What’s that yellow sticky note poking out from under your keyboard? Is that your password? If you’re like many people this may be the case. While this may be practical and convenient, it’s not a good idea. It might be ok in the privacy of your own home, but it can still be risky. Privacy and security (online safety) is all about managing your risks and deciding what is right for you. If you would like suggestions on how to better handle your passwords (yes, I used the plural form) and manage your risk read on for my thoughts and experience. I’ll start with the risks of poor password management then provide a couple of solutions and resources to check your password strength.
Obviously, your passwords are your virtual keys. Unlike traditional keys, though, they aren’t safely tucked in your pocket. They are either in your head, written down, or saved electronically. There advantages and disadvantages to each of those methods along with varying degrees of risk. Here are some ways poor password practices can lead to problems.
Note: In this post the term “hacker” will refer to someone who has obtained your login credentials in some manner (even if it wasn’t technical hacking).
- You could get locked out of your own device(s)
- A hacker can lock you out of your own accounts
- Using the same password everywhere allows a hacker to not only get at your junk email account, but also your financial accounts and other sensitive information in the event of a breach.
- Once the password is used to obtain personal information, your identity could be stolen.
- A hacker can access your social media to extend an attack to your friends and family
- The same social media access could be used to send SPAM messages.
- The aforementioned SPAM could result in your accounts becoming blacklisted with service providers
- All of these and more can have emotional, social, and even financial impact!
- Use capital and lowercase letters, numbers, and special characters
- Use pass phrases – Dictionary words and short passwords are easy to crack. Instead, use something like (T!mrlpw10k) which would mean “This is my really long pass word which I only know”
- Use longer pass phrases. Length is key. The longer a passphrase is, the harder it is to crack.
- Use different passphrases for different accounts. Different categories (junk account, social sites, financial, etc is the minimum). Different passphrases for every account would be most secure. This is where password managers come in handy.
- Don’t write them down. Written passwords are easily obtained, read, and copied. The one advantage is physical access may be more controlled. If passwords must be written down, keep them in a safe and secure place (not under the keyboard).
- Use an encrypted account database (see more info below). Electronic passwords can also be easily obtained if not encrypted and secured themselves. Storing them in a word doc, spreadsheet, email, etc leaves them vulnerable to hacking, malware, and other forms of malice.
- Use Multi-Factor Authentication (MFA). Many popular sites and apps are allowing for MFA now. This method requires not only your username and password, but also relies on a text, email, or other form of token to confirm your identity.
For those who prefer an easy-to-use service that can be accessed from all devices, I recommend LastPass. It has free as well as paid tiers for more advanced options. Your data is encrypted and they also rely on MFA. LastPass can also generate new passwords. It is one of (if not) the only cloud-based account managers I would recommend.
For those who want to store passwords locally (or are more tech-savvy for a cloud-based option) I recommend KeePass. KeePass encrypts the database, stores it locally, and has numerous advanced options allowing you the most flexibility. You can install it or run it as a portable app. Just remember to backup your database file if you choose this method!