17 Essential Password Protection Tactics You’re Definitely Not Doing
No, an added exclamation point is not secure enough.
In today’s world, our most valuable information is stored in numerous places online. Often times, the only thing keeping our personal details safe from the ill intentions of hackers is a password (one we typed in on a whim, most likely). But if you want to prevent having your data compromised, you have to avoid weak passwords (i.e. those that include your name, or are used on multiple accounts). And that’s just the beginning. There are plenty of other steps you should be taking to keep your information secure. Read on for all of the password protection tips you need to implement ASAP.
If you’re like many people, you read the “minimum eight characters” password requirement and come up with one that’s exactly eight characters. But it’s a mistake to not make your password longer. A common tactic for hackers is what’s called a brute force attack, in which a program tries a whole bunch of combinations of numbers, letters, and symbols. The longer your password, the longer and less likely the hacking program is to succeed.
Instead of a password, go with a passphrase—a string of words that is longer and includes spaces, such as “I bought a great pair of shoes the other day.” A passphrase is both easier to remember and harder for a hacker to crack than a shorter password is. But don’t go with a familiar passphrase, such as “ontherocks” or “topofthemorning,” which can be almost as hack-able as a regular word.
If you’re worried about remembering your passphrase, use a standard one, but tweak it so that it’s indecipherable. For example, type each letter of the simple phrase with the key one row above, so “ontherocks” becomes “9h5y349diw.” If that’s too tricky, try using the first letter of each word in a longer phrase—so the lyric “bye bye Miss American Pie” becomes “bbmap.” Better yet, add in the bit about the Chevy and the levy so it’s “bbmapdmcttlbtlwd.”
If you’re having trouble coming up with good passphrases, use a tool like the xkcd Password Generator. The free service comes up with a random phrase consisting of four common words that are easy to remember, but surprisingly tough for hackers to crack, like “rough two review discussion” and “above must thou ranch.” Go ahead and try it yourself!
This is a fairly simple step that can add an extra level of complexity to your password or passphrase. Just swapping in @ for the letter A, or an exclamation mark for an I or an L can complicate your code enough to throw up roadblocks to a would-be hacker. So instead of using “apple pie,” you can make it “@pp!3 p!3.”
Another simple way to add an extra element of complexity and security to your password is to mess with the capitalization, adding capital and lowercase letters in unexpected places. For example, capitalize the second or last letter of a word rather than the first.
Whenever someone cracks a password in a movie, it’s because the password relates back to the user, like a spouse’s name or a birthday. If your password is something that someone can piece together by knowing a few things about you or your personal history, it’s time to come up with something more complex.
It’s not just your password you have to think about—it’s the questions you use to reset it.
Just as you should avoid including obvious personal information in your password, you should do the same with the security questions you choose. Don’t pick anything that would be obvious or easy for someone to figure out from a quick perusal of your Facebook page, like the high school you attended, a sibling’s name, or even the name of your cat.
Since security questions can be easy to crack, add another layer of security with two-factor authentication. Just as withdrawing money from a cash machine requires your physical ATM card in addition to your PIN, two-factor authentication doubles the level of security on your password-protected accounts.
Most often, it requires that you not only know the password, but that you provide a verification code that’s sent to your email or phone, too. You can set this up in your preferences for each app or account, or use a two-factor authenticator such as Google Authenticator , DUO Mobile or Authy.
Want to make your password even more secure? Try a physical token, such as Titan Security Key or YubiKey. These security keys connect to your computer with a physical USB or wirelessly, and are used like a literal key, in addition to or in place of your password. Many times, they include time-synchronized one-time passwords that change constantly at a set time interval, like every minute or 30 seconds even. That way, it’s impossible for someone else to log into your account from afar.
As opposed to computer viruses that corrupt your device, malware, ransomware, or “trojans” steal your data. These can swipe your passwords or lock you out of your computer until you pay a ransom. Installing strong anti-malware software is an effective way to prevent this from happening. There are a ton of free tools out there that can make your accounts more secure.
With all the apps and sites we need passwords for, it’s nearly impossible to keep track of them all. If you have trouble keeping your dozens of passwords straight, it makes sense that you’d want to document them all in one place for easy reference. But trust us, that’s an urge worth fighting, especially if you’re keeping the list saved on your computer, where someone could access it, send it to themselves, and gain access to everything in a flash.
Instead of saving your list of passwords on your computer or written down somewhere in a drawer, try a password manager. These are apps that keep track of your passwords and generate new, hard-to-hack passwords for you on top of it. There are a ton of password managers out there, with a range of capabilities (from filling out web forms automatically, to ensuring two-factor authentication when logging in from new devices), such as KeePass, LastPass, and LogMeOnce.
Even if you have a rock-solid password or passphrase, it can be compromised in a large-scale hack, where hackers get access to massive lists of personal information and passwords. What’s worse, if you use the same password across multiple sites or apps, that one password becomes a skeleton key that unlocks other accounts, too. So be sure to have unique passwords or passphrases for each and every account.
You should keep your password to yourself. Sure, you can let your spouse in on it if you’re both using the same bank account, but that should be about it.
If you bought tickets to a show you can’t attend and are giving them to a friend, don’t send them your Ticketmaster login details to access the tickets. Even if it’s someone you trust, you can’t be sure they use these password protection tips. If they’re not careful, your information could soon get to more people.
If you’re still using the same email password you used when you first created the account, it’s time to update it. Periodically updating your passwords ensures that even if your account was somehow compromised, it won’t continue to be.
According to LastPass, if there’s a security incident, if you do share your password, if you use a shared or public computer, or if it’s been more than a year since you changed your password, it’s time to give it a refresh.
While regular password updates are wise, users who change their password too often are more likely to use weak passwords or only slightly modified versions of the passwords they were already using, according to a study from the University of North Carolina, Chapel Hill. And now that your online world is protected, do the same thing with your house via the 15 Best Ways to Protect Your Home.
To discover more amazing secrets about living your best life, click here to follow us on Instagram!