What to do against identity theft in online services?

For many, it is an absolute horror: their social media account has been hacked and embarrassing or illegal content is posted and messages sent under their own name. More than half of young Internet users consider this form of identity theft to be one of the greatest dangers on the Internet (source: DIVSI U25 study). However, there are just a few simple measures you can take to protect yourself from unauthorized access to your account.

Use two-factor authentication.

Many social media services now offer two-factor authentication. This requires not only a password for logging in, but also a second device, usually a cell phone. After logging in with the user's name and password, a code is sent to the smartphone via SMS. Entering this code completes the log-in process. With two-factor authentication, the account is secure even if the password has been cracked. This is because it is unlikely that hackers will know the password and have access to the phone. Many popular services like Instagram or Snapchat offer two-factor authentication. However, you usually have to activate it afterwards via the account settings. At twofactorauth.org you can find an overview of all online services with two-factor authentication and links to the respective instructions.

Use an individual and strong password for each service.

Many Internet users use the same password for different services. This is convenient because you don't have to remember a different password for each account. However, this can be your undoing if there is a security hole in one of the services. Hackers who have captured or bought passwords usually try out these passwords with many different providers. Therefore, it is important to always use an individual password for each service. Those who cannot remember so many passwords can use a password manager. With this, you only have to remember one "master password" to open the list with all other passwords.

The individual passwords must also meet minimum standards so that they cannot be cracked with brute force attacks. They should be as long as possible, contain upper and lower case letters as well as numbers and special characters, and should not contain any words that appear in the dictionary. Basically, the longer the password, the more secure it is.

Do not store credentials on devices or in the browser.

Most devices or browsers offer the possibility to save access data and passwords. This way, you only have to enter everything once and can log in again and again with just a few clicks. This is convenient, but carries the risk that other people will have access to all accounts if the smartphone or computer falls into strange hands for some reason. It is safer to log in again for each new use.

Always log out after using the service.

It is convenient to simply stay logged into a service throughout. This way, you don't have to log in again before each use. However, if someone gains access to the device I am permanently logged in to, he or she can access my accounts without a password prompt. It is safer to always log out after each use of online services. Of course, this is especially true on devices that are used by several people, for example in an Internet café.

What can you do if it's already too late?

The online youth magazine of the consumer center in North Rhine-Westphalia provides a list of links that are useful if you need to block a hacked account with the respective provider. The Federal Office for Information Security also offers initial information and options for action in the event of an emergency on the page"Identity theft - helpfor thoseaffected".

Further information