Why Strong Passwords are Important
Keeping your data secure online is important, and it’s easy to do when done right. A few simple steps can help keep your data safe.
Passwords are annoying, sure. There are a lot of websites to keep track of and it’s nearly impossible to remember them all. Just like with most things, a good organized system can help prevent the need to keep everything in your head.
Simple Rules for Password Security
- Never use the same password more than once
- Always chose something too complicated to memorize
- Keep track of all passwords in a secure manager or app
- Use Two Factor Authentication when available
- Cancel or delete accounts no longer in use
- Change passwords often
Reusing Passwords Puts You At Risk
If for whatever reason, your password finds its way into the hands of a hacker, assume it’ll be used along with your email or username elsewhere. Don’t give someone access to multiple accounts just to make things easier for you to remember.
Pro Tip: A password you can easily remember probably isn’t a good choice. Let your browser, or Key Chain on macOS remember it for you
Pick Something Strong
Your birthday, pet’s name or favorite band are all things that someone who knows how to look can probably figure out. Think about how many questions Facebook asks when setting up an account, that data is probably online somewhere. It’s better to create a random string of at least 16 numbers, letters and characters to create something totally unique. The longer the better.
On that note, have you ever seen a Facebook post asking for a bunch of personal questions? Don’t answer them! This data can be used by hackers when trying to prove that they’re you.
Most password manager apps have tools to help create a strong password for you. Online services like strongpasswordgenerator.com are helpful too. Many password managers may also tell you whether your password is strong or weak, which can be helpful. If you’re using a password manager consistently, many can also let you know when you’re reusing the same password across multiple accounts and in some cases which may have been exploited.
Many attempts to find valid logins are done with brute force attacks, where someone would use an automated script to try a series of password guesses until one is found. The longer and more complicated that password might be, the tougher it is to crack. Avoiding words in your password helps protect against “dictionary attacks” where a cracker might use a list of common words and common passwords to guess yours. Even if you think you’re being clever by adding a zero to a word in place of an O, you’re not the first.
How Do I Remember My Passwords?
Short answer: Don’t. Use an app. Let the app keep track of this stuff for you. Each time you create a new account, put it into the app. I find it useful to also include a note about what the account is for and when I signed up… so many accounts, this is the only way to really keep track of it all.
Recommended Password Managers
The best password managers will let you define an encryption key, something only you know. This key is used to encrypt and decrypt your data, and if you’re the only one with the key, you’re the only one who can gain access to your encrypted data. If any password manager company says they can help you retrieve your key, you’ve picked the wrong one.
“Sign in With” Options
Many third-party accounts can use your Google, Apple or Facebook accounts to log you in. These will store only a login token with the third-party rather than a copy of your (hopefully) encrypted password. All of these third-party connections can easily be revoked from your associated account. Some of these options even let you anonymize your email address so that even that is never stored in a third-party’s database.
What is 2FA?
Two Factor Authentication asks for an additional piece of information to prove that it’s you signing in. You might already be using one version of this with your bank, where they send you a code via text message.
With 2FA, someone would need your password AND your unlocked phone or email access to successfully log in.
There are many ways to 2FA, and which options you have depends on which options the site’s development team decided to offer. Google Authenticator is a good option which puts an app on your phone with an ever-changing 6 digit code used to authenticate individual logins. When creating a Google Authenticator connection, it’s very important to keep track of the recovery codes. If you change phones, these codes will be required to access the 2FA account. Google cannot help you recover an account if you’ve lost your recovery codes, so keep them safe!
Cancel Old Accounts
Did you sign up for an account for a chance to win a free iPod in 2009? Chances are you aren’t using that account anymore, probably best to delete that account entirely. Though not all online accounts are easily cancelled, it’s worth taking some time to find out. The fewer places your personal info exists online, especially in old accounts, the safer you’ll be.
Change Passwords Often
This is probably the hardest thing to do since it takes so much time, though the best thing you can do is change those passwords often. If for whatever reason, a login gets exploited, it won’t be valid for long if you have a habit of changing your passwords on a schedule.
Follow these basic rules and you’ll be in good shape keeping your online data safe and secure.