Passwords
Passwords. They are the bane of so many users' existence. Yet they are required to get access to our emails, banking information, or just to log into the computer.
The tricky part is trying to remember all the different passwords you have created for all the various accounts.
Sometimes you will have to create account credentials to access an application you rarely use. Often these apps will offer to ‘keep you signed in’ which seems like the easiest option. Most of the time, this is done within a web browser, and that browser will store all of your passwords.
Sure, it's convenient. After all, who wants to type a password every single time it's requested? When you make use of a large number of online services, typing a password each time you use said service can disrupt your productivity.
That being said, we at Priority 1 do not recommend this. By leaving passwords saved into your browser, your personal information become highly vulnerable to cybersecurity attacks. It is very easy for hackers to find this information once they have access to your computer.
The more common scenario we see in our shop is when a customer purchases a new computer or new hard drive and requires a fresh install of their operating systems. All of the saved login information in the browser has been lost. Many customers have been using their favourite shortcuts or mail program to access their emails, etc., for years, without entering a password. When asked to enter their credentials on a new machine, they have no clue what their passwords are. Often, resetting these passwords can be incredibly difficult, especially if the security verification is not known.
Yes, you can write your login credentials down. Really.
We know: This recommendation goes against everything we've been told about protecting ourselves online. But password managers aren't for everyone, and some leading security experts, like the Electronic Frontier Foundation, suggest that keeping your login information on a physical sheet of paper or in a notebook is a viable way to track your credentials. And we're talking about real, old-fashioned paper, not an electronic document like a Word file or a Google spreadsheet because if someone gains access to your computer or online accounts, they can also gain access to that electronic password file.
Use a password manager to keep track of your passwords
Strong passwords are longer than eight characters, are hard to guess and contain a variety of characters, numbers and special symbols. The best ones can be difficult to remember, especially if you're using a distinct login for every site (which is recommended). This is where password managers come in. A good password manager can help you keep track of your login info. The tiny caveat is that you'll still have to memorize a single master password that unlocks all your other passwords. So, make that one as strong as it can be (and see below for more specific tips on that).
Password managers with their single master passwords are, of course, obvious targets for hackers.
Avoid common words and character combinations in your password
The goal is to create a password that someone else won't know or be able to easily guess. Stay away from common words like "password," phrases like "mypassword" and predictable character sequences like "qwerty" or "thequickbrownfox." Also avoid using your name, nickname, the name of your pet, your birthday or anniversary, your street name or anything associated with you that someone could find out from social media, or from a heartfelt talk with a stranger on an airplane or at the bar.
Longer passwords are better: 8 characters is a starting point
8 characters are a great place to start when creating a strong password, but longer logins are better. The Electronic Frontier Foundation and security expert Brian Kerbs, among many others, advise using a passphrase made up of three or four random words for added security. A longer passphrase composed of unconnected words can be difficult to remember, however, which is why you should consider using a password manager.
Don't recycle your passwords
It's worth repeating that reusing passwords across different accounts is a terrible idea. If someone uncovers your reused password for one account, they have the key to every other account you use that password for.
No need to periodically reset your password
For years, changing your passwords every 60 or 90 days was a long-accepted practice, because, the thinking went, that was how long it took to crack a password. But Microsoft now recommends that unless you suspect your passwords have been exposed, you don't need to periodically change them. The reason? Many of us, by being forced to change our passwords every few months, would fall into bad habits of creating easy-to-remember passwords or writing them on sticky notes and putting them on our monitors.
Use two-factor authentication (2FA)
If thieves do steal your password, you can still keep them from gaining access to your account with two-factor authentication (also called two-step verification or 2FA), a security safeguard that requires you to enter the second piece of information that only you have (usually a one-time code) before the app or service logs you in. This way, even if a hacker does uncover your passwords, without your trusted device (like your phone) and the verification code that confirms it's you, they won't be able to access your account.
When it comes to password security, being proactive is your best protection. That includes knowing if your email and passwords are on the dark web. And if you discover your data has been exposed, we guide you through what to do if hackers have gained access to your banking and credit card accounts.