North­eastern Uni­ver­sity cyber­se­cu­rity expert Wil Robertson, an asso­ciate pro­fessor with joint appoint­ments in the Col­lege of Com­puter and Infor­ma­tion Sci­ence and the Col­lege of Engi­neering, offers some tips for Web users to ensure their pri­vate online data stays private.

1. Don’t share your passwords

Per­haps this is obvious, but because it hap­pens all the time it bears repeating: don’t share your pass­words! All of the per­sonal secu­rity tips in the world won’t help you if someone else has one of your pass­words and is able to imper­sonate you online. Per­haps you trust him, but are you sure you trust everyone he trusts? The point is that once you’ve dis­closed your pass­word, the sit­u­a­tion is no longer within your control.

2. Use strong passwords

A pass­word that is easily guess­able is not much better than nothing at all. Attackers expend con­sid­er­able effort to dis­cover new ways to make pass­word guessing more effi­cient, and so it pays off to select strong pass­words that are resis­tant to these efforts. So, make them long, and use a unique phrase instead of a single word if pos­sible. Include a few sym­bols or typos if pos­sible, just so long as your pass­word is still memorable.

3. Don’t use the same pass­word everywhere

It’s tempting to come up with a (hope­fully) strong pass­word, and then use the same one in mul­tiple places, like for log­ging into Twitter and into Gmail. But if your pass­word is broken or acci­den­tally dis­closed by one of these ser­vices, attackers can often go and try to use the pass­word at a number of other ser­vices with your public login infor­ma­tion, often an email address. So, use dif­ferent pass­words. That way, if one is broken, attackers won’t be able to com­pro­mise your other accounts and you can limit the damage.

4. Con­sider using a pass­word manager

It’s not easy to remember a large number of strong pass­words. The last time I counted, I had more than 300 accounts with dif­ferent ser­vices, and despite the value of the pre­vious tips, it’s dif­fi­cult to scale them to that many accounts. If you’re in a sim­ilar sit­u­a­tion, you might con­sider using a pass­word man­ager, such as Last­Pass or KeePass. The idea is to main­tain an encrypted data­base of your pass­words so that you only need to remember one: the master pass­word pro­tecting the data­base. They often have other ben­e­fits, such as gen­er­ating strong pass­words for you that respect pass­word poli­cies and inte­grate with your web browser.

5. Con­sider using two-​​factor authentication

A great way to pro­tect your infor­ma­tion is to take advan­tage of so-​​called two-​​factor authen­ti­ca­tion schemes when pos­sible. Google, Twitter, and Face­book all pro­vide these capa­bil­i­ties, where the idea is to require two pieces of infor­ma­tion as proof of iden­tity: your pass­word plus a chal­lenge and response via SMS, or a time-​​based code from your mobile phone, for instance. Requiring two fac­tors makes it far less likely that your account can be stolen, since, for the case above, an attacker would need to com­pro­mise both your pass­word and your mobile phone. Pass­word safety is an inte­gral part of pro­tecting your per­sonal infor­ma­tion. By fol­lowing the tips above, you’ll be ahead of the curve when it comes to staying safe online.