It’s a jungle out there… and it’s full of cyber criminals looking to hack into your accounts, steal your personal information and turn your computers into mindless zombies under their control.
That’s the bad news. The good news: It’s not that hard to protect yourself. It starts with proper password security.
But, if you do what you’re supposed to, you’ll end up with different, lengthy passwords for every account you have, and you’ll change them frequently.
For many, that just doesn’t seem realistic. Seriously, how are you ever going to remember them all? A lot of people have passwords written on Post-it notes stuck to their monitors. What they don’t realize is that, if you write them down, you’re exposing yourself to yet another vulnerability.
One solution to this problem is password managers – that remember all your passwords and know which accounts they go to. Of course, it wasn’t very reassuring when LastPass, a well-known password manager, was itself hacked.
Luckily, you have more than just one option:
- Don’t change your passwords unless you are forced to! Despite this being a frequent recommendation, multiple studies demonstrate that this does NOT improve security. Two reasons: If your password gets hacked, it is going to be used right now – not three or six months from now. And having to remember or keep track of changed passwords tempts people to use the same password over and over, or use something that can be easily remembered (and easily guessed).
- Use a tiered password system. If you think about it, the majority of accounts you have are probably of little security concern. If you aren’t storing credit card information on a site, and it doesn’t provide access to vital information such as banking or medical records, you can re-use the same password. That password also doesn’t have to be as fancy. Save the tough passwords for the accounts where it really matters.
- If it does really matter, remember this rule: if it is easy to remember, it is easy for hackers to guess. More and more, critical systems require complex passwords with a mixture of upper and lower case letters, numerals and symbols for this exact reason.
- Use a password manager if you need to. It is safer than using overly simple passwords or over-using the same password!
- Do not share passwords, send them via email or fax, or write them down.
- Turn on two-step authentication when it is available. This validates a login using a temporary code texted to your phone, if someone attempts a login from a new device. It provides a significant improvement in security.
- Familiarize yourself with what a phishing attack is. Beware of emails apparently coming from someone or some company you have a relationship with, asking you to log-in or provide security information. THIS IS A MAJOR SOURCE OF SECURITY BREACHES – and is entirely preventable. Know who you are communicating with!
There’s no perfect security against having your accounts hacked, but follow these rules and you can be reasonably safe – without overly burdening yourself or your memory.