Password DOs and DON’Ts


About a year ago, I wrote a blog post about the dizzying number of passwords we contend with in our day to day life. Everything online requires some kind of password.  Until we reach the day when technology is connected to our bodies and we use biometric identification, we are stuck with passwords.

The bad news is that anything can be hacked and a string of characters, no matter how long, will not protect you.

The good news is that there are steps you can take to minimize your exposure.  The way a large, barking dog will cause a burglar to find an easier house to rob, a few simple steps will deter the casual hacker:

DO

Use a password manager.

I am a recent convert to password managers. There are many to choose from. Most of these have built-in password generators and will work across all platforms and browsers.  You only need to create one master password.   Some managers have bare-bones free versions or feature-rich paid versions.  Choosing one depends on your comfort level and what you need.

Enable two-factor authentication.

This puts another level of security between your password and a hacker.  They help prevent a computer other than yours from logging in to a site. Most password managers include some form of two-factor authentication.  They all work a little differently, but essentially they send a one-time code, usually to your mobile phone, to confirm your account.

Change your master password.

Periodically, change your master password.  Yes, it’s a pain in the neck, but it’s only one password.  Never ever use it for any other site.

Use bogus reminders.

Security questions, which act as second passwords, sometimes ask you to provide information that could be found elsewhere.  Make up memorable silly answers for common questions.  My pet’s name?  It’s “Mrs. Hippo Waggle Bumplestumping Tender Toes.”

DON’T

Reuse passwords.

I know it is easy to remember your brother’s middle name, but that only makes it easier for a hacker to get into all your accounts.

Use a dictionary word as a password, or substitute numbers for letters.

Yes, the numeral 5 looks like an S and the numeral 3 looks like an E, but if you know that, so do hackers.

Use a short password.

Longer is better and randomly generated best still.  Let your password manager generate passwords for you.  Then you don’t have to think up a long string of numbers, letters and symbols.  Put your energy into creating a strong and memorable master password.

I have recently started using LastPass, the 800 lb gorilla of password managers.  I bought the Premium version for $12.99/year and am finding it easy to use and chock full of features I can access.  LastPass suffered a recent security breach, but it didn’t crack any user’s encrypted password vault.  If this makes you nervous, choose a different service.

Whatever you do, don’t use a simple, easy to remember password on all your sites.  It’s like leaving your front door unlocked – in most circumstances, your stuff will be there when you return, but if someone wants to get in, you have made it ridiculously easy.


Leave a Reply

Your email address will not be published. Required fields are marked *