NOTE: Some of the weblinks in the article are affiliate links
Believe it or not, at some point the most common password that people used was along the lines of “Password1234”; this, along with spouse’s, kids, and pet’s names or birthdates are not secure. Maiden names, school mascots, zip codes, and cars are not going to protect your important information.
As the technology that protects us improves, so do the tools that hackers use. We have to give the technology a boost with some effort on our own behalf.
Simple Password vs. Passphrase vs. Complex Password
Our first thought needs to be that of moving away from the simple 8 character letter and number passWORD and become focused on a 12 or more character passPHRASE. These passphrases also need to include lowercase and uppercase letters, numbers,and special characters. The longer the phrase, the harder it will be for the nefarious hackers to crack.
Even better than a passphrase is a long randomly created “complex password.” These are much harder for hackers to break. As there are more and more places to put our credit card information, simple passwords and passphrases must not be trusted with this important data.
Logging in with Google or Facebook
Many sites now allow you to use your Google address or Facebook to log into them. This is a huge leg up in the world of convenience. Many sources even suggest that this method is more secure, so long as you limit the permissions that Facebook or Google allow the site that you are logging into.
Again, this security is still only as good as your Google or Facebook login.
By making passphrases and complex passwords harder to crack, we also make them harder to remember. And when you have 20 or more places that each have their unique login, a person could go insane trying to remember which is which.
Password keepers exist to take some of the headaches out of this quandary. A few of our favorites are:
Each of these has their pros and cons. Speak to your local computer savvy person to talk about options and what kind of password manager might serve you best.
Don’t want to spend 15 minutes trying to string together enough special characters for yet another login? Password generators are even included in the aforementioned password managers. They will generate a random complex password, and at the same time save it in connection with the website for which you are creating the login.
There are also online generators that you can use and even input some parameters.
There is another security step that can be taken on some of your more important logins such as email, Facebook, or your bank account. Two-factor authentication (2FA) or Multifactor authentication (MFA) will add a second level to your login. The most common is a text sent to a previously saved cell phone number. After you enter the correct password into the site, it will send your phone a text containing a code. Enter that code into the website to gain access to your account.
There are other forms of two factor that are available and can be implemented in various other ways. Time-based PIN codes use apps to create login details that expire every 30 seconds. Google Authenticator is most often recommended, and can be used for all sites that support time-based logins.
Often we need to share passwords with others at work or family members. Sending passwords by email or text message is tempting but should be avoided. LastPass and My Glue make it easy to share passwords with others using the same service.
If the two parties do not use the same password manager, Richie Schut, owner of local tech company TRECpro, recommends using PwPush.com to send passwords to others.
Additional Thoughts and Tips
Your email password is a master password of sorts. Most of your other login information can be accessed or changed with simple access to your email account. You will even use your email address to access any of the password managers previously discussed. For this reason, I strongly recommend you walk the line between a passphrase that is very secure and one that is easy to remember.
For instance, your current password may be something like Fido2008, but taken for a spin like this: ILoveMyDogFido! it can be much more secure. As long as you can remember what changes you made, you’ll be golden.
Schut recommends using a memorable passphrase for computer, cell, email, and password manager logins. He also advocates a random complex password for all other passwords.
Creating and remembering passwords is a modern-day hassle that no one expected; however, recovering from a stolen identity is far more traumatizing. Taking small steps to increase your security now, could be enough to prevent you from becoming a victim.
Article originally published in the Deer Park Gazette, a subsidiary of TRECpro LLC.