Some Common Steps to Online Security

Note: This article was published previously on the Genealogy’s Star blog site.

 

Security is one of the major concerns of the day. You can regularly read about huge websites and databases being hacked and the information stored compromised. Security on your computer or your smartphone should be as automatic as locking your door at night (or during the day depending on where you live) and routinely locking your car unless you live in San Francisco and leave it unlocked and empty to avoid a broken window. Even genealogists need to be aware of the security of our data.

The first and most common issue is logins and passwords. Basic security mandates logins and passwords that have enough characters (letters, numbers, and other symbols) to be harder to sign in (weak vs. strong). In addition, each password should be unique. It is not a good idea to reuse a password. Most of us have a place we keep our passwords. That place should be secure and subject to password protection also. If you have them on a piece of paper, make sure the location of the list is secure.

One way to create a strong password is to use a combination of words, numbers and symbols. For example: this is a strong password “ElephantMachineDoctor34!!” assuming it does not exceed the number of characters mandated by the website or program you are entering. Random letter, number, and symbol passwords are extremely hard to remember and difficult to type correctly. Although the password generated by the websites or programs are strong, they are also random and arbitrary.

The next level of security concern is when you are using a computer in a library, FamilySearch Center, or some other publicly accessible place. Depending on the facility where the computer is located, unless you log out of any programs you use, the computer may remember the login and password and allow any random person who uses the computer have access after you leave. For example here in the BYU Library Family History Center, if you login to websites and programs, some of the websites and programs will keep you logged in even if you log out of the main BYU access program. In the case of the university, all the computers are supposed to be wiped clean every night but we still find absent people signed in on a regular basis.

Email addresses are not intended to be secure. One obvious reason is that your email address will likely be used as your login although sometimes the website will send you an email to verify that it is your email address. It is a good idea to have one email address for day-to-day use and another used for signing into secure websites. You can have several different email logins but using more than one or two for routine email become complicated. The multiple emails can cause problems when they are used as the login for a website and then forgotten. You may have to log into the website and the website will send a key for logging in to your old email address and if this happens to be the one you have forgotten or closed, you may go through a complex issue with the website before being admitted.

If you forgotten your login or password, most websites and programs have a way to restore the password or have create a new one. Always remember to immediately write down the new password. If you are like me, I would forget what I used almost as soon as I was through logging in.

An unrelated issue is maintaining the security of your computer, smartphone, or other device. Pinning your passwords on a stick it note is not a good idea unless you take another step and encode all your pass words. Your code could be quite simple: 3456Missippi23!!! could be shown on your password list as 34M2!!! and you could then have created a system that only you know about that lets you know that 34 is 3456, M is Mississippi, and 2!!! is really 23!!!.

There are many more security concerns. Phishing is one issue that is becoming endemic. Phishing involves send a legitimate looking email requesting some personal information. Phishing is not limited to email,  it is also becoming common with text messages and phone calls. If you get an unfamiliar email, text, or phone call make sure that you do not open the email or text and do not answer the phone call even to tell the person on the line to hang up. You should have a working voice mail if you are concerned about having phone calls from a sizable group of people. Let the phone call go to voice mail and if it turns out to be a legitimate phone call, text or email, you can either call the person back or contact them in some other way. Legitimate contacts will leave a voice mail or call you more directly so you know who is calling.

Genealogical information is usually not private and since it found in available historical records, the information is not something that people who are trying to gather personal information to sell or use for criminal purposes. One exception is the common banking “secure” question that is the maiden name of your grandmother or some other relative. People like me have multiple family trees on various websites and almost all my family trees are open to the public and contain the maiden name of my grandmother (or some other person). Apparently banks do not know about online family trees.

Another issue happens when a website you are using is hacked. You might get a notice to change your login and/or password. Do it the minute the procedure is available. On the other hand, if you are not really using the website it is a good idea to sign out, if you can, and take the program off your computer or stop using the website. But don’t use the old password.

This subject could go on for volumes with examples of dangerous behaviors. But the basic idea here is to be aware of the need for security and learn about the ways your security can be increased.

James Tanner