finger pointing from a laptop

First – Don’t Reuse  Passwords

One of the biggest security holes is reusing the passwords on multiple websites. If any website you use is hacked, hackers will try these usernames and passwords on other sites, so the little website that get’s hacked could open up your info on the big important site.

Next – Keep Your (Unique) Passwords in a Secure Location

Secure locations include:

Password Managers:

Password managers store your passwords onlineLastPass,  1password.com and a bunch of others. Here’s an article from PC Magazine rating a bunch of password storage programs.
Of course that leaves you at least one uncrackable password you need to remember. But one or even a few passwords is lot easier to keep track of than many. Once you get used to them password managers make your digital life easier as well as more secure. Many (usually in the premium version) offer sharing options.

Freestanding program you install on your computer such as KeePass . The advantage of these free-standing programs is you don’t have to trust anyone else, though of course you’re trusting a program that’s too complicated for most of us to understand. But it open source software and  Consumer Reports recommended it.

Written down lists can be stored under lock and key, kept on secure and encrypted thumb drives and/or secured with password managing programs.The classic handwritten piece of paper or notebook is only as secure as where it’s stored. In the tech thriller “The Girl with the Dragon Tattoo” the hero hacks a system via a password hidden under a desk blotter. That doesn’t mean that a written list isn’t a good solution, but be really careful with that list.

Use Long, Random Passwords

How do you remember Long, Random Passwords? You probably can’t. That’s the point.

Believe it or not, password cracking algorithms assemble data about a person; old phone numbers, relatives, pet’s names, birthdays, schools, addresses and then combine them with the most common passwords, so the further you can get from what is normal the more secure you are.

Some password creation / remembering tricks include:

  • Several randomly chosen words. Use a dictionary or book  opened to random pages to really make it random. Throw in a few special characters [!@#$%^&*-_=+<} and DIFFerent CaseS!
  • The first letter(s) of a long phrase. For example, ‘Typlyt.Dlaeui,&gan1e6m.’ is pretty secure but you could probably remember to type the first letters of  ‘Treat your password like your toothbrush. Don’t let anybody else use it, and get a new one every six months.’
  • Password generators. 2 of our favorites:
    Generista.com creates pronounceable passwords that can be random but easy to remember.
    Dotmaui.com/password-generator with avoid ambiguous character option checked which makes passwords easier to read and tell to others. In other words, no guessing if it’s a 1,I or l.

Other Password Security Holes

Don’t email passwords unless you use encrypted email or otherwise protect it from prying. Old school dictating over the phone is pretty secure, lastPass premium offers shared options. Since many people and websites will email you a password, if you get a password unsecurely change the password right away. As for sending passwords to others if you don’t have encrypted email you can use a one time message senders online  such as 1ty.me .
Change passwords often, especially on important sites like your password programs and financial sites. If somehow someone has hacked into any systems (even if you don’t know it), changing the password will lock them out. If someone has left your employee or your life and has access to important passwords, change the passwords. Even if you don’t think  they would be malicious, change passwords for your security and to keep suspicion from falling on them and damaging the relationship further if you do get hacked. 
When in doubt about a security compromise, change the password(s).

Online Security in General

Though I really wanted to address password security the bigger theme here is overall online security. When sharing sensitive information online:

  1. Use a modern and up to date browser. If you want to surf on something else or, as is often the case, your company’s internet is on an ancient version of Internet Explorer, don’t use the old browser for sensitive info.
    In descending order of security or common browsers this would be Chrome, Firefox, Safari, Edge and lastly Internet Explorer.
  2. Make sure the site is secure if you are logging in – all of the above browsers will display a lock icon in the browser bar.
  3. Don’t save credit cards on websites (if you can avoid it) and be suspicious of sites that insist you save cards numbers. It takes a few more seconds for you to type a credit card and you can save time by storing the credit card number in KeePass or on your encrypted thumb drive.
  4. Be careful on public wi-fi connections as well as what you do on your phone or tablet.

Lastly we are not inventing this stuff. We took most of this from Consumer Reports article ‘Hack-proof Your Passwords’. Consumer Reports folks aren’t super geniuses, just folks who use common sense (and don’t take advertising so aren’t influenced by advertisers). You won’t get pro photo advice from Consumer Reports, but you’ll get a camera that takes decent shots. Same with password security. Following this advice won’t make you a security expert, but you’ll lock out most hackers.