These days, more and more of our daily tasks can be performed online and one of the growing struggles associated with this is the dreaded password creation and management! This is a topic that far too many of us don’t pay enough attention to and are probably guilty of at least a couple bad practices surrounding passwords.
The first issue at hand is creating the password itself. How many times have you found yourself creating an account for a new website and in order to speed along the process you just use the ‘same old password’ or a variation of the ‘same old password’? I know I had done this countless times before I was shown the light and realized just how unsafe this really is! One of the problems with this is that if any one of the many sites that your use that password for is compromised, the attackers now have a valid password to use on any other site on which you may have an account! Also, how many different accounts do you have that either simply use your email address as the login or maybe you use the same username, or variation of, as your other log in credential?
I’m sure you can see where this is going by now but just to be sure, I will give an example. In 2012 there was a massive data breach at LinkedIn (seriously, it was huge). Now, let’s pretend that your password and email were compromised in this data breach. If you use the same password for you email account then now the attacker has access your email account. If this is the same email that you use to correspond with your banking sites or other accounts, this attacker now has a door, wide open, to steal your information as well as the power to change all of your passwords, essentially locking you out from any of your accounts. Talk about a huge mess that would take ages to sort out. This is a very realistic example that happens to users all the time.
The next issue is creating a stronger password. It’s very alarming just how many people out there still use passwords like “password” or “qwerty.” Passwords should be strong enough to prevent being easily guessed. Thanks to the growth of social media it is also important to avoid using passwords that are a simple combination of your kid’s names, pet’s names and important dates. If you or someone you are connected to on social media don’t have their security settings setup properly, this information can be easily obtained.
So when creating a password, try to make it as long as possible, use things that are random, purposefully misspell some words and sprinkle in some special characters. No more passwords like “Fluffy2005”!
One thing that you might find surprising, since it contradicts what a lot of places will tell you, is that a longer and more secure password is more important than frequently changing your passwords. I will get into the specifics on how it works in a future post but, the reason this is important is because malicious hackers can use tools to crack passwords and the shorter, less complex passwords can be cracked much more easily this way. A longer, complex password might take them long enough to deter an attacker and send them looking for an easier target.
Lastly, there’s the pesky issue of password management. With so many different accounts, if you were to have a different password for all of them, you would never be able to remember them all individually. Even if you could remember the passwords you’ve created, good luck always matching the right ones up to the right website.
So, to help you out with managing your passwords I have a couple of recommendations:
For the DIY approach, at the very least, make sure that you have separate and secure passwords for you email accounts, banking and financial accounts and social media accounts. This limits the number of differing secure passwords that you have to keep up with but it also mitigates the likelihood of a compromise leading to someone gaining access to your financials or wreaking havoc on all of your accounts through your email.
Personally, my favorite way to manage passwords is with a password management service. This is a service that will remember any of your log in credentials and secure them with one unique password. They usually work through a download or browser plugin and can automatically enter the information for you at the log in screen. There are many different services available but if you are interested in using one, do your research and make sure that you pick one that is very secure and has a strong reputation. You will also want to make sure that it is compatible on all your systems.
One that I highly recommend is LastPass. They are free if you use it on your desktop but if you want them to sync with all your devices it’s only $12 a year. LastPass is also compatible with most mobile devices with an app and they even have an auto-fill function to help you quickly fill out forms online.
So next time you are prompted to create an account and a password; Take a minute and develop one that is strong and complex, don’t use that ‘same old password’ over and over again and for goodness sake, don’t write them down on a sticky note and leave them in plain site! Also, consider using a password management service if you have WAY too many passwords.
If you would like more help on creating strong password then check out this post Here. It is full of great information and ideas to help if you are at a loss on where to start.
I hope I’ve helped enlighten some of you on why passwords deserve a little more attention. As always, if you have any other questions, comments or concerns, feel free to leave a comment or contact me through the contact tab at the top of the page!