Job searches have become a lot more complicated in recent years, and those changes have created their own new problems. Applying to a position often involves using a company’s specific application portal and that means – you guessed it – a new login and password for every. dang. application.
Data breaches have become frighteningly commonplace, impacting millions (and even billions) of users just like you and I. Job-seekers – moreso than the average user – are asked to provide a wide array of personal information as part of the application process, and across a lot of websites. Personally, I’m well over 100 – many of which I will probably never use again. Each of them has – at least – my name, email address, phone number, and details about my personal work and education history.
But even if I never use them again, those applicant portals still have my information. Simply because of the sheer number of websites that a job applicant ends up using, there’s a higher chance that your information will end up in a data breach.
You cannot control the security measures of every company you apply to, but you can definitely do several things in order to keep your digital life more secure.
- Use two-factor authentication whenever possible. That means that the website also uses something else – a code generator, an email address, or a phone number – to verify a login in addition to a password. There’s an up-to-date list of websites that provide two-factor authentication at https://2fa.directory/us/.
- If possible, use a secondary phone number (such as a Skype or Google Voice number) and create a new email address that simply forwards all of your email to your main e-mail address. (Here’s how to do that with GMail and Outlook, for example.) That way, if your data gets exposed at the employer’s end, it will be a little harder for attackers to pretend to be you with the information they have.
- Use a password manager! I use the KeePass family of programs, and use a cloud provider to synchronize the password database between my laptop, home computer, phone, and tablet. While the original setup takes a little bit of elbow grease, it’s possible to do for free (or VERY low cost), and I walk you through how to do it in this post. I’ve been using this setup for over a decade, and it works great.
- Use the “note” field in your password manager to make up absolutely fake “recovery verification data”. That’s things like “Mother’s Maiden Name”[1] or “Favorite Food” or other personal information that the website intends to use if you try to recover your password. Many of those questions are things that can be found out about you anymore. So instead of putting real information there, put something completely nonsensical. In the example below, I listed my “favorite food” as “StuffedDog” and my elementary school as “Fried Zucchini” – things that are absolutely not true. Since that information is stored in your password manager, it’s right there with your password, and safely encrypted and unguessable.
There is no way to ensure that your data is 100% safe on every platform and website. But if you don’t take these simple (and mostly free) measures, you’re effectively leaving the doors to your digital "home" unlocked and wide open.
Featured Photo by Clint Patterson on Unsplash
[1] Which, BTW, is kinda sexist and heteronormative.