The biggest online security mistakes you are probably making

Many of us are putting our personal information and identities at risk with our unsafe online behaviour. Those are the findings of a new survey of people’s internet practices. How do your security habits compare with the average person’s? It probably depends on how old you are.

Financial website NextAdvisor recently surveyed users about their password habits on social media sites and found that not enough people are taking their online security seriously enough.

Reusing your passwords

The survey found 67 per cent of participants have used the same password for multiple social media accounts. More than one in ten (12 per cent) use the same password for all of their online accounts.

One third of participants (31 per cent) have never changed their social media passwords.

It’s important to have different passwords for each online account. Hacks and leaks happen with increasing frequency. You don’t want to make it easy for crooks to access all of your online information and services at once. Often the recover settings for one account include verification of another. For example, if hackers have access to your principle email account, it can frequently be used to reset the credentials to other services.

Use separate, hard to guess passwords for each of your online accounts. The most secure passwords use a combination of uppercase and lowercase letters as well as numbers and special characters.

Writing passwords down

The more passwords we have to manage – and the more complicated those passwords are – can make it very difficult to remember all of them. So, a lot of folks are writing them down. This is especially true of people over 40 years old. Fifty-three per cent of people 40 and younger said that they memorize their passwords, while respondents over 40 were split between writing them down on a piece of paper (35 per cent) and memorization (32 per cent).

The team at NextAdvisor points out that written passwords are safe from remote hackers, but not from “any prying eyes in your home or office.” Consider the potential consequences of a lost or stolen briefcase than contains both your laptop and your notebook with passwords.

Many times at work I’ve seen people have their network password stuck on a Post It above their desk or even to their device itself. (Which, of course, completely negates the point of having a password in the first place.)

Sharing passwords

Roughly a quarter of respondents admitted to sharing their passwords with someone else. Twenty-four per cent of participants over 40 – and 26 per cent under 40 share their account credentials. A further 34 per cent said that they would be willing to share their passwords with a spouse, friend, or family member.

Most of the time, that could be fine. However, relationships change over time, and they don’t always end well. So, freely sharing your passwords could put your security at risk in the future, especially if you are one of the previously mentioned 31 per cent of us who never change their passwords.

Not using privacy settings for social media posts

Most social media sites allow users to control who can view their profiles and posts and to set the level of privacy for their online activities that they are comfortable with. However, not everyone does this.

Seventeen per cent of respondents 41 or older said they didn’t know how to check their privacy settings. (Only 6 per cent of younger users said the same.)

Many social media posts will embed your location by default as a part of your post. Do you really want to tell the whole world exactly where you are every time you share something online?

When NextAdvisor asked users whether they allow their location to be included in their social posts, 55 per cent said they never allow it, 33 per cent said they only allow it on private posts, 6 per cent indicated they always allow it, and a final 6 per cent said that they didn’t even realize that it was optional.

Another other potential problem with making all of your posts public is that there can be a great deal of personal information – details that can be used for identity theft – contained even in innocent-seeming, low-risk posts.

We reported earlier on how some seemingly fun posts, memes, and games on Facebook are actually used by identity thieves to hack your accounts.

Like this.

    Hey, here’s a cool little game to determine what your mobster name would be. Put you mother’s maiden name together with your favourite teacher and then your first pet. Hey, you’re Shaw Armstrong the Fish.

Fun, right? Now share it on your wall. Your mother’s maiden name. Your favourite teacher. Your first pet.

The trouble is that those three pieces of information you just published for the world to see are also among the most common security questions that many banks, service providers, and websites use as authentication when confirming your identity – or resetting your passwords.

Protect yourself online. Choose smart, impossible to guess passwords for your accounts, change them regularly and don’t reuse them between services, and keep the personal details that can put you at risk offline.

And don’t have a password Post-It note stuck to your computer. That’s roughly the same as writing your PIN number on the back of your bank card.

This is a test