finger pointing from a laptop
,

Password Security

First – Don’t Reuse  Passwords

One of the biggest security holes is reusing the passwords on multiple websites. If any  website you use is hacked, hackers will try these usernames and passwords on other sites, so the little website that get’s hacked could open up your info on the big important site.

Next – Keep Your (Unique) Passwords in a Secure Location

Secure locations include:

  • Written down lists can be stored under lock and key, kept on secure and encrypted thumb drives and/or secured with password managing programs.The classic handwritten piece of paper or notebook is only as secure as where it’s stored .(In the tech thriller “The Girl with the Dragon Tattoo’ the heroine hacks a secure system via a secure password hidden under a desk blotter). That doesn’t mean that a written list isn’t a good solution, but be really careful with that list.
  • Freestanding program you install on your computer such as KeePass . The advantage of these free-standing programs is you don’t have to trust anyone else, though of course you’re trusting a program that’s too complicated for most of us to understand. But Consumer Report’s recommended it.
  • Or there are a number of programs that you store your password onlineLastPass,  1password.com and a bunch of others. Here’s a recent article from PC Magazine listing a bunch.
    Of course that leaves you at least one uncrackable password you need to remember. But one or even a few passwords is lot easier to keep track of than many.

Use   Long, Random Passwords

How do you remember Long, Random Passwords? You probably can’t. That’s the point.

Believe it or not, password cracking algorithms assemble every bit of data about a person; old phone numbers, relatives, pet’s names, birthdays, schools, addresses and then combine them with the most common passwords, so the further you can get from what is normal the more secure you are.

Some password creation / remembering tricks include:

  • Several randomly chosen words. Use a dictionary or book and really make it random. Throw in a few special characters (!@#$%^&*-_=+<>?,).
  • The first letter(s) of a long phrase. For example, ‘Typlyt.Dlaeui,&gan1e6m.’ is pretty secure but you could probably remember to type the first letters of  ‘Treat your password like your toothbrush. Don’t let anybody else use it, and get a new one every six months.’

Other Password Security Holes

Don’t email passwords unless you use encrypted email or otherwise protect it from prying. Old school dictating over the phone is pretty secure, lastPass premium offers shared options. Since many people and websites will email you a password, if you get a password unsecurely change the password right away.As for sending passwords to others if you don’t have encrypted email you can use a one time message senders online  such as 1ty.me .
Change passwords often, especially on important sites like your password programs, financial sites. If somehow someone has hacked into any systems (even if you don’t know it), changing the password will lock them out. If someone has left your employee or your life and has access to important passwords, change the passwords. Even if you don’t think  they would be malicious, change passwords for your security and to keep suspicion from falling on them and necessarily damaging the relationship further if you do get hacked. 
When in doubt about a security compromise, change the password(s).

Online Security in General

Though I really wanted to address password security the bigger theme here is overall online security. When sharing sensitive information online:

  1. Use a modern and up to date browser. If you want to surf on something else or, as is often the case, your company’s internet is on an ancient version of Internet Explorer, don’t use the old browser for sensitive info.
    In descending order of security this would be Chrome, Firefox, Safari and lastly Internet Explorer.
  2. Make sure the site is secure if you are logging in – All of the above browsers will display a lock icon in the browser bar.
  3. Don’t save credit cards on websites (if you can avoid it) and be suspicious of sites that insist you save cards. It takes a few more seconds to type a credit card and you can save time by storing them in keepass or on your encrypted thumb drive.
  4. Be careful on public wi-fi connections as well as what you do on your phone or tablet.

Lastly we are not inventing this stuff. We took most of this from Consumer Reports article ‘Hack-proof Your Passwords’. Consumer Reports folks aren’t super geniuses, just folks who use common sense (and don’t take advertising so aren’t influenced by advertisers). You won’t get pro photo advice from Consumer Reports, but you’ll get a camera that takes decent shots. Same with password security. Following this advice won’t make you a security expert, but you’ll lock out the most hackers.