Make my online accounts secure
Good online services take the hassle out of the most mundane chores and make sharing things and connecting with others a pleasure. We expect easy and entertaining online experiences, and that's usually what we get. However, you shouldn't take it on trust that all your services are giving you the level of security you need. The safety of your online accounts is ultimately up to you.
Here’s how to stop someone stealing your data and identity.
At a glance
Create a different, strong password for every account
Use two-step login verification
Change the default security settings to the level you need
Single Sign-On
Your Oxford Single Sign-On (SSO) account lets you access multiple services, including all University resources provided by IT Services and much more, via one handy login. It's your keys to the kingdom, if you will. Being able to access so much useful stuff through one single account makes your online life with the University a whole lot easier. On the flip-side, it's the kind of one-stop-shop account that hackers love and you need to guard it with all the security at your disposal.
Below are some simple Dos and Don’ts for keeping your University accounts secure:
Do
- Follow our advice for creating strong and unique passwords
- Watch out for phishing scams
- Delegate access to your account if others need access
- Keep your computers and mobile devices secure
- Keep an eye on your account for any suspicious activity (e.g. rules set up to delete sent items from your email account)
Don't
- Give your password to anyone else
- Use your University accounts on untrusted public machines. If you have to do this out of necessity, change your password from a trusted machine at the earliest possible convenience
The main ways accounts get hacked
To gain access to your accounts, hackers mostly rely on:
- Keylogger "malware" – malicious software that finds its way on to your computer and logs every keystroke you make
- Leaked passwords – many online providers are not very good at keeping their clients' account details safe
- Phishing scams – typically a fraudulent email or social media post that tricks you into parting with your password
- Harvesting information from your public profile that could help them get past security questions and into your account
How to make your online accounts more secure
The protection provided by online service providers is extremely variable, so you should make it your business to put in place the account security you need.
Create different and strong passwords for every account. Criminals can access whole databases of leaked or stolen passwords on the internet. If yours is on one of them, they could use it to try and gain access to every account you have.
Use two-step login verification to add an extra layer of security to your accounts. Each time you log in, the service will send a code to your phone via an app or SMS that's needed to complete the process. This means no one can access your account without having your phone, too.
Set up account recovery options, so that if you forget your password or lose your device, you have another means of getting into your account. Google, for example, offers to help you recover your account via your phone, an alternative email address and security question, and pre-printed codes.
Set strong answers to security questions. These are often incredibly weak – things like "Where were you born?" and "What high school did you go to?" – just the kind of information a standard social media profile makes widely available. Pick questions that can't be easily guessed.
Check your account for unusual activity (for example, if someone has attempted to log in from an unknown location). Many service providers have functionality to let you check for this (Dropbox, for example). Good providers may let you know by phone or email (but fraudsters may also imitate this tactic, so follow our phishing advice before responding).
Install the latest security updates and patches to keep your computer and browser up-to-date and virus-free.
Only use trusted devices to access your accounts (in other words, your own), and never log in to critical accounts such as online banking from public computers. You simply don't know what nasty spyware could be lurking on them.