The online privacy and online security information in this series just seems to be getting more and more important.
We continue to stack this important information to help show you how you can add layer after layer of online protection.
So, if you have not already read our previous online privacy/online security info, here are the links so you can go back and get informed:
Modern Hackers Toolbox
When we picture someone hacking an online account it’s usually someone sitting at a computer typing in names of family members or favorite foods, even the names of hometowns.
So, we think that if we avoid the use of these ‘bank security question’ type answers then it’s safe to use other common passwords.
However, most hackers are not interested in this sort of finesse and are definitely not wasting their time trying to figure out maiden name of one particular user’s mother.
They are interested in volume and brute force.
As such they use programs to do their hacking for them that can try thousands of different possible password configurations a minute until they hit on something that works.
If you’re like most people you probably have one or two general passwords you use for everything: from online bank accounts to social media or even online accounts at work.
After all, who can be bothered with remembering a unique password for every online service you sign up for?
The problem with this lies in our previous scenario. Once a hacker strikes gold and gains access to one account, then they can try the same username and password combination for any other online accounts you have.
If you did make this mistake, then once one account is hacked, you must change the password for all other accounts.
The Wrong Way
Most of us, when tasked with creating a password will want to use a word or name that means something, or is at least familiar to us.
While it is true that this might be slightly easier to remember, a hacker that is trying to access your account is likely using a program that can guess thousands of words a minute.
No matter how obscure the word, if it’s somewhere in the OED you probably don’t want to make it your password.
Chances are you’ve also run into a situation where the service you are trying to use wants your password to fit certain parameters.
Commonly, passwords must be at least 8 characters in length, contain both upper and lowercase letters, as well as at least one number and one special character.
At this point it is tempting to throw your hands up in despair.
Who on earth could remember a randomized alphanumeric string and special characters?
You’d have to have the brain of a computer!
So, you try to simplify this as much as possible. Most people when faced with these requirements simply make the first letter uppercase then add a couple of numbers and symbols to the end like: “Password66!” .
You might even try to get fancy with it and replace a couple of the letters with numbers and that look similar like: “4a$$word66” .
The problem with this is that, again, hackers can make these connections as well and you can bet your bottom dollar that their password guessing programs are accounting for these same substitutions.
The Right Way
The best way to avoid these common pitfalls is to use unique, randomly generated passwords for every account. The longer the better.
If you find you have trouble remembering these passwords… and you probably will, then consider using a system for storing all of these passwords.
Consider a dedicated notebook/hardcopy or a password manager.
Password managers are encrypted programs that save all of your passwords on your device. These passwords can then be accessed via by a master password or pin.
Add Layers Of Security
It is never a bad idea to increase your security, both online and in real life. This can be done by using layers of various security features which work in concert with each other to provide a critical defense of your Personal Identifying Information (PII).
Some of these additional layers of security include using 2-factor authentication (2FA) whenever possible. Chances are you have already encountered this, perhaps with a Google account or when signing up for mobile banking.
2FA requires you to verify your identity at least two ways before you can access your account which ensures that your data is still safe even if your password is somehow lost or stolen.
Another option for securing accounts of all types is by using a Security Key. A Security Key, otherwise known as a Universal Second Factor hardware key (U2F), is commonplace online, with employers as well as government agencies.
If you are considering this level of protection, we recommend YubiKey.
Finally, other multi-factor layers of protection include facial and fingerprint recognition.
Pulling It Together
Until the rollout of Web3, the need for maintaining control over your passwords is of paramount importance to function online today.
In order to keep your passwords as strong as possible, be sure not to use any commonplace words… do not use the same password across multiple sites… and don’t use any of the normal shortcuts used to simplify passwords.
When ever possible you should use a password manager. We suggest NordPass.
Finally, be sure to use multiple layers of security to help protect your privacy online. This should include Two-factor Authentication (2FA) and Universal Second Factor hardware keys (U2F). We suggest YubiKey.