If there is one complaint we hear the most complaints about...it's password management.
Welcome to our Pro Tips series. This week we're going to give you some advice on password management, the bane of many people's existence.
Passwords are everywhere now and as they say your data is only as secure as your password is. While there are some of you that have good habits and handle the multitudes of passwords easily and safely, you can skip this. This one is for the others....the ones who:
- Use the same password for every website / service
- Advance their passwords by changing the number at the end from 1 to 2, etc.
- Save their passwords in Outlook under their contacts
- Email their passwords
If you read the above and either blushed or felt "seen", then stick around.
Yes, passwords are a pain. Remembering all of the different ones can feel impossible and as such get people into bad habits. However always remember this, as much as a pain is having a ton of passwords are, it's ten times worse to recover data, funds or resetup a service due to a password breach.
- Passwords don't have to be some random gibberish of numbers and characters that make no sense. Most password requirements now accept spaces and phrases. Having a space seperating a series of words if a lot more challenging for a computer to brute force. So use a phrase that means something to you if you are allowed. Or, use a password that is strong enough and combine it with the type of service you are accessing. This way you can easily remember your password for each service and have it challenging enough so people can't guess what it is.
- Use a good password manager. Most can suggest a password for a site and even launch the website you are attempting to access by suppling your credentials right into the site. The benefits are you only needing to remember one password, however make it a strong one and DO NOT forget it. Here's a list of password managers. Avoid application password managers that are only on the one device. For example if your phone goes swimming, so do your passwords always have a backup somewhere or one that syncs to a cloud account securely.
- NEVER save passwords in an unencrypted format on your computer, such as a text document or in Outlook. If your computer was hacked, Outlook is one of the first places they will look at to siphon as much data about you as possible. On that note, never email passwords, or if have to, put it in a separate blank email with no identifying text. Change it at your earliest opportunity.
- Turn on multi-factor authentication for any online accounts. This will require anyone signing in to supply a text code that is sent to your phone, or a constantly changing phone supplied by an app. Both Microsoft and Google have 2 very good authenticators that are easy to use and free.
- Change your password periodically. Most business' require a password change every 90 days. You should be doing something similar for your personal passwords as well. The simple reason is that most systems, and you, find it hard to identify someone using a correct username and password to access a system, as such a malicious user could be doing so for days, weeks or months before the illicit activity has been caught on to.
You can check for yourself if your username and password have been released to the wild from a security breach. The website HaveIbeenP'wned will give you details on any breaches that contained your email and password combinations.
While most security implemented is pretty good, it ultimately comes down to you and your habits to keep your data secured.