It’s more important than ever to make sure you’re using strong, unique passwords. Passwords are one of your main defenses against computer viruses, account hijacking, and other Internet threats.
No doubt you’ve heard the many news stories of tech companies who have lost customer data. Some of these incidents were caused by hackers, others may have been the result of inadequate security. Worse, data breaches from years ago continue to have repercussions in the present. While passwords aren’t perfect, they remain the primary means of securing Internet accounts. Therefore, it’s in your best interests to do what you can to use the strongest passwords possible.
How Weak Passwords Wreak Havoc on Consumers
Many people say to me, “I don’t need a secure password. I don’t have anything sensitive on my computer, so I don’t care if a hacker gets in or if my data gets out.” You, my friends, are a hacker’s dream. Because it’s not necessarily your personal information they want, although they’ll happily steal your credit card info if they can. No, what they really want is control of your computer, your email address, your Facebook page… anything and everything. Selling account details can be a lucrative business. Don’t let complacency make you a target.
Why Re-Using Passwords Is So Risky
Would you leave your front door key in the lock with a sign that says, “Thieves, come on in?” Of course not. Similarly, one of the best ways you can reduce your risks is to stop re-using your passwords. Password managers make creating lengthy, random passwords a snap.
How To Create Strong, Unique Passwords
Your passwords should be:
- As long as possible
Long gone are the days when we could get away with a six-character password with a single number or symbol. Use a password that’s as long as possible. Think passphrase rather than password. The longer and more complex a password is, the less likely it can be cracked. A few sites may not let you use longer passwords, but try to use the longest password you can.
- Not in use on any other system
Again, this is one of the biggest no-nos in the password rulebook. When hackers nab passwords, they use automated software to try the same account/password combinations on popular sites like Google, Facebook, Twitter. If you’re using the same password you just let them in. Never use the same password anywhere.
- Changed regularly
Yes, you have to change your passwords. And yes, they still have to be different everywhere. Use a password management tool if you need help keeping track of everything.
- A mix of upper- and lowercase letters, numbers, and symbols
Some systems won’t allow you to use a range of characters in your password, in which case I suggest you reconsider using that site. Do you really trust someone who isn’t going to allow you to secure your account properly? Makes you wonder how secure everything else on the site is.
- Not common words or proper nouns found in a dictionary
Here’s a list of the worst passwords of 2018. Guess what the top choices are? Yep, it’s still “password” and “123456.” If your passwords are on this list, change them immediately.
- Not the names of your spouse, kids, pets, or other personally identifying information
Don’t create passwords out of information that can be gleaned about you. Along the same lines, don’t share information that can be used to guess security questions. For example, if you have pictures of your dog Fido on Facebook, and you also answer your bank’s security question “What’s your dog’s name?” with “Fido,” guess what? You have just given a hacker potential access to your bank account. Nobody ever said you had to be truthful when answering security questions. All that matters is that you know the answer. If your dog’s name is Fido, say Spot instead.
- Use two-factor authentication
Two-factor authentication (2FA), sometimes known as two-step verification (2SV), uses a password plus another unique identifier, like a passcode messaged to your phone or sent to an authentication app. This is safer than a password alone because the second identifier is constantly changing, making it harder to break into your account. If a site offers 2FA, you should consider using it. However, 2FA does not make a weak password safe. Your best bet is 2FA plus an excellent password. As with a password manager’s master password, you need to make absolutely sure you have copies of your 2FA backup codes, because that’s what’s going to get you into your account if you have trouble. There are a few caveats about using SMS (texts to your phone) versus authenticator apps like Google Authenticator and Authy, so be sure to research the site you wish to secure to find out which 2FA methods it supports.
More Password Don’ts…
- Don’t rotate between the same two or three passwords. That’s just as bad as using the same password everywhere.
- Don’t send passwords via sites like email, Facebook, Twitter. Use another means like text message, which goes directly to the recipient. Or even better, a phone call.
- Don’t store passwords in unencrypted files. Any idea how many passwords have been stolen because someone stuck them in an unprotected Word or Excel document? Even protecting the document may not be enough, whereas password managers help you store passwords with less risk.
- Don’t stick passwords on sticky notes. Whether it’s under the keyboard or on a bulletin board, it’s exposed. Be like Gandalf: Keep it secret, keep it safe.
- Don’t share passwords and accounts. This is especially prevalent in small businesses. Don’t create one account then share the password; create multiple accounts for each person who needs access. More time consuming? Sure. More secure? You bet.
Secure Password Management Tools
With a password management tool such as 1Password, LastPass, or KeePass, all you have to remember is one master password and the software takes care of the rest. Typically you can use the same password management tool on your computer and on your mobile devices.
Unfortunately any company can be breached by hackers, and password management firms are no exception. In other words, passwords stored in management tools can be swept up in data breaches just like any other kind of data.
The good news is that most password managers encrypt your data, so even if hackers get hold of it, they will hopefully be hard-pressed to recover your actual passwords. That being said, you need to safeguard your master password with more vigilance than any other password you use. Please do NOT re-use your master password anywhere else! And be sure to keep another copy of your passwords somewhere else in case you lose access to your password management tool.
Password Harvesting Scams
Password harvesters are everywhere. For example, you might get a spam email saying you need to update your account. This message contains links to a page that looks like the real login, but it’s really just a fake designed to steal your credentials. Similarly, password-harvesting scams can be distributed via Facebook, Twitter, and other social media sites. When in doubt, type the address for the site into your Web browser manually rather than clicking on a link.
Why not take this opportunity to change your passwords? It’s one of the best things you can do to protect yourself against identity theft and cybercrime.