Consider a person called Joe. Joe has a login for Facebook, Google, Apple, his bank, and some other services that his colleagues don’t need to know about. He has one faithful password that he uses for everything – because he finds it hard to remember anything else! Joe has been happy with this method for a few years but all a sudden he finds he can’t log into Facebook… Now Joe doesn’t know what to do because he can’t message his friends! He’s also lost access to Google and has no idea why! Turns out that site that we didn’t need to know about was breached, the password was cracked and that gave the cyber criminal the keys to Joe’s internet presence. This is the biggest risk if you use the same, bad password for everything, if an adversary finds the password for one service, they can try the same email and password combination on other services that you could be using! This is preventable, but still it plagues us as a community so I’m here to give you some good security common-sense!
Now it’s no secret that passwords are a pain to manage, many sites demand your maximum brain power to come up with a super complex password that is hard for you to remember but really easy for a computer to guess. Even a security professional like myself can’t remember passwords for the hundreds of site that I’ve logged into over time. I even used to use the same password for most services until I was in the middle of my studies in computing science and had the risks exposed to me, then I changed my ways… But how do I do it? Well, with two handy tips I will show you how to up your password game and never again be caught out by a rogue phishing email or data breach.
Tip 1: Use a password manager
Password managers generate, store and auto-fill passwords in your browser and phone so you don’t have to! These passwords are stored in an encrypted vault in the cloud that only you can unlock with a master password and two-factor authentication (like a text with a code!), even the people who make the service can’t read the data in your vault! There’s plenty of free and paid options all with differing features, such as sharing a password with others, or getting alerted when you’re using the same password on a website. You may have a password manager available to use now if you’re using an Apple or Google device, or you can use one as a browser extension or mobile app like LastPass, Dashlane or Keeper.
3 Random Words
Tip 2: Use 3 (or 4) random words to make a password you need to remember or type easily
So there will be times you need to actually remember or type a password, whether it’s for the master password to your password manager or a device or service where you have to manually enter a password. The easiest (and government approved!) method is using random, unrelated words to make a long password, which is arguably more secure than a short password that uses numbers and symbols. With this method you’ll only need to remember three things rather than 10 unrelated characters that are easy for computers to guess. If the service allows, avoid using numbers and symbols so it’s even easier to remember! If you want more convincing, take a look at the comic made 10 years ago:
So there it is, two things you can do that will vastly improve your security online. It only takes a few minutes to install a password manager, and only a couple of hours to change the passwords on your most important websites to things that are easily type-able (assuming they’re stored by your password manager). Keep an eye on this blog for my next instalment of security how-not-to’s, next time I’ll tell you how not to secure your important stuff with just a password (or just Google 2-Factor Authentication and it’ll save me the time!).