finger pointing from a laptop

First – Don’t Reuse Passwords

One of the biggest security holes in password protection is reusing the same password on multiple websites. If any website you use is hacked, hackers will try these same passwords on other sites. Thus, resulting in a giant chain of all your website accounts potentially being hacked.

Second – Store Your (Unique) Passwords Securely

There are several secure locations in which you can keep your passwords. Some people may write them down, others may store them online or in their phones. Either way, you’re always going to be susceptible to hacking. But which secure location offers you the best chance?

Password Managers Store Your Passwords Online

You can safely store a list of all your passwords by using password managers such as LastPass, 1password.com, and more!  Apple’s  iCloud Keychain storage which tracks your passwords and usernames works well for Mac users, but don’t use the password managers that come with browsers such as Chrome and especially FireFox. Firefox will give you access to those passwords without authentication, regardless of platform. Chrome requires a password to view saved passwords, but there are numerous ways to get around this security. For more details on why not to use the saved passwords options in your browser, see tech republics article. That being said, these systems, especially Chrome’s, are a significant improvement on reusing the same password so are significantly better than nothing and a convenient alternative for less sensitive accounts.

Freestanding Programs

you install on your computer such as KeePass . The advantage of these free-standing programs is you don’t have to trust anyone else, though of course you’re trusting a program that’s too complicated for most of us to understand. But it open source software and  Consumer Reports recommended it.

Written Down Lists

This is the old-fashioned way. The classic handwritten piece of paper  is only as secure as where it’s stored. In turn, if you lose that piece of paper, you’re completely out of luck. And your accounts can still be hacked if someone with malicious intent finds that paper!

Third – Use Long, Random Passwords

How do you remember long, random passwords? You probably can’t.

Believe it or not, password cracking algorithms assemble data about a person; old phone numbers, relatives, pet’s names, birthdays, schools, and addresses. They then combine them with the most common passwords, so the further you can get from what is normal the more secure you are.

Some password creation / remembering tricks include:

  • Several randomly chosen words. Use a dictionary or book opened to random pages to really make it random. Throw in a few special characters [!@#$%^&*-_=+<} and DIFFerent CaseS!
  • The first letter(s) of a long phrase. For example, “Typlyt.Dlaeui,&gan1e6m.” is fairly secure. However, you could probably remember to type the first letters of  a long, memorable phrase like ‘Treat your password like your toothbrush. Don’t let anybody else use it, and get a new one every six months.”
  • Password generators. 2 of our favorites:
    Generista.com creates pronounceable passwords that can be random but (relatively) easy to remember.
    Dotmaui.com/password-generator with the avoid ambiguous character option checked which makes passwords easier to read and tell others. In other words, no guessing if it’s a 1,I, or l.

Other Password Security Holes

Don’t email passwords 

Unless you use encrypted email or otherwise protect it from prying. Old school dictating over the phone is pretty secure, lastPass premium offers shared options. Since many people and websites will email you a password, if you get a password insecurely change the password right away. As for sending passwords to others if you don’t have encrypted email you can use a one time message senders online such as 1ty.me .

Change passwords

Often, especially on important sites like your password programs and financial sites. If somehow someone has hacked into any systems (even if you don’t know it), changing the password will lock them out. If someone has left your employee or your life and has access to important passwords, change the passwords. Even if you don’t think  they would be malicious, change passwords for your security and to keep suspicion from falling on them and damaging the relationship further if you do get hacked. 

Online Security in General

When sharing sensitive information online:

  1. Use a modern and up to date browser. If you want to surf on something else or, as is often the case, your company’s internet is on an ancient version of Internet Explorer, don’t use the old browser for sensitive info. In descending order of security on common browsers this would be Chrome, Firefox, Safari, Edge and lastly Internet Explorer.
  2. Make sure the site is secure if you are logging in – all of the above browsers will display a lock icon in the browser bar.
  3. Don’t save credit cards on websites (if you can avoid it) and be suspicious of sites that insist you save card numbers. It takes a few more seconds for you to type a credit card and you can save time by storing the credit card number in KeePass or on your encrypted thumb drive.
  4. Be careful on public wi-fi connections as well as what you do on your phone or tablet.

Password Security References

We are not inventing these techniques. We took most of this from Consumer Reports article ‘Hack-proof Your Passwords’. Consumer Reports staff and consumers aren’t super geniuses, just people who use common sense. You won’t get pro-photo advice from Consumer Reports, but you’ll get a camera that takes decent shots. Same with password security. Following this advice won’t make you a security expert, but you’ll lock out most hackers.