this week.

Know the classic signs of a suspicious email or text:

  • Displays grammar or spelling mistakes
  • Seems especially urgent or time-critical
  • The “From” address looks unusual
  • Promises something that seems too good to be true
  • Asks you to log in from the email itself
  • Asks you to open or download a file that you don’t recognize

This happens on the web, too. Recently cybercriminals set up a phony site with COVID-19 maps to lure unsuspecting people who were researching the topic. The fake site mimicked a legitimate map site created by Johns Hopkins University, but it was created to distribute malware on computers and steal passwords. The Hacker News explains what to know.

(Here’s the link to the legitimate Johns Hopkins site: https://coronavirus.jhu.edu/map.html.)

It’s okay to stay on Facebook

Staying connected to your family, friends and community near and far is especially important during times of crisis. If you’re active on Facebook, the Facebook Container extension will make it harder for them to track you around the web. It also works on other Facebook owned sites like Instagram, Facebook messenger and Workplace.

Get Facebook out of your business

Get the Facebook Container Extension for Firefox

If you are able to work from home using a browser, the Multi-Account Containers extension can keep your work and personal profiles separate, yet simultaneous, with color-coded tabs.

Verify your Covid-19 news

Spending more time reading online naturally opens one up to coming across misinformation and fake news. During times of heightened social stress like we’re in now, we are especially vulnerable to consuming and sharing it, too. The International Federation of Library Associations put together this handy infographic to help people think critically about a piece of news:

In mid-March, the non-profit Poynter Institute, which is dedicated to truth in journalism and media, published 7 ways to avoid misinformation during the coronavirus pandemic:

  1. Learn the basics of the disease
  2. Ignore posts that say the disease is planned
  3. Verify images and videos
  4. Double-check case numbers, death tolls and fatality rates
  5. Beware of attempts to downplay or inflate the threat of the disease
  6. Don’t share prevention or treatment methods without consulting official sources
  7. Look for what’s still unknown

Snopes has also published a collection of Coronavirus claims they’ve investigated so far.

If you’re looking for more to read, Pocket is a credible, human-curated source for information about Covid-19 and plenty of other topics, too.

Do those software and app updates

If you’ve put off software and app updates, maybe you have some extra time now to get it done. Updating software on your computer, tablet and phone is a crucial step to keeping devices safe. These updates fix bugs, software vulnerabilities and security problems. Regularly updating your smartphone apps and operating systems makes your devices more secure.

Even better, turn on automatic updates. You can set your computer, browser, apps and phone to update automatically as soon as new updates become available.

Now might also be a good time to investigate and update your phone’s permissions, settings and app selection.

It’s okay to take a break

Taking a break from being online is good for mental health. By now you’ve probably received an email or five about trying new recipes, crafts, hobbies, games, exercises and so on. Whatever works for you, friends. Firefox isn’t going anywhere, and we’ll be here (and here) when you’re ready to check back in.

Take care of yourselves!

This post is also available in: Deutsch (German) Français (French)


Share on Twitter