Keeping your Online Activities Safe

This blogpost has nothing to do with making money or internet marketing, but has everything to do with keeping your money and your person online, safe, or I should say safer. This is especially important to internet marketers, webmaster, website owner, business owners and other people that use the internet daily for multiple purposes.

I have worked with hundreds of people over the past few years. In the process of building a sales funnel, or a website or working on their email marketing, I get access to their usernames and passwords.

And I see a problem that has been happening since 1999 when I first worked on a client account. Chances are this applies to you at least to some degree.
Back in 2005 my identity was stolen. It wasn't stolen digitally, but the process of recovering it and cleaning it up sucked. And it sucked up a big portion out of 3+ years of my life with weekly and monthly calls with police and creditors and debtors and all that fun stuff.
10 years later, now everybody that does anything online faces the same risk of identity theft. Please take this seriously and read on...

identity theft photo

It sucked to have my identity stolen. Now it can happen to anyone with access to just one or two accounts. Do NOT share passwords.
Photo by GotCredit

First of all, when you are working with a 3rd party, you must change your usernames and passwords for all accounts that were shared as soon as that assignment or engagement is over. That includes, developers, designers, "wordpress pople," "seo people," or whoever.

So if your developer finishes your website and gives it to you on Monday, the 1st of the month, then before that day is over, you should have already changed all the usernames and passwords related to that project.

Unless of course the developer will continue working or accessing the site for additional work, but that should go unsaid.

You should change all the passwords, not because you're afraid of your developer or wordpress person or whoever it may be, but because you want to make sure you're protected. You don't know if their systems are secure.

What if you shared the username and password with them via email, or chat, or skype, and someone is snooping around their computer? Now your security is at risk!

This is not a big problem if you just share one account. Maybe it's just the Aweber account or your cPanel account. You think it's not a big deal, that's just the email list account.

But it could be a really big problem and let me explain why.

Don't share passwords with other accounts!

Now that I told you to change passwords after anyone else besides you works on your accounts, the next thing you need to do is make sure your passwords are unique to each account.

So what if someone finds out that your Aweber password is "snoopy123"? Who cares, you think?

By the way, that is an actual password someone I worked with was using (for all their accounts). Well, most people that use weak passwords, also tend to use one password, or a few different passwords for ALL their accounts.

That's the other big problem. You should not do share passwords with multiple accounts. The reason should become obvious really soon --if it wasn't already.

Here's the setting:

Imagine I'm a shady character, snooping around for information and I got a hold of your computer. The method of entering  your digital world can be any of many, like: you left your laptop open at a coffee shop while you went to the restroom and there's a line at the door; or your laptop was left behind and I have it for the night until you pick it up in the morning; or you lost your cell phone and I guessed your password, or worse, you didn't have one; getting access to your "world" is trivial if you aren't protecting yourself in all fronts.

If I'm snooping around your computer and I find that your account for Aweber is: example@example.com and the password is myshorshorts1972. I found it just by searching for "username" in your skype account. Turns out you shared this info with your marketing manager over a chat in skype about 9 months ago.

But If I'm trying to steal your identity or access to another one of your accounts, I now have more information to guess or obtain even more information about you from other accounts.

I am just going to try other accounts using the same username and password combination I "snooped" from the skype conversation account. And I would try your website, your gmail account, and other ones.

If I wanted to steal your identity, I now would have one email & password combination, along with a physical address (got it from the Aweber account right?). And if I guess your access to another account, I will get whatever personal details from that account as well.

As a quick side note but in a related topic, go get a copy of this book and read it. You'll be amazed at how someone can totally take over by making a few phone calls. Try to get your hands on The Art of Deception by Kevin Mitnick.

Eventually I can get into your main email account and then, checkmate, all your bases belong to us. I would have a chance to steal your whole identity at that point. And if I did it carefully, you would not know about it for years to come!

Now, do you understand why I don't want you to share account passwords with other accounts? And do you understand why I want you to change your passwords regularly?

With every account that uses the same password another account already has, you increase your vulnerability level. Stop doing it, and stop doing it today!

If you're thinking: geez Oscar, that's a lot of work...

Going through all the accounts you have, changing their password to something strong and secure, like "#7E1Lg4!Gq5LQj4f" is a lot of work, but you don't have to do it all by yourself and all at once. There's an app for that!

I sent a version of this blogpost to my email list recently and the whole point was the next part of this whole thing.

Get an app to help you. The app I recommend is LastPass and it's pretty awesome. LastPass has 2 versions, the free one and the paid version. The free version is good if you do most of your work on a desktop or latptop. But if you use your phone for a lot of work, or a tablet, then I recommend you get the paid version because that will give you full access and functionality in the mobile version of the app.

The biggest downside to using the free version of LastPass in your mobile device is that you have to manually copy the username and password into each app or website, so the integration is not there. The paid version fixes this.

Before Instagram allowed me to switch accounts within their own app, this was the only way I could switch between 3 or 4 Instagram accounts, just let Lastpass manage it for me.

GET LastPass installed and configured already!

I've mentioned LastPass before, I talk about it in person with all my clients. LastPass manages your usernames and passwords and keeps them locked away under a master password.

The usernames and passwords for all your accounts and websites will magically get filled in whenever you need them. It works even if you have multiple accounts in one website. For example, I manage client's accounts in Leadpages, and Aweber, Optinmonster, various cPanel accounts and more. I keep track of all these usernames and passwords using LastPass.

Whenever I visit the site, LastPass automatically knows which username and password to use. It just needs to learn once each time for each website. If I go to a website and I create a new username and password, then LastPass will offer to create a strong password and use that.

You get to configure the settings for the password security. I use all the characters, and minimum of 16 characters, sometimes I go to 20.

A while ago I made a video about this. Although the interface has changed slightly, the basics still apply. Here's the video:

But it's useful for more than just usernames and passwords

LastPass also helps you fill out comment forms, and shipping or order forms. It has a built in form manager that you can use and customize. I use it to fill in comments for various websites and blogs. That way I can leave a comment as the author that makes most sense, like my personal blog, or my daddy blog, or another more relevant blog.

If I want to order something I order in a regular basis, I can create a ship to profile that will have all my information ready to go so I don't have to type it in or look it up. This would be really good for someone that has to ship stuff to different addresses every week.

Secure Notes

The other purpose is that it has secure notes as another feature you can use. This is just like a notepad, but it's encrypted and secure behind your master password. You can use this to save the family's vitals, your driver's license, your vehicle's VIN, your map to the treasure, whatever.

Please stop using the same password for every account, and stop using silly mickey-mouse passwords. Use a strong password generator, and then use a password manager like LastPass to keep it all organized for you.

cryptography photo

Aren't you glad you don't have to use one of these to encrypt and decrypt messages and notes? You can just write them in LastPass and lock them up!
Photo by gvgoebel

The Wrap Up

You can find all kinds of alternatives and all of them have their upsides and downsides. I've tried them all, and settled with LastPass for a few reasons: It's platform agnostic, it's one of, or maybe the most secure one out there, the premium version is inexpensive, and I can securely share login information with others without having to share the actual password. Yeah, try that on for size!

If you want to explore other ones anyway, the other ones that are good are: 1Password, KeePass (local file only; no integration). And Lifehacker has a list of 5 best password managers. So you can decide. If you ask me, go with LastPass.

I would recommend you get LastPass for all the reasons I mentioned earlier. Price, features, portability, accessibility and availability. But at the end of the day, I just want you to be safe so lock up your passwords anyway you can using one of these apps, start doing it today!