I work in an industry where information is EVERYTHING. A lot of tech companies handle sensitive data, whether that’s personal information, proprietary client data, or financial records. A leak of that data can easily spell death for a company. Consequently, security is one thing that tech companies do not (and should not) mess around with.

I want to share some of the basic tools and concepts that go into good security protocols based on my experience in tech so far. These can go a long way towards your online business, as well as your personal computer security.

Lastpass

Imagine this: If you had $1,000,000 in gold, you’d probably want to keep it locked up in a safe somewhere, where only you had the key.

Where do you keep that key? Do you keep it on your person? What if you have multiple safes? Do you hold on to all those keys?

Here’s another idea: why not store those keys in their own safe? That way, you only need to hold onto one key. Now imagine that instead of keys, you’re storing passwords. That’s exactly what Lastpass does.

Lastpass is a password vault. It’s a place to save login information for pretty much any website on which you have an account, such as social media or banking. It then stores those logins behind some pretty strong encryption (an algorithm called AES-256). As such, even Lastpass can’t access your passwords.

While it’s not the only password vault out there, it’s the one I use personally.

There’s an extension for Google Chrome that will also enable you to autofill the saved passwords whenever you log into any site. This provides a few benefits:

1. You only need to remember one password, instead of 100. This makes it easier to not repeat passwords across websites, which is a big security risk.

2. Because you don’t need to remember 100 different passwords, you can make the passwords to those sites as elaborate and secure as possible. A bad password can be cracked immediately; a good password can take thousands of years to crack. Lastpass even has a tool to generate secure passwords, which you can then save in Lastpass.

No more using your dog’s name (or godforbid, “password”) as a password.

Two-Factor Authentication

Let’s assume that a hacker managed to get their hands on the passwords to your online bank accounts. Somehow, that’s not enough to get into your accounts. A code gets texted your phone, and that code is needed in order to fully log in. This is called Two-Factor Authentication (2FA).

A text to your phone is just one option for 2FA. Other common options are an authenticator app, or a Yubikey. In the former, the code is generated by an app that’s linked to the website, and that code refreshes every minute or so. Google Authenticator is one option for this. The latter is a physical key that is plugged into your computer. Press the button on the side, and it’ll complete the login process for you.

Some online services, such as banking, might require 2FA for your account. Most websites that support it will make it optional. I recommend that you turn it on if it’s optional.

Single Sign-on

Have you ever been to a random website that lets you sign in with your Google or Facebook account? That’s a feature called Single Sign-on (SSO).

This saves the trouble of needing to create a new password for every random site. Similar to Lastpass, you would only need to remember 1 set of login credentials.

The main advantage of this is that you don’t need to create a password for every new site. So if medium.com gets hacked, it doesn’t compromise any of your passwords.

On the flipside, it creates a single point of failure. If your SSO login is compromised, then all accounts using that SSO are also compromised. So you’d be placing a lot of trust in the security of your SSO provider.

Fortunately, Google supposedly has one of the best security teams in the world.

Parting thoughts

Virtually everything in cybersecurity is built around encryption. It’s a fascinating topic, and one that I still have a LOT to learn about.

Just for reference, some encryption algorithms are so strong, that it would take 300 trillion years to crack it without the key. That’s 21000x the estimated age of the universe.

Edit 12/23/2022: Lastpass had a major security incident where hackers were able to access encrypted user vaults. This means that if hackers can figure out your master password, then they can access ALL of your stored passwords. I will be migrating away from Lastpass as a result.