Privacy, Security
How Should You Create a New Online Account?
Jan. 25, 2022 / My Data Removal Staff
How many online accounts do you have? If you’re like most adults in the US, you have around 100 accounts. This number has been growing for years. It increased by about 25% since the start of 2020. At that rate, it means most people are creating between 20 or 30 new accounts each year. If you don’t have a plan, it can be very difficult to keep all of your accounts secure and your information in them safe. Here are some tips in creating new accounts that will help you make your accounts as hard to hack as possible.
1. Use a password manager
If you haven’t heard of a password manager yet, this is one of the best things you can do to help you manage your accounts and increase your online security. We go into depth in this article, explaining why you should use a password manager. This is what the security experts and privacy extremists use for their passwords. If you do nothing else on this list, sign up for a password manager today. It will make doing all the rest of the steps we recommend feasible and sustainable.
2. Use a unique, long, and complex password
- Unique means you don’t use a password for more than one account. It should also mean that no one else anywhere uses the same password.
- Long means the password is as long as the site or service will allow. Back in the day, Yahoo had a minimum limit of 4 characters for a password. Now you should aim for 20 or more characters.
- Complex means the password is not guessable and doesn’t follow a simple pattern like “1234567890” or “qwertyuiop.”
Reusing passwords or parts of passwords is dangerous. We cannot stress enough how bad of a practice it is to reuse passwords. If your password is in a data breach (odds are it is) it can and likely already has been tried with different services. If you reuse passwords, consider this a call to repentance, and resolve to stop reusing password immediately.
To assist with creating unique passwords, you can utilize a part of password managers that can create passwords for you called a password generator. The password manager can generate random complex passwords for you whenever you need them. You can also use a password generating website. We like one from GRC. You can also use Diceware, which generates random words and are easier to remember than random characters. You can also take the first letter of a song, poem, or part of a book (the first two lines of the Star Spangled Banner would be OscysbtdelWspwhattlg – also easy to remember). This method is not as strong as a randomly generated password, but it’s significantly better than your birthday and the word “princess.”
3. Aim for unique usernames
Unique usernames make it harder or hackers to get access to your account. If you have a different username everywhere, instead of the same email address or the same username, hackers can’t just try what worked with one site on a new site. It won’t work.
When you can use a username that isn’t an email address you have a few options to make it unique.
- Use the output of a password generator as your login
- Use a random word generator online for a unique login
- Use a username generator for a unique login
When you have to use an email address you are more limited. You still have a few options:
- Use masked email addresses for accounts that don’t have sensitive information
- Try to use plus email addressing when sensitive information is involved.
- Create a new email address just for this service
- Use your full normal address only as a last resort
4. Set up multi-factor authentication whenever possible
Many of your online accounts will have the option to secure your account with multi-factor authentication. If someone were try to get access to your account, not only would they need your username and password, but they would also need the second factor. Multi-factor authentication doesn’t make you invincible, but it makes it significantly harder to get access to your accounts.
You should always set up a second authentication method. If the service you use does not offer multi-factor authentication, you can reach out to them and request it.
Not all multi-factor authentication methods are equal. The most secure is a hardware token like a YubiKey. The next best method is to use an authenticator app like Authy or Google Authenticator. Finally, SMS is better than nothing, but SMS has the most obvious vulnerability with SIM swapping. We suggest our clients use an authenticator app if a hardware token seems too intimidating. Authenticator apps are also free, whereas hardware tokens are not.
5. Use alias information when appropriate
Not everyone needs to know your real information to be able to provide you with a service. Some services do. For example, it would be unwise to put a fake social security number on your tax form to the IRS. But the random gaming app you downloaded doesn’t need to know your real information at all.
Masked email addresses and a password manager can help you keep track of alias information. For more information, see our article, You Need an Online Alias Strategy.
6. Use anonymous or semi-anonymous payment information
Cash still works quite well in most offline situations. For online purchases, you can use prepaid credit cards or a service that provides them, like privacy.com. You can also use cryptocurrency or get a secondary credit card in an alias name to use online.
Keep it up!
Privacy and security online are more like a marathon than a sprint. It takes a while to upgrade your online habits and practices and to get used to a better way of doing things. We applaud you in your journey to better online privacy and security! If you need more encouragement or motivation see our Why Privacy and Why Security blog posts.
If you would like help improving your digital hygiene or have questions specific to your unique situation, feel free to reach out to us or take a look at our advising services.