Basic Password and Online Computer Hygiene
By Jon Aldrich
Image Source http://blog.hotspotshield.com
It is still hard to believe, but did you know that 2 of the most commonly used passwords to access online accounts are still “password” and “123456”? There are a lot of nefarious individuals and organized hackers out there who have nothing but time and a lot of computer power. All they must do is get your e-mail address, try a few common websites and even without much technical expertise could easily hack into your account if you use simple passwords like the above.
Expand this a bit, to someone or some organization with a lot of computer power to do a brute force attack and just like that, they are into your account, and can do whatever they please if you use a simple password. If you use the same password across several sites this could really cause you some headaches.
With all that being said, here are some easy to do steps to make it harder for the bad guys to break into your online accounts? You have probably heard many of these ideas several times before, but are you actually doing any of these? Some? None? I don’t expect many of you to immediately go out and do all of these right away, but if you can just start gradually doing some of these it will really help your online security and password hygiene.
Use a Strong Password
What is a strong password? A strong password according to many computer experts contains more than 12 characters consisting of upper and lower case letters, special characters such as #*!@$ and isn’t a word from the dictionary. Thus, the password “Happy123” would be considered weak, while “$Fg47@:kdK34^+g115SaB5EE@90j” would be considered very strong. Using just a 5-character password has 11 million combinations. That may sound like a lot, but to some of these expert hackers that is nothing. Adding just one character expands the possible combinations to 300 million. The longer the password is the better off you are.
Don’t use the Same Password on More Than One Site
Sure, it is easy to remember the same password for a lot of sites, but all a hacker must do is get your password from one site and they would be able to access several more of your accounts at different websites. Experts recommend having a different password for every online site you use. Every year there are several password leaks that occur even on large, well known websites. When this happens, the bad guys may try this leaked information on several websites to see what they can gain access too.
Use a Password Manager
Since you aren’t supposed to use the same password on multiple sites, how do you keep them all straight and make sure they are strong? Use a password manager. A Password manager stores all your login information for all the websites you use and will log you in automatically. All you must do is remember the master password. These programs will encrypt your password database and create exceptionally strong passwords.
A couple of options to consider are Dashlane, Roboform and LastPass. They all have free versions that you can try out and are surprisingly easy to use for the most part. They range in cost anywhere from $12 to $39 a year. Here is a real good independent review of the pros, cons & costs of several different password managers http://www.asecurelife.com/dashlane-vs-lastpass-vs-1password-vs-roboform-vs-keepass/ When you go to the premium versions for most of these, they allow you to use the program among all your devices, thus I suggest considering the premium versions.
Where to Keep the Master Password?
This is important because it can be a real hassle if you lose the Master Password for your Password Program. Some good places to store would be a safe deposit box, a fire proof safe or some other place that is secure. Here is a good link to how to come up with a good, secure master password. https://blog.lastpass.com/2015/07/how-to-make-a-strong-master-password.html/
Do the Texas Two-Step (Two-Factor Authorization)
Two-Step or Two-Factor Authorization protects your accounts by requiring you to provide an additional piece of information such as a cell phone number or e-mail address to get into your account. When your login to a site with Two-Factor a text message or e-mail with a code will be sent to you and you will need to enter that code to access the site. This way a hacker would have to have access not only to your password but also your cell phone or e-mail account. Not impossible, but it greatly increases your online security. Here is a good primer on how you enable this on several popular sites. This is recommended for your highly sensitive accounts such as bank, brokerage or credit card accounts.
Change passwords Regularly
If you are not ready to do the above suggestions, at least change your passwords on a regular basis. Regular can be loosely defined, but research has shown that maybe once a year is sufficient.
Don’t let sites remember your passwords
Often, sites such as Google will ask if you want it to remember your password. This sure makes it easy to login to frequently used sites, but it would also allow someone that somehow got unauthorized use of your device to login to these same sites. A good way to reduce this risk is to make sure you lock your computer if you leave it alone and have a password to logon to your computer when it is turned on.
Don’t use free Wi-Fi to log into sensitive accounts
Since most free public Wi-Fi networks (think Starbucks) are open to the public, they are also open to hackers. For many hackers, it is so easy to hack users of public Wi-Fi that it is like shooting fish in a barrel. Never do any financial transactions on public Wi-Fi as it can be very easy for a hacker to obtain sensitive information from you on an unencrypted network. Also, beware of Wi-Fi in hotels. Even though there may be a password, it would still be relatively easy for a good hacker to cause some trouble.
If you must use public Wi-Fi, consider a VPN – Virtual Private Network.
A VPN or Virtual Private Network is a way for you to secure your computer’s internet connection to guarantee that all of the data you are sending and receiving is encrypted and secured from prying eyes. They are easy to set up and use on your devices. Here are some of the best VPN services currently available and some additional information on what VPN’s are and how they work.
Use Antivirus Software
A no-brainer and hopefully if you only do one thing, at least have anti-virus or malware protection installed on your devices.
A lot of these steps sure can be a pain in the back side. But, then again, getting hacked is a real pain, in the you know what, as well. That is why a password manager is probably the most efficient way to accomplish several the above steps. Combine that with two-factor authorization and you have made it a lot harder for someone to hack your accounts. You are never going to be 100% guaranteed safe if you are online, but taking the above steps can bring you a heck of a lot closer than not doing any of them. And unless you plan on never going online, which is unlikely, it is prudent to at least start considering the above suggestions to really increase your online security.
As always, please feel to reach out to us if you have questions.