3 Stupid Mistakes That Leave Your Online Identity Vulnerable Even With VPN




20 years ago, the American alt rock band The Refreshments released their hit song Banditos. I love that song. I always get up to get down hard when they play it at nightclubs. It's catchy, fun, and very danceable


Another reason I love it is for one of its lyrics. You can probably guess which one I'm talking about. It's the line that goes, “Everybody knows that the world is full of stupid people.” Amen to that. There's just no arguing with that statement. The world is indeed crawling with people who are deeply stupid.


But even smart people make stupid mistakes. What makes me cringe though is when smart people make the same stupid mistakes over and over again. And there are three mistakes you're probably making right now, ones that leave your online identity vulnerable to attack. And the worst part is, you're vulnerable even if you're using a VPN service like Secure VPN.


Your Online Identity Can Still Be Vulnerable, Even With VPN


It's true that VPN is powerful tool that goes a long way towards keeping you safe online. But part of your safety depends on your own behavior, not just the technology you're using. No technology in the world, including VPN, is enough to keep you safe from these common mistakes you're probably making every day. VPN is not a “silver bullet” when it comes to protecting your online identity.


The 3 Stupid Mistakes That Are Leaving Your Online Identity Vulnerable


Okay, I'll quit teasing you. The three mistakes are interrelated, meaning they tend to compound each other, which makes your overall situation worse. They can lead to a huge security vulnerability that a VPN won't fix. The reason VPN doesn't help here is because all the mistakes involve signing up for or logging into online services. Examples include email, online banking, online shopping, online dating, social media – basically, anything you have to sign into to use. VPN keeps you protected outside those services, but it can't change unsecured information in your user profiles, including:


• WEAK PASSWORDS – This is easily the worst offender on the list. Most people use very weak passwords that are easily cracked. In fact, lots of people use the same weak password for their email, their Facebook account, their bank, and their Amazon profile. If you do this, it means that, in theory, anyone that cracked your password could compromise all your accounts. All they'd need in addition to your password is your email address. And they probably already have it. If you've ever received SPAM email, it means someone's already figured out your email address.


• Lots of services do have password requirement rules now. That means they require your password to include uppercase letters, numerals, and special characters like “$” or “~.” Even so, people still use variations of easily-guessed words like “p@ssW0rd,” or a “secure” rendition of their name like “J0hnSm1th123!.”


• The solution – Truly random, computer-generated passwords that cannot be guessed, because they're not a variation of actual words. My password for my business email account is 'decode' Good luck cracking that one, hackers!


• POOR PASSWORD MANAGEMENT – Lots of people keep their passwords on sticky notes, in text documents, or in emails sitting in their Inbox. My dad keeps all his passwords in a Microsoft Word document, which drives me crazy. Not only is the document itself not secure (because it's unencrypted), he can never find the password he needs because he's got like 80 passwords in there. That's how mistake number two derives from mistake number one. You can't create or remember truly random passwords in your head, and you can't properly secure your passwords unless they're all in one place.


• The solution – Use password management software. I started doing this about four years ago, and it's awesome. Not only are all my passwords as secure as I can possibly make them, I also don't have to remember anything except the master password for the software itself. And I change that one regularly.


• There are several excellent ones that are free to use. A good example is KeePass for Windows and KeePassX for Mac.


• TRACEABLE EMAIL ADDRESSES – This stupid mistake doesn't usually cause nearly as many problems as the first two. Here's what I mean by a traceable email address: it's an address that includes your real name and is generally linked to your phone number. All major email platforms like Gmail, Yahoo, Apple, and Microsoft require some sort of verification, usually via text message, which means you have to give them your phone number. Any online service that has your phone number knows who and where you are.


• And a VPN doesn't help this situation much, either. Even if you sign up while using VPN, you'll still have to provide a phone number. I suppose you could get around the phone verification issue by using a disposable phone or giving them a friend's phone number instead of yours. Even then, email providers also check your IP address when you log in. If it doesn't match their records (and it won't when you're on VPN), they'll often make you verify your identity by, you guessed it, sending you a text message containing a verification code.


• Most of the time, it's fine, even preferable, to use regular email addresses that are linked to your true identity. You want your bank to know who you are. You want Amazon to know who you are. You want Facebook, Twitter, and your mobile apps to know your real identity.


• But sometimes, it's a huge liability to provide a service with your real email address. A great example is the recent hack of extramarital dating website Ashley Madison. It was a complete disaster for AM users who had their real names and email addresses exposed to the entire world. Lots of companies also cashed in on the hack by making the exposed data searchable. Can you guess what the main search parameter was? Yup, it was by email address. I bet all those people who signed up with AM using their real, traceable email addresses felt incredibly stupid while their spouses divorced them and they got fired from their jobs.


• The solution – Whenever you sign up for a service that you really, really don't want anyone knowing about, never use a traceable email address. VPN will not protect you against unsecured information that you give to third-party services. If you need to keep something secret, use a disposable, anonymous mail address. Ones I've used include Throw Away Mail and 10 Minute Mail. They're really only good for signing up and verifying your email address; you can't use them later to retrieve your user name or change your password. But if you have good password management software, this shouldn't be much of a problem.


These three stupid mistakes that leave your online identity vulnerable, even with a VPN, have happened to all of us. The point to remember is that VPN alone is not sufficient to protect you; you also need to develop good data management practices along with the use of security technology.