It is time to get serious about your passwords.
The list of major hacks and attacks against retail chains, web sites, health care networks, and banks is long and troubling. You can’t do anything about their poor security, but you can take steps to protect yourself.
Don’t Reuse Passwords. You’ve heard this advice for years, and maybe you’ve been meaning to change that easy-to-crack but also easy-to-remember password that you use everywhere. But you just haven’t found the time.
Here’s the problem: maybe you used AOL email sometime in the distant past, but you switched years ago. However, you used your son’s name as your password with AOL. It was so easy to remember, you also used it at Amazon, at work, with Google, for eBay, for Yahoo, and for some web store you’ve completely forgotten about.
If that web store you’ve forgotten about is hacked, the hacker now has the password for your bank account. Or he can buy stuff on Amazon and charge it to you. He can log in to your email account and change your recovery email address to an email account he controls.
Because you used a simple password 10 years ago at some site whose name you can’t even recall, your personal information and your bank account are now at risk.
You may not be able to go back to every service you’ve used or abandoned and create secure passwords. But you can change your passwords for the services you use now.
Use Strong Passwords – this is also common advice.
Hackers sometimes use “brute force” attacks to steal passwords. They run a program designed to enter word after word into a password field. They also substitute common numbers or symbols in place of letters. For instance, “letter” might be spelled “l3tt3r” with “3” substituted for “e.”. Software can crack these passwords in minutes, if not seconds.
Strong passwords mix upper and lower case letters, numbers, and symbols in a nonsense phrase. The longer the password, the better. But it should be at least seven characters long.
That’s a strong password.
It is also impossible to remember, which is why everyone resists strong passwords.
Even if you manage to remember that one particular password – can you remember another, and another, and another … for all the sites you visit on the web?
If you are worried about strangers, rather than co-workers or family, stealing your passwords, you can keep a password notebook by the computer. That might work, although the typing is cumbersome.
A better solution is a password manager.
Password Managers can securely encrypt and store your passwords and then fill them in on web sites when you need to log in. Although features vary from program to program, they usually also include a strong password generator.
Some password managers will work on your mobile devices as well as your desktop or notebook computer.
Some are free, some have a one time fee, and some require a yearly subscription. Many will offer different free and paid versions, depending on which features you want.
TWO FACTOR AUTHENTICATION
The final step in securing your online identity is Two Factor Authentication.
This doesn’t protect your passwords – what it does is ensure that, if your password is stolen, a hacker still can’t access the account that you’ve enabled Two Factor Authentication for.
Here’s how it works: when you enable two factor authentication for a web site – let’s say Google – you are then required to enter not only a password, but a one-time code that will be sent to your cell phone. So even a hacker who has your password cannot log into your account.
We’ll look at how this works in more detail in another article.
Photo Credit: Ron Bennetts
Creative Commons License