Have you noticed that we need passwords for just about everything these days? Passwords are required for everything from online banking, healthcare patient portals, work software applications, online credit card management, and shopping, to social media. With our personal and sensitive information residing in so many online locations, and an increasing number of hackers at work, strong password management is critical to protecting your online security. We’ve put together a list of some tips you can implement today to keep your login credentials as secure as possible.
Don’t write down your username and passwords
We’ve all done it ourselves or have seen others do it, such as keeping sticky notes with username and password information stuck to a monitor or kept under a keyboard. We’ve all been tempted at one point or another to manage our passwords this way, but it’s just a bad idea. It’s an insecure method for maintaining sensitive information; you don’t want anyone untrustworthy coming across this information and then using it. If you decide that you absolutely need to write your passwords down just to remember them all, we recommend you keep them locked in a secure location.
Use a password manager
Most people have numerous passwords for many accounts which can make it a challenge to keep them all straight and, quite frankly, remember them all. There are many secure password managers (such as 1Password, LastPass, and Dashlane) that can help you generate complex passwords as well as securely store all of them. Depending on the password manager selected, your encrypted password vault is kept either locally on your computer/device, or it is stored in the cloud. These password managers typically require you to remember one complex password to access the password manager. Your password manager is only as secure as the password you create for it, so you should select a long complex password or passphrase. There are many password managers available and they are becoming increasingly popular. We recommend you research the various types of password managers available and then discuss your options with an information technology professional to determine whether a password manager is right for you.
Be careful what you post on social media
Social media platforms are great for sharing personal information with friends, but they can also potentially expose your personal information to hackers. We love to post things about our favorite sports teams, our birthdays, our children’s birthdays, or share our pet’s name. It may seem harmless to share this information on social media, but hackers who are looking to crack passwords can look to these posts to help them figure out your passwords.
Use complex passwords or passphrases
Don’t use things that are widely known about you when selecting passwords. Also, avoid using common words and never incorporate your social security number into a password. The most secure passwords are comprised of special characters, upper case letters, lower case letters, and numbers.
Many people are starting to use a passphrase as their password. A passphrase can be something like, “My CPA is the best there is!!!” As you can see, a passphrase can be easy to remember, while also being more secure, as they incorporate spaces and are longer than the average password. As a rule, the longer (at least 12 characters) the password/passphrase and the more complex it is, the more secure it will be. Another positive of having a complex password/passphrase is that you won’t need to change the password as often.
Don’t use the same passwords or variations of the same password
Since it seems like we have passwords for everything, it can be tempting to use the same password for everything. This is not a best practice because once someone figures out your password, they can try to access your accounts on other websites that you frequent. If your passwords are the same, or very similar, it becomes all too easy for hackers to access your various accounts.
Change your passwords
The longer you keep your password the same, the higher the chances are that someone will be able to guess what it is. Also, if a hacker does discover your password, changing your password regularly prevents them from continuing to access your account. At a minimum, consider changing your passwords periodically for your more critical online accounts, such as online banking.
Don’t save passwords on your computer or electronic device when prompted
From time to time, while visiting a web page, you may be prompted to have the web browser save your login credentials for convenience reasons. While initially, it may seem like a great time-saving idea to have the computer or electronic device remember and autofill your login credentials, it is not a best practice. If a hacker accessed your computer or electronic device, they could very easily log in as you and access your personal/sensitive information. If login credentials are saved on your computer or electronic device, be sure to remove this information prior to disposing of, donating, or selling your computer or device.
Don’t let anyone watch you log into your accounts
Your login credentials should always be kept confidential. If people are around when you want to log into one of your accounts, wait until you are alone and in a secure environment before entering your login credentials.
Avoid using public computers
When accessing personal and sensitive information, use a device that you know and trust. When you utilize a public device, you have no way of knowing whether that device is truly secure. As an example, a public computer could have keylogger software installed on it which can monitor and record each keystroke typed on a keyboard and provide the information to a third party.
Use two-factor authentication when it is offered
With two-factor authentication, you need more than just a password to gain access to account information. It adds a second layer of security by combining something that you know (like a password) with something that you have (like a cell phone or ATM card) or something specific to only you (like a fingerprint or voice print). An example of two-factor authentication is an ATM. To access accounts at the ATM, you need your bank card as well as your PIN. Some banks are even using voice biometric technologies to verify user identity for added security. Due to the added layer of security that two-factor authentication provides, it is being offered more frequently and we recommend taking advantage of it whenever possible.
Identity theft and data breaches have become increasingly common in our data-driven world. Our personal and sensitive information is very valuable and a natural target for theft. By utilizing the above best practices, you will be well on your way to protecting yourself and preventing a hacker from targeting you.
If you have any questions or would like to discuss any of these security recommendations in more detail, please feel free to reach out to us.