I hear it so often. Artists losing control of their Soundcloud, their Facebook, their Twitter, etc… I heard just it today. Most people don’t realize how big of a deal this can be. Every time there is a major security leak, you should worry especially if you used that site at least once. This becomes a critical issue for you if your password has been stolen and even worse if you use that same password on multiple different websites. This is where I come in. I will make it as difficult as possible for your accounts to be breached. What is great is that people think passwords are extremely difficult. It really isn’t. Ready? Better late than never.
1. Password Managers
This is the easiest way to handle your issue. Seriously. Although, it requires you to have good passwords. That said, you will only have to recall only one password rather than a million passwords. This will allow you to have a unique password for each and every site which should be the default. They can be the most difficult passwords ever. Doesn’t matter. That is what these programs are for. There are plenty out there. Some are free. Some are paid for. There is no excuse to not have one. Are they perfect? No. Nothing is perfect besides memorizing the most difficult password in the world for each and every site. Although, they’re a step down from perfect. They’re always becoming more secure. Here are some of the top password managers of 2016 according to PCMag (In no particular order).
- Dashlane
- Zoho Vault
- LastPass
- Sticky Password
- Roboform
- Keeper Password Manager & Secure Digital Vault
- LogMeOnce
- Password Boss
- Password Genie
- True Key
- KeePass
- 1Password (I use this one.)
Now that you have your password manager installed, you’ll be able to use their built-in password generator. This will allow you to make one-of-a-kind passwords. They should be the maximum amount of characters the website allows. This can be between 30-64 characters. The password should be a mixture of upper and lower case letters along with numbers and symbols. Use the max amount of all of them. Here’s the example WordPress gives.
2. Passphrase
If you for some reason do not choose to get a Password Manager because the free or premium are just too much, create a passphrase. This also makes a great password for your password manager as well. A passphrase is a random group of words that will be easy to remember and hard for anyone to brute force in. XKCD came up with this easy and humourous comic to help you learn about passphrase.
See, you may have a crazy password like “jal43#Koo%a.” Truthfully, that is a hard password for a human to crack. I couldn’t remember that to save my life. Although, it is easy for a computer to brute force as shown above. This is where you choose four random words or so. Although, there is a science to choosing (or rather not choosing) a password. We’ll get to that further down.
3. Two-Factor Authentication
This is almost a requirement in my book. I say almost because there are instances when you are unable to do two-factor authentication. For instance, Soundcloud doesn’t have it. They should. They don’t. We all know that because Deadmau5 made a huge deal about it (deservingly so).
*only* that information eh… PHEW. im glad they ONLY had access to that. /kappa pic.twitter.com/LNkDxltW0A
— Goat lord (@deadmau5) May 25, 2016
and all @soundcloud had to do is pay a handful of devs to implement two factor seciruty, nope. they dont give a fuck.
— Goat lord (@deadmau5) May 25, 2016
There are all sites that have two-factor authentication. You need to make sure you have your current phone added. This is a common mistake. Be sure to do this before you ever get a new number. If you’re constantly getting new numbers, use Google Voice or something similar. This will allow you to always have a backup if your password ever becomes compromised. Now if your phone is compromised, you need help.
4. That What-Not-To-Do’s with Creating Passwords
I am going to base this off of the science of passwords thanks (unfortunately) to all of the leaked passwords. In the last two years, over 280 million passwords have been dumped online for everyone. Between LinkedIn, Yahoo, Gawker, and eHarmony, it isn’t hard for people to figure out people and their passwords. They compared two of the leaks and found that 49% of people had reused usernames and passwords between the hacked sites. According to Diana Smetters, a software engineer at Google who works on authentication systems:
Password reuse is what really kills you. There is a very efficient economy for exchanging that information.
Here are the tips when coming up with a password or rather, passphrase.
- Don’t use repeat passwords. You’ll learn the hard way when you’re trying to salvage your data after one site is compromised.
- Don’t use words in a predictable pattern. It makes it so much easier to guess.
- Don’t use anything that has been published – song lyrics, quotes, etc… Have you heard of Google? Easy to search.
- Don’t use personal information. This includes: Names, Locations, Emails, Site Names (that the password is for), Phrases, etc… These are the most common. With Facebook, Twitter, and other Social Media, it is easy to look them up and guess.
5. Nine Final Tips When Coming Up With a Password
Here are some tips that will help you keep you secure in regards to your passwords.
- Make sure your email password is the strongest and longest.
- Make sure the backup email for your email is never used except as a backup email for your primary email.
- Don’t share your password. Should be common sense, but you never know.
- Don’t ever send your password in email. They aren’t encrypted. Anyone can get ahold of this. Use a site like pwpush. They expire that way.
- Don’t save your password in a web browser. This isn’t secure at all.
- Don’t use Remember Me on a public computer. Should be common sense.
- Don’t write down your password. Should be common sense.
- Don’t change your password unless it has been compromised. (This isn’t required. Some places require new passwords. As long as you follow everything else, this isn’t necessarily needed)
- Don’t use security questions that can be easily looked up via Facebook, Twitter, Wikipedia, etc…