Password Safety Series: Password Protections
Last week, we discussed the importance of passwords and the many ways our accounts can be accessed without authorization. Today, let’s talk about the strategies and technologies that exist to help us protect our online accounts.
Think of your password as a padlock on your online data. You want that lock to be strong enough to withstand an attempted break-in. Creating a strong password is easy; remembering it (and typing it) is the challenge. When you use a password recipe, your passwords will follow a pattern that will eventually become familiar to you (and only you!). Let’s look at an example.
Keep the recipe handy at first to jog your memory when needed, but never store the phrase with the recipe. Once you’ve used this recipe a few times, the pattern will become familiar and easy to remember.
When it comes time to change your password, simply select another phrase and follow the same recipe. Alternatively, you could keep the phrase “great white toothless sharks” and alter the recipe slightly by capitalizing the second word and choosing a different number and symbol. Your new password might become 6%greatWHITEtoothlesssharks.
As we mentioned last week, phishing attacks sometimes involve a fake login page designed to steal your username and password. Before clicking a link in a suspicious email, and definitely before entering your login information into any site, double check the address bar. Are you where you expected to be? Always verify the domain before entering login information.
Password reuse is one of the biggest password-related dangers today. We understand it’s hard to come up with unique passwords, even with a recipe, when you are managing 20, 30, or 50+ online accounts! Password managers can store your passwords for all of your accounts, but it’s a tool meant to work for you. If you’re uncomfortable storing passwords for highly sensitive accounts like your email or bank, don’t. Focus on lmemorizing passwords for those sensitive accounts and leave the others for the password manager. Many password managers will even give you suggestions for a strong password. Check with your workplace before storing any work passwords in your password manager.
Two Factor Authentication
Two factor authentication (2FA) is another account protection tool. The two factors are 1) your password and 2) some other code that must be presented to log on to an account. The code can be texted to you or pulled from an authenticator app when needed. Your account can only be accessed with both pieces of information so your account is protected even if your password is lost or stolen. Using 2FA is quick and easy, adding only seconds to your login process while providing a strong layer of security for your account.
Hackers are often looking for low hanging fruit: accounts they can access without too much effort. When you combine strong, unique passwords, phishing recognition skills and 2FA, hackers will try and fail to break into your account and quickly move on to their next potential victim.