5 Steps To Make Yourself Unhackable

Photographed by Nina Westervelt.
Having your personal life exposed online, your email transformed into a spam-producing monster — it's a situation none of us wants to find themselves in. Fortunately, there are things you can do to mitigate your chances of getting hacked.

Based on a recent Intel study, there are five habits you can follow that will help make you virtually unhackable. In the case of a widespread password leak, you'll have extra precautions in place that should prevent third parties from gaining access to your accounts. And, in the case of less sophisticated phishing-style attacks, well, you're wise to that. 95% of hacks aren't genius, masterminded endeavors: They're the result of human error. This is good news, because it means you can prevent them from happening.

It really doesn't take that much work, either: Just a little more thinking before you click and a few settings tweaks in applications like your email. Read on to find out how you can make yourself impervious to the Internet's worst.
1 of 5
Photo: Courtesy Google.
Step 1: Don't Click Just Anything
Alright, you know not to click that sketchy link to transfer bank funds to a Nigerian prince fighting for family justice, but email link bait has gotten a lot more sophisticated since 1998. If a friend's account has been compromised, "Check out this cool website!" might not be so cool. And corporate email addresses are frequently targeted with well-masked attempts to get your login information.

Think before you click any link you're sent via email (or text for that matter). If you're not sure if something is legit, don't click. Forward it to your IT department, if applicable.
2 of 5
Photo: Courtesy EFF.org.
Step 2: Use HTTPS As Often As Possible
You're used to seeing the "http://" before websites. It's a protocol that defines how data is sent to your browser. Today, many sites have switched to a more secure, and often faster, version: HTTPS. HTTPS encrypts the data sent between you and a website to prevent "man-in-the-middle" attacks — hacks where someone intercepts your connection and can gain access to the information you're transmitting, such as passwords or credit card credentials. Many sites have started defaulting to HTTPS, so if you're entering sensitive information, double-check the URL to make sure it's being sent over HTTPS rather than just plain HTTP.

If you don't want to have to think about it, you can use a service like the Electronic Frontier Foundation's HTTPS Everywhere extension, which cleverly forces sites to load as HTTPS.
3 of 5
Photo: Courtesy 1Password.
Step 3: Secure, Managed Passwords
Traditional alphanumeric passwords are inherently flawed — with brute force or social engineering, they can be beaten (even if we added emoji to the mix). But, using a crazy complicated password like "i8^^Mq@rGB*ucQd" is better than nothing, since it a) Doesn't tie back to personal information like your birthdate and b) Isn't a simple 1234-type code that can be easily guessed. The problem with a randomized, complicated password? It's hard to come up with them — and even harder to remember them!

To that end, use a password manager like 1Password. For a small fee ($5 for the mobile app and $50 for the desktop counterpart), it comes up with long, randomized passwords for all the services in your life, keeps track of them, and lets you login with one master password that you have to remember instead.
4 of 5
Photo: Courtesy Apple.
Step 4: Two-Factor Authentication
One of the best safeguards against being hacked? Two-factor authentication. Here's how it works: Instead of just entering your password to log into your email, for example, you have to enter your password and a second code that is sent to your phone. If the person entering the correct password doesn't also have your phone in their hand... They're not getting in. And if someone has successfully hacked your password, you know immediately, and can change it.

Logging into any site with two-factor authentication takes roughly 10 to 30 seconds more than it otherwise would, but that momentary inconvenience is so worth it for the peace of mind of knowing your account is extra secure.

You can setup two-step authentication for Google accounts here, for your Apple ID here, for Facebook here, for Twitter here, and for Dropbox here. Whew! You can also use a third-party app to generate codes and manage all this two-factoring, rather than having a text sent to your phone each time you want to login to one of these services (which can get kind of overwhelming).
5 of 5
Photo: Courtesy Private Internet Access.
Step 5: Use A VPN In Certain Situations
If you're all set on steps one through four, you're doing good. But whenever you're on a public WiFi network, such as when you're working from a coffee shop, traveling, or using open WiFi at a conference, your Internet activity is at risk of being intercepted. Use a virtual private network (VPN) to protect your activity. Rather than your data being sent back and forth along with every one else who's connected to that WiFi network, when you use a VPN, it's like you've got a private, one-to-one connection. If you use a VPN for work, it's as if you're logging in from your office, rather than from a public network.

VPNs are also useful if you're traveling abroad to places that limit web access — again, it's as if you're logging in from home, or the office, rather than that country.

Your company may have its own VPN service, but if not (or if you just want to browse securely), you can download one yourself.

If you follow all of these steps, congratulations, ain't nobody hacking into your business.