Password HealthScott Lavergne
Nobody likes the added work it takes to make your technology secure.
Changing your password at regular intervals, adding multi factor authentication, and implementing regular security patching are just a few things that hinder our productivity. However as annoying good security habits are, getting hacked is far more painful. I’ve never spoken to somebody after they were hacked who was glad that they cut corners on security.
So how do we make it better?
The most basic and fundamental aspect of security is our passwords, so we should start there. Passwords should be complex, not reused, and changed on a regular basis. This takes a lot of work, but there is software to help us.
If you haven’t already, you should be using a password manager.
People often ask if putting all your passwords in one place is a good idea, and for this I’ll defer to Andrew Carnegie when he said, “Put all your eggs in one basket and then watch that basket.” Any software company selling a password manager would be destroyed by a single breach, so you know they are highly motivated to protect your passwords. They also are experts at security, so do a little research and pick a reputable company. For my final plea, I will point out that if you are reusing passwords online, a password manager will certainly be safer.
PC Magazine’s editor’s choices for 2021 are Keeper, LastPass, and Dashlane. You could use the password manager built into your web browser, but there are drawbacks. While the password manager built into your computer makes it easier to have unique passwords for every website, it is hard to access those passwords across devices. Also, some of these built-in managers have poor security. I have seen a virus access every password that you have stored on the computer. This specific vulnerability doesn’t impact the online password managers.
Of PC Magazine’s top picks overall, LastPass is the only one of these that has a free option for personal use. It has web browser plug-ins, apps for your phone, and a webpage where you can login to get your passwords. It prompts you to save your password as you login to a new site and has a security review of your passwords to let you know if you have any weak or reused passwords. I started using LastPass’ family plan this year. The family plan allows you to give access to specific folders or everything to someone else. This makes it easy to share things like your Amazon and Netflix password with your spouse or kids.
Once you have a password manager, begin by changing every password on every website. You should always use a unique password for each website. This is very important. If a website has their own weak security and is hacked, your username and password could make it to the dark web. From here, bad guys pay for databases of compromised login credentials. They then use these credentials to attempt to login to accounts that have the same username and password. So, you are weakening your security with every password reuse.
Next your password should be complex.
This is pretty simple. Password managers will suggest complex passwords which look like your cat typed them out as he walked over your keyboard. These complex passwords make it hard for hackers to find your password with software that tries guessing millions of possible passwords. A complex password contains uppercase, lower case, numbers and symbols. It should also be longer than 10 characters. In the event a website doesn’t allow something like special characters, you can adjust the settings in most password managers, or you can just grab the cat.
Finally, you should change your password regularly.
With a password manager and unique passwords, once a year is probably sufficient for individual website passwords. Personally, I’d only focus on the website I want to protect. My login to a forum on Ford Mustangs isn’t that important to me, so I won’t bother changing this password regularly. However, my credit cards will get an annual password makeover.
Most importantly, you cannot neglect your password that you use to access your password manager. I would recommend changing this password at least quarterly and never save it to your browser. I cannot stress this enough. That will weaken your security tremendously. In addition, don’t log onto your password manager from computers you don’t know. They could have a keylogger that could swipe your most important password. The last step should be to turn on multifactor authentication on your password manager. This will make it much harder for the bad guys to hack your account.
If you just improve your password behavior, you will improve your security immensely. While you are busy resetting passwords, motivate yourself by thinking about how much of a pain it would be if your bank information were being sold on the dark web. Or consider the pain of having thousands of dollars transferred out of your accounts. These things happen to thousands of people daily, and if you have bad password hygiene, then eventually it will happen to you.