One big mistake you’re making signing into apps and websites
By JAMES GELINAS
When we’re on the internet, we rely on unique user accounts to access digital goods and services. It’s how all these companies and platforms identify us, and how we personalize our accounts. But most accounts are not secure.
Security options like passwords and usernames are becoming obsolete, and some of the proposed solutions aren’t all that much stronger in the face of crafty cybercriminals.
Beyond hackers and cybercriminals, our worst security enemies are actually ourselves. Out of laziness, we’ll resort to login techniques that expose us to hacks, account theft and worse. Fortunately, there are ways to sign in that are far more secure — but you have to know what you’re doing.
The dangers of data sharing
Have you ever tried to sign up for a service or app and there’s a button that says, “Log in with your Facebook account?” Services such as Airbnb, Spotify and Tinder all give the option, but what does it mean for your security?
Yes, it certainly is convenient to sign up for a service using an existing Facebook or Google account. Doing this auto-fills your information, adds your profile picture and sets you up with a single tap.
But logging in via Facebook or email exposes the data contained within your accounts. You already know Facebook’s business model is predicated on selling your data to the highest bidder. Why would that logic suddenly end when it comes to account sharing?
Sure enough, platforms like Facebook provide all your profile information and more to the services you sign up for when you choose their login option. For example, Spotify users are served targeted advertisements that relate to browsing and “like” history. It’s all part of the deals these companies made with one another.
Some platforms even include tracking scripts that keep tabs on your activity on the websites you sign in to. Would you feel comfortable with Facebook knowing your dating tastes on Tinder? That’s gonna be a “no” from us.
Aside from shady data-sharing practices, signing in with an existing account has security problems of its own. If a hacker somehow gets ahold of your Google account, he or she will then own the keys to the kingdom for all your related accounts.
This is doubly dangerous when the platforms you sign in to are small or insufficiently protected against hackers. A small e-commerce platform that lets you log in with Google can get hit with a cyberattack, exposing your much more secure Google account to the highest bidders on the Dark Web.
What are the right options for safe sign ins?
There isn’t any one right way to sign up for a service, but what you can do is create stronger accounts that will stand up against hackers and protect your privacy. By creating a new account without any private information in it, you can start on a new service as a clean slate of data that can’t be bought or easily sold.
That means taking steps such as creating a separate email address that will handle all or some of your service accounts. This email profile shouldn’t include too much personal information. Use your initial instead of your last name and don’t include your street address in your profile.
Your account should also be protected with as strong of a password as possible.
But which service is best for secure accounts? Gmail, despite our warnings about Google accounts, is actually perfectly safe and secure — provided you don’t “log in with Google” when prompted. Your email address should be just that: an email address. It should be used only as a username to sign in with.
Of course, if you want to avoid Google when creating a secure account, there are several excellent options that will give you more anonymity.
How do I keep my new accounts safe?
Once you’ve set up secure accounts, you’ll want to take the next step to keep them safe from hackers. As we’ve discussed, passwords are quickly becoming obsolete, and even the most complicated password (though necessary) can be cracked by a determined enough hacker.
That’s where two-factor authentication (2FA) comes in. Setting this up will add an additional layer of security to your account by requiring you to use your phone to verify your identity. Since a hacker won’t have access to your phone, the feature adds a major obstacle toward those hoping to compromise your account.
Every email service will have different methods to set up 2FA, but since Gmail is the most commonly used, we’ll show you how to turn it on there.
To begin, Google has a specific page here where you can activate two-factor authentication. Open the link, sign in with your new Gmail account and tap Get Started. You might be asked to sign in again after this step. Add your country from the drop-down menu and enter your phone number in the field that appears.
From here, you’ll be able to choose whether you want a verification text message or phone call. Tap Next, and you’ll have your authentication sent to your phone. Enter the code you receive and tap Next. Once Google has verified your code, tap Turn On to enable the service on your account.
2FA is useful because it effectively makes all of your logins far more secure than they’d be without it. It’s useful to set up with every service and platform that gives you the option.
Accounts like Facebook, which contain personal information, or your Dropbox containing important files would be well served by adding 2FA. And of course, bank accounts and any financial services would benefit too.
Bonus: What about ‘Sign in with Apple?’ The company claims it’s much more secure. Is it really?
Apple made headlines when it announced a new service for its users called “Sign in with Apple.” Much like signing in with a Facebook or Google account, Sign in with Apple uses your Apple ID in place of a login for various platforms and services.
Unlike Google and Facebook, Apple has security on the mind. Sign in with Apple features end-to-end encryption to protect your logins and doesn’t even associate your account with any logins you set up. Instead, it uses one-time keys generated when you sign in to a website.
It’s based on biometric data via FaceID or Touch ID as well, so hackers may have a hard time getting in without your face or finger.
This is smart for several reasons, most notably the fact that even if a hacker somehow cracked your login, they wouldn’t learn anything about you. Sign in with Apple even creates alternate email addresses for the services you sign up for, so you don’t have to worry about hiding your email either.
This service effectively makes Apple a middleman between you and the service you sign up for. The only parties exchanging information are you and Apple. Whether that’s something you’re comfortable with is a personal decision, but Apple doesn’t appear to be selling user data for profit like Facebook.
How can I set up Sign in with Apple?
To get started, make sure you’re signed in with your Apple ID on your device. Sign in with Apple only works on Apple branded devices like iPhone and Mac. You’ll also need to be updated to iOS 13, iPadOS or MacOS Catalina.
1.Tap the Sign in with Apple button on the participating app or website.
2.If the app or site has not requested any information to set up your account, check that your Apple ID is correct and go to Step 4.
3.If you’re asked to provide your name and email address, Sign in with Apple automatically fills in the information from your Apple ID. You can edit your name if you like and choose Share My Email or Hide My Email.
4.Tap Continue and confirm with a quick Face ID, Touch ID or device passcode to sign in. If you don’t have Face ID, Touch ID or a passcode set up, enter your Apple ID password.
For more detailed step-by-step instructions.