How to defend against online attacks

Who I am
Lluis Enric Mayans
@lluisenricmayans
Author and references

The recent leak of personal information that affected over 533 million Facebook users has made the need to raise awareness among netizens about the use of best practices to protect online safety even more urgent. In fact, a single carelessness is enough to end up in the network of malicious people with sometimes disastrous consequences.


Protecting yourself on the internet is not an impossible task and indeed small tricks can literally make all the difference in the world.


Four simple and effective tips

There are four tips that cybersecurity experts most often give to ordinary users.

  • No passwords with personal data

Using passwords containing personal data is probably the most common mistake made when registering on an online platform. The need to remember our password in fact pushes us to use sequences of numbers and letters familiar to us, such as our date of birth, that of a family member, our telephone number. And how long do you think it can take for a hacker with a minimum of experience to find this information online? Really little.

  • Always use different passwords

Another tip is to use different passwords for different services. It may seem trivial, but in reality this is a practice that keeps you safe 90% of the time from large-scale cyber attacks. Most attacks of this type, in fact, arise from the violation of minor sites and services, which have less possibility of spending on security and protection of their IT infrastructure. When one of these sites is hacked, the data and passwords used by users are sold online to be used online by attackers interested in accessing databases, banking services, crypto wallets, etc. By using specific passwords for each service, life is more difficult for these bad guys.



  • Change your passwords cyclically

It should be common practice to cyclically change your passwords to access the services we use on the network. This would allow, even in the event of a breach, to mitigate the damage as a considerable amount of time usually passes between the breach itself and the sale of your data and password (see previous point). If you have changed your login details during this time, the violation will be ineffective for you.

  • Use 2FA services

More and more sites and online services offer the possibility of using 2FA systems, an acronym that stands for 2 Factors Authentications. Two-factor authentication (or multi-factor authentication) is an authentication method which is based on the joint use of two individual authentication methods, such as user ID and password combined with an OTP (One Time Password) i.e. a password that can be used only once and generated through a token.

Generally the OTP is sent directly via a text message to the user's phone number entered during registration, or it is generated by an app on the user's mobile phone (such as Google Authenticator or Authy) which generates unique codes every 30/60 seconds for each linked service. When the user tries to connect, a message is sent from the site or online service inviting them to enter their OTP, without which it is not possible to proceed with authentication.


Use a password manager

Of course, the advice we have provided has a cost in terms of time that cannot be neglected, not to mention that there are now dozens and dozens of services that a user accesses online, from Netflix to Facebook, from Amazon to Onedrive, passing through Gmail. and Dropbox, just to name a few; thinking about remembering dozens of different passwords for each of these services or changing them all regularly is practically impossible.


However, we are helped by a tool that, in our opinion, has become essential for anyone, regardless of the time they spend online: the password manager

A password manager or password manager, is a tool that allows you to securely record on your device or on the cloud, all the credentials you use every day in your digital world. You just need to remember a single password, that of access to the password manager service and then it will automatically manage the access credentials to your digital services, also generating new ones for each service and remembering them all for you.

Our pick: LastPass

There are dozens of password management services, some free and integrated for example in the Chrome browser, Safari or Edge, but as far as we are concerned, the one we have used with greater satisfaction is LastPass.

LastPass is probably the best and most complete password manager currently out there. The software, which is part of the LogMeIn company, not only allows you to securely manage your passwords, to generate unique passwords for each service, to regulate their complexity, length, and whether or not special characters, numbers, symbols are used. etc. but it also allows, in the premium version, to keep personal documents, such as health cards, Wifi passwords, or to alert the user in the event that the sensitive information of their accounts is violated and found on the dark web (Dark Web Monitoring).


The most interesting thing about LastPass is that being available as an extension for virtually all existing browsers, as well as for Android and iOS as an app, it makes it practically a breeze to access your services wherever you are and whatever device you have available. In the case of who writes to you, indeed, LastPass is the very first thing that is installed on a mobile phone, or on a new computer (yes, even before WinRar?).


Unfortunately, since the end of March, LastPass has limited only to premium users the ability to use the service on more than one device at the same time, aligning itself with the offer of other password managers. However, subscribing to a premium LastPass program, for about $ 3 a month (basically a breakfast at the bar) gives you access, as we have said, to a series of truly indispensable and indispensable features, such as the possibility of using the service without continuity solution on all connected devices. But not only.

Among the features of the LastPass premium service are for example the service One-To-Many Sharing, which allows you to securely share important access credentials such as passwords to a paid streaming service with multiple people, or the security dashboard which allows you to evaluate the security of your credentials, indicating those that should be modified and updated; the technical support via email and also the ability to add a control of advanced two-factor authenticationbased on fingerprint or USB device.

How safe are password managers?

Most password managers use Advanced Encryption Standard (AES) with randomly generated 256-bit keys. It is one of the most advanced cryptographic protocols currently available for the consumer sector and breaking them is almost impossible for even the most advanced hacker. In addition, most password managers encrypt their data locally, that is, before the information is entered on their servers, it is encrypted so that not even the company knows about your data.

Defending yourself online is a vital issue

Defending one's privacy but also the sensitive information that we share on the internet every day is today more than ever a vital issue. If the advice we gave you at the beginning of this article were followed by all internet users, it is estimated that 90% of the breaches that occurred in 2020 would never have happened (a recent Google report states that almost 70% of users recycle their passwords for all or most of the online services). Putting them into practice today is just a matter of desire and knowing how to use the right tools.

add a comment of How to defend against online attacks
Comment sent successfully! We will review it in the next few hours.