No security is absolute and there isn’t a single password perfect enough to protect you from every type of hack that exists now or will in the future.
Unfortunately there’s no mystical password out there in the ether to that can secure all of your online accounts forever. One great password isn’t nearly enough. You need a layered password strategy that requires a unique login for each of your online accounts. But that same technology that forces you to have multiple passwords – giving you a headache – can actually relive you of having to do any additional brainwork at all.
Security Is A Strategy, Not A Solution
We tend to focus on the endpoints of security like a metaphorical egg. Hard shell around the exterior but once it’s cracked, nothing stopping you from the yolk. Having multiple passwords is like adding shell after shell to your online world and identity, so if someone does hack an account, they’re limited in what they have access to.
What most hackers do when they gain access to any of your online accounts is not immediately try to empty out your bank account. They’ll use your email address to identify other accounts, hoping you’re using a single password for all of them. Slowly gathering information, they’ll then take what they can get, whether it’s personal messages, money, or your questionable spring break photos. When you’re only using a single password, you can never been sure what’s been stolen if one of your accounts is compromised.
So, rather than having to change all of your passwords, set up multiple passwords so you only have to change one when the day comes you get hacked. Luckily, technology is on our side to do most of the work for us.
Tools To Create And Track All Of Your Passwords
Don’t bother trying to conjure up complex passwords you’ll end up forgetting and resetting over and over. Your brain is the most complex computer in the known universe, use it for what its good at, which isn’t coming up with passwords.
- KeePass (free) – My favorite password management tool, it lets you store all of your account usernames and passwords on your hard drive in an encrypted folder. You only need to remember the single KeePass password, then just copy and paste passwords as you log into Facebook, email, and your bank accounts. KeePass is also available on iOS, Android, Blackberry as a mobile app, which you can sync with your desk or laptop.
I have over 100 passwords stored on my KeePass, one for each account that’s randomly generated as complex as a given site will allow. Typically, my passwords are 16-22 characters long with numbers, symbols, upper and lower case characters.
And I don’t know any of them except two. One is to KeePass itself, and the other is to my email account. All of the other places I log in regularly: Twitter, Facebook, and my blog require me to copy and paste the password from KeePass into the site. That’s literally 4 mouse clicks for some peace of mind. Not only do I not have to remember much, it’s quick – and I can probably log into all of my accounts faster than you can type in even the crappiest 123password!
- Lastpass is an another free password manager. Easy to use. The premium version, which you’ll need for your mobile devices, costs $12 per annum.
- 1Password is a sophisticated user-friendly solution, but it comes at a price. There’s a 30-day free trial period, after that, depending on the licence you want (family, pro, single), prices start at $49.99.
Passwords Aren’t Absolute – Use The Next Step When You Can
There are a number of ways to hack an account that’s secured by password only. A hacker may try guessing the most common passwords, breaking the site, or fooling you into revealing some of your account information. (Like this attack last year against Tumblr.) It’s easy to steal what someone knows – which is why many sites take advantage of two-factor authentication – something you have combined with something you know.
Both Paypal and many HSBC banking accounts have the option of two-factor authentication; in the form of a small password-generating token they send to you for $5 or less. These small devices display a new number every 30-60 seconds which you need to enter with your password. Just having the password isn’t enough.
Many financial institutions offer hardware tokens but typically don’t advertise them for consumer accounts. Call you bank and other money-managing service providers to see if they’ve got tokens available for account logins. That way, if your password is compromised, the attacker won’t be able to get into your account. Unless of course you didn’t follow my advice above and are using the same password for each login.
Don’t Just Keep Tweaking The Same Password Ending
It’s important, which is why I mention it again, that you don’t come up with your own passwords. Even if you tweak the same password root for each account (e.g. Kermit123!, Kermit-5566, etc.) for a computer doing the guessing, it really doesn’t matter at all. The most used password roots are widely known and generally consist of real words, sequential numbers, and proper names.
- Chances are you’ve used one of these 250 passwords at some point.
Go random and use a unique password for each of your online accounts, otherwise you’re only fooling yourself into feeling secure.
Rules To Login By
As a reminder, these are the basic best practices you should follow.
- Use A Password Manager – KeePass or LastPass are my personal recommendations.
- Generate A Unique Password For Each Account – Both programs can create randomly generated passwords for you. Use this feature and don’t bother trying to remember any of them, except the password for the password program itself.
- Ask Your Banks For Tokens – If they don’t offer them, suggest that they do.
- Don’t Send Your Passwords Over Email – It’s like writing your personal secrets on a postcard. If you do have to send a password, use Skype (chat or voice). The connections are encrypted.
- Any Password You Came Up With In Your Head – …isn’t a good password. Magicians have known for a long time, we all tend to pick the same random numbers.
You Know What To Do So Do It Now!
A dedicated 15 minutes should be about what you need to download one of the password managers above, generate passwords for each of your accounts, and then go online and change each one. A quarter of an hour is a small amount of time to pay compared to the effort it takes to recover from a hacked email, bank, and Facebook account. Oh and Twitter. Because you used practically the same password for that too.
Finally, keep in mind that none of your online accounts aren’t worth using a unique and randomly generated password. That off-the-cuff password you selected for your unused Pinterest account can reveal a lot about you.The first step, for a hacker, is the hardest; after that it depends on you.
I originally published this post on the Travelllll, which will be closing its digital doors at the end of the month.