After several massive data breaches that contained lots of my personal info, and so-so attempts to protect my online self, I decided to further strengthen my digital security. Some of the things I’ve implemented, or typically do by default:
- Set a fraud alert with the major credit bureaus; considering a credit freeze.
- Started using a password manager (local, with multiple backups) on desktop and Android
- Improved complexity of existing passwords/passphrases where needed
- Created multiple email aliases to compartmentalize different types of logins (financial, commercial, medical, etc.)
- Adjusted security details, notification delivery methods, and alerts in online accounts
- Subscribed to a service to remove my info from data broker sites/people lookup sites
- Installed an open-source authenticator app for Android
- Will port my mobile number to a different carrier, one which supports use of authentication apps
Obstacles I’ve come up against:
- Many sites and services don’t support more advanced means of authentication.
- My financial providers use only specific commercial authentication apps, and I want FOSS.
Given how a stolen mobile phone number is like a skeleton key that unlocks every one of your accounts to hackers (thieves or spies), I’ve also considered changing my number, but that’s only good until the next breach happens.
I’m thinking about setting up a cheap VOIP/SIP number with SMS capability to use exclusively for “SMS-mandatory” authentications. The advantage, besides ultra-low expense, would be that I could easily change phone numbers in the event of a compromise, and not have to go through the trouble of getting a new SIM, or having to notify family and friends.
There are also “burner number/2nd number” mobile apps available, but at higher recurring cost (and with questionable data sharing practices).
I’m not sure if a security token device is something I want to bother with. I would probably lose it or forget to carry it at inopportune times.
Anybody have other recommendations, or personal lessons from having been hacked/hijacked?