In today’s digital world everyone, no matter your industry, has a small mountain of online accounts that you use. With accounts ranging from email and social media through to your banking and work, often convenience and security are at odds.
Passwords – mistakes to avoid
There are two very common mistakes users make when choosing passwords. The first is having a weak password and the other is using a single password across multiple accounts.
Making sure that your password is strong is essential, as hackers use a wide variety of methods relying upon dictionaries and common characters to brute-force attack passwords (i.e. using computers to try out a huge number of variations of words and characters to try to guess the password by chance). Security experts recommend that your password should be at least 12 characters long and use letters, capitals and punctuation and not rely on any form of word – i.e. “P@ssw0rd” won’t make the grade. My favourite technique in coming up with a secure password that is memorable is to use the first letter of a phrase and swap out the letters with other characters. Thus the phrase “Mary had a little lamb, its fleece as white as snow” becomes “Mh@ll,1f@w@5” – a super-secure, but unique password that is easy to remember.
The other issue I mentioned was that users often have a go-to regular password that is used across multiple accounts. NEVER DO THIS! Why? If you get hacked, it gives the hacker an opportunity to try this “master password” across a wide range of common websites. Using one password across all of your sites puts them all at risk.
Have you been hacked?
Have a look at https://haveibeenpwned.com/. This site is a repository of hacked account details publicly available on the web. Search for your email address – chances are if you’re on LinkedIn you’ll be listed from an attack back in 2012 (the data was only released by hackers in May 2016). Don’t panic if you’re on this list! It’s not entirely clear what data was stolen and the vast majority of the hacked details have not yet been taken advantage of. However, I strongly recommend you change your password if you are listed for any site, so go check it out.
Use a password manager
Password managers have been around for a while now, and they have grown in sophistication and complexity. There are a variety of password managers to choose from such as LastPass, Dashline, KeePass and 1Password. My personal favourite is the market leader, LastPass. With browser extensions, form filling, auto login options and a built in secure password generator; keeping unique, secure passwords for every one of your accounts is a breeze. While LastPass does store your passwords in the Cloud, the methods that it uses are recognised as being incredibly secure and when combined with its two-factor authentication (i.e. requiring your phone to confirm any logins, similar to the one-time PINs used by banking services) makes it just about as secure as you can get. Naturally a service like this is often under attack by hackers, and whilst they seem to have taken every precaution there have been a couple of partially successful attacks on LastPass. No data has ever been lost and so long as you are using two-factor authentication correctly, even if a hacker got your master password for LastPass they would still not be able to access your account. The blogging website Lifehacker addresses this concern in this Q&A post.
Eggs and Baskets
Now, being the overly paranoid security conscious person I am, I’m thinking about eggs and baskets, and LastPass is a pretty big basket regardless of the very high level of security measures they put in place. Thus my advice is to not rely solely on it to manage all of your accounts. Keep all of your very sensitive accounts such as banking and Google or Apple outside of LastPass and use LastPass to manage everything else. It means you’ll have a few super-secure unique passwords to remember, but if anything (albeit very, very unlikely) were to happen to your LastPass account, your sensitive accounts are still secure.
At the end of the day it is important to bear in mind that nothing is truly ever 100% secure in this age of digital criminals and hackers. The real trick is being as secure as you can be by minimising the risk without compromising convenience, thus allowing your security strategy to be comprehensive across all of your accounts. The methods and software mentioned in this article will keep you far safer than your average Internet user and thus far less likely to be compromised.