Step up your online security smarts

We're continually told to lock down our digital lives. It's time we start listening.

Another day, another headline about data spilled all over the Internet.

Hollywood stars like Jennifer Lawrence may be the more common targets of hackers, but it doesn't hurt to beef up your online security. As more of our digital lives exist in the cloud, we should take a few minutes to think about it.

How tight you lock down depends on your patience.

"It's security versus complexity," said Derek Meister, an agent with Best Buy's Geek Squad. "How complicated do you want to make that door lock before it becomes a pain for you to go through the door each day?"

Here's a look at some options.

No one is pretending it's easy to come up with and remember passwords. But it is the most basic step to online security. You're already a step ahead of the crowd if you've got something more complex than "123456" (more common than you'd think) and different passwords for different sites. Experts suggest taking a phrase known only to you and adapting it. For instance: "There was a family of five rabbits living under the porch" could be "Twafo5rlutp."

Don't want to remember them all? There are apps — LastPass, 1Password, Dashlane, oneSafe and KeePass — that will help you generate complex passwords and then remember them.

When you forget a password, you're often asked to answer a "security question" to retrieve it. But beware the obvious answer. Mom's maiden name? Favorite color? There's a good chance a thief would only need to go as far as Facebook to guess those answers.

"You want to make sure that the security questions are not things that can be easily found out about you," Meister said.

If you want to take it a step further, use false answers. The name of the street you grew up on? Spaghetti and meatballs.

This increasingly popular form of online security calls for "one thing you know and one thing you have," said Meister. Let's say you want to access your Gmail account after enabling two-factor authentication. Enter your password, and then Google sends a code to your smartphone. Enter that code as well, and you're in. The second step is often necessary only when you log into a site for the first time from a new computer or device, so the inconvenience is minimal.

Two-factor authentication isn't offered for all online services, but big ones, including Google, Apple, Facebook and Twitter do give users the option. For a more complete list of sites that offer two-factor authentication (plus links to tutorials) go here: evanhahn.com/2fa/

If the first three suggestions are about keeping hackers from gaining access to your accounts, encryption is about making your data unreadable. With SpiderOak, an alternative to DropBox, the only key to unlock your files is on your local computer. "That way, even if somebody did break into your account somehow, or somebody at the service decided to take a peek, it's just garbled data to them," Meister said. The trade-off is convenience. Not all apps or websites offer encryption — and it can be an extra step if they do. Plus, if you forget the password for decrypting your data, you're often out of luck.

Katie Humphrey • 612-673-4758