4 tips for protecting your passwords
It’s time to fess up: you use the same password for many – if not all – of your online accounts. Between email, social media accounts and web shopping sites like Amazon (AMZN), it’s hard to keep track of all those passwords. But it’s more important than ever to create unique passwords for every site that requires one – especially if you don’t want to be a victim of hacking. Last week, news broke that a Russian hacking ring stole more than 1 billion usernames and passwords and 500 million email addresses – purportedly the largest theft in the history of the Internet. Mat Honan, a senior writer at WIRED magazine, has written extensively about how to protect online identities after hackers nearly erased his digital life by simply retrieving his AppleID login-in credentials in 2012. Honan shared four simple tips for safeguarding your online accounts:
Use a password manager
There are several password managers to choose from but Honan prefers the 1Password app. A password manager, which can be accessed on all devices, not only stores a user’s passwords but will also help generate “strong” passwords that can be used for future accounts. A password manager also points out passwords that are repetitive or easy to guess – both of which are big no-no’s. And Honan says users should not be alarmed if their password manager gets into the wrong hands – “good password managers keep your info encrypted and someone would have to be very sophisticated to find your keychain, get access to your password keychain, and decrypt it in a way that's usable,” he says. (A digital keychain, for non-techies, is a built-in password manager).
Perform a password audit
“People reuse passwords and that's the thing that kills you,” warns Honan. Stop using your pet’s or child’s name for all your passwords immediately -- repetition presents the biggest security risk.
Search your email
A hacker may already have access to your email accounts but is waiting to ruin your life. Some hackers will dig through personal messages to find password notification emails from sites, explains Honan, and won’t make any immediate moves. Anytime you change or update a password for a site an email is usually automatically generated. Delete those emails immediately, says Honan. Doing so “also hides tracks of the accounts you have that someone may be interested in,” Honan adds.
Wall off critical accounts
Hackers hate the two-step authentication process and users should request it for every account if possible. Most banks already offer this to online users and it provides a sophisticated way to thwart online pilfering because a user must pass two identification tests. A prompt will appear on screen when a user logs in to a strange, or unrecognized, device.
Most importantly, Honan recommends that all passwords should “contain long strings of letters, numbers, and symbols."
“You don't have to be a big target to be a target,” he says. “It’s pretty easy to practice good password hygiene.”
More from Yahoo Finance
"Everything seems expensive": Why today's valuations are worse than in 1999