As we all carry out more of our day-to-day transactions online and access the internet through a wider range of devices, we're opening ourselves up to greater potential risk.
Add in the constant battle of security providers to stay ahead of hackers and malware writers and it's easy to doubt if you can ever stay truly safe online. Joe Siegrist, CEO of password management specialist LastPass, thinks that although it's not 100 per cent possible to hack-proof yourself, you can significantly reduce your risk, and we spoke to him to find out how.
Q: What do you think is the greatest threat facing people online?
Joe Siegrist: The greatest online threat to consumers is identity theft and exposure of sensitive data caused by password reuse, as well as unnecessary data collection. You would never use the same key for all your locks, so why do consumers use the same password for all of their online logins?
Q: Do we rely too heavily on security products to protect ourselves and, perhaps, suspend our common sense as a result?
JS: At times, yes. The security of most companies relies heavily on knowing what your high school mascot is. That isn't security at all. Not practising client-side encryption and giving companies the keys to encrypt your data places all trust in these companies to do the right thing - which, unfortunately, they don't usually do. LastPass doesn't have your encryption key - we have a zero-knowledge approach to our product.
Q: We all have to remember lots of passwords for our everyday lives. Isn’t it reasonable to reuse the same one for less important sites?
JS: No! Invariably you will use it on sites that expose large amounts of data about you. For example, sites like Amazon or Yahoo would expose your name, address, credit card, etc to the company. Using a tiered approach to password management and using easy passwords will always fail and expose your data. Studies have proven that our human-generated password "tricks" and "systems" are not nearly strong enough.
Q: What should you check before handing over your payment details to a website?
JS: Make sure this is a company you've heard of before and have dealt with in the real world. And make sure the URL is an 'https://' secured connection.
Q: Does using mobile devices like smartphones and tablets to access the web present greater levels of risk and what can you do to guard against this?
JS: It's actually quite the opposite. Phones are more likely to be locked down in sandboxed environments.
Q: What would you say to a complete newcomer starting to use the internet for the first time?
JS: Make sure you start with well-known, reputable sites. Don't download anything you're unsure of. Keep your browser and anti-spyware program up to date. Learn about the various scams and ways people can trick you into giving away your passwords like running security scans that install malware. Until you understand fully how people can take advantage of your online data, stay on the beaten path and use a password manager. Passwords you don't know can't be phished.
Q: Are we kidding ourselves if we think we can ever be truly secure online?
JS: Without client-side encryption, we can never be sure if we're secure online. If there are ways for companies to access your data, you can never be sure that they aren't revealing it to someone else.