While most everyone at some point has heard the basics of password security (use a strong password, don’t use the same password on different sites, etc.), many of us still brush off that advice because it seems too complicated, nor do we want to remember so many passwords in this digital world. We use the same password across different sites; we use passwords that are easy for others to figure out. But passwords are just as important as other tools we use to verify our identity – like driver’s licenses, social security cards, and passports.
Password security may not completely prevent your data from being exposed, but these best practices can help minimize your risk. Here’s a list of a few tips to help make your accounts more secure:
Choose a long password. The best passwords are at least 12 – 15 characters long, and can contain letters, numbers, and symbols (some websites require a mixture of these).
Use different passwords for accounts that contain sensitive or personal information. This is very important. If you use the same password across all accounts and if you’ve been hacked, ALL of your accounts become vulnerable.
Use a password manager! Most of us avoid using different passwords for different accounts because it’s just too hard to remember them all, and we know writing them down isn’t safe. Luckily, there are password manager tools out there that help store and protect passwords; examples are 1Password or LastPass.
Use two-factor or multi-factor authentication. It sounds pretty fancy, but all it really means is instead of just entering a password to log in to your account, you will also need to enter a second piece of information to verify your identity.
Try not to use single sign-on. Many websites offer you the ability to use your social media or email account credentials to sign in to their website, without having to create a new account. While this is convenient and one less account you have to remember a username and password for, there are a number of possible risks involved with using it. When you choose to do this, you are also likely to give Facebook, Google, etc. access to more information about you than they really need.
Don’t share your password! Just as you wouldn’t give others your identity documents to carry around in their wallet, it’s important to keep your passwords private and something only you know.
Don’t let browsers remember your passwords. While this feature in many browsers makes it super easy to get into your accounts, it also makes it easy for someone who’s using the same computer or device to access those accounts (and all of your personal information) without needing to know your password.
Be creative with your secret questions and answers. Those secret questions aren’t really secret. Someone who knows you (or someone who can Google) can possibly guess the answers. Be creative and makeup things so only you’ll remember and no one else can guess.
Don’t fall for the scams. Unfortunately, most malicious hackers don’t have to work very hard to get access to passwords and have become very good at tricking people. One common way they do this is by calling and pretending to be a representative from somewhere you are a customer at and convincing you to give them private information. Another way is by sending an email pretending to be from a website, service, friend, or colleague, and giving you a website link to follow. When you click on that link, you’re either directed to a fake website that asks for your private information, or the link launches malware onto your computer.
Change your password (only when you need to). If you think someone knows your password, changing it from a device that isn’t being monitored can keep them from gaining further access to your account. But if your account hasn’t been compromised and you have created a strong password, it’s not necessary to change your password often.
Remember to log off. Computers and devices are smart – sometimes too smart – and unless you actively log out, your account may remain open indefinitely, allowing others easy access.
Create a separate email account to use for logging in to online accounts or making purchases. Creating an alternative email account that you can use for online accounts and purchases can help protect your privacy, and also help you avoid all of that spam in your actual email inbox.
Information compiled from CNET and EmpowerDB