Most people have heard the fundamentals: the only strong password is long, unique, and a mix of upper & lower case/numbers/special characters.
And most people know someone who’s email or Facebook account was hacked, so you know it can happen to you.
Yet few people have actually undertaken an effort to abide by these guidelines, namely because it’s a major headache. So how do you beef up your passwords without going insane?
- Consider a password manager, which makes the process much easier, though there is still a learning curve. There are a few and some are free, though the best ones are more functional and convenient. We personally prefer 1Password, though there are others you might want to consider.
- Find a plan of attack: First off, Email, Facebook, your banking passwords, and any sites you manage, such as your company’s website login, really need to be strong and distinct. Change those first. To what, you may ask?
- Use what is commonly called the 8 / 4 rule, but use 12 or more characters. Your banks may already make you follow this or something similar, but it’s worth ensuring all of your most important logins are follow this rule. The longer the password, the better, so consider including longer phrases, e.g., readmore&watchlessTV99!
- Next, focus on the less important websites you have accounts with. These may be easier to get hacked because they have fewer resources for a robust security plan than the big guys. But if they’re compromised, you want to know your important logins (see #2) are not the same as what was stolen from this secondary group. Here’s how it often works:
- A relatively small website with low security gets hacked; passwords and user names (often one’s email address) fall into the wrong hands.
- Alternatively, your password is very weak, or the challenge phrase to your account that allows a reset (e.g., date of birth) is easily found.
- Hackers know that people reuse passwords, so they try the same email address / stolen password combo on a variety of popular sites (Facebook, LinkedIn, Yahoo, Gmail, etc).
- Enough of them work as to make the process worthwhile (collecting contact lists to sell to spammers, mining saved mail for account or credit card numbers, sending fake distress emails asking friends for money to be wired overseas, etc).
- For those lower priority sites, consider adding a few random numbers or characters (e.g., @#$%^%&) to your existing password, bringing it up to the 8 / 4 rule.
- If you save your passwords in a Word or Excel document, protect that document with a password! (Save > Options).
- It’s worth repeating that this whole process becomes a lot easier when you have a handy button on your web browser that will generate and save each password as you browse normally. That’s what a password manager does (see #1).
Still need guidance setting up your hacker defense? Set up an appointment with us and we’ll make it happen.