Let’s talk, for just a moment, about passwords. We all have them. We all use them. But how to do we keep them secure? And even more importantly, how to we protect ourselves from a password breach wreaking havoc on our entire lives? In today’s post, I’ll share some important tips on password security and how best to stay secure.
Yea, I know. “Best Practices”. It’s a buzzword that I should be ashamed of using. It’s true. But, that doesn’t change the fact that there are certain things everyone should do in order to protect themselves from the bad guys. You know… hackers, identity thieves, and maybe even your former partner who you gave your Netflix password to.
1. Use unique passwords everywhere
Yes, that’s right. Don’t reuse your passwords. Use a different one for each website you log into. These days, it’s common for a company like Home Depot, Apple or Facebook to suffer a data breach. That is, a situation where a bad actor or some sort managed to obtain personal data from a company’s servers and potentially releases it to the internet for other bad actors to use. ForgeRock found that in 2021, there was a 450% surge in breaches containing usernames and passwords globally (link). In early 2021 alone, Facebook and Microsoft both announced massive data breaches (link).
If you use the same password on Facebook as you do for your bank, it’s a very short path from the Facebook data breach to your identity being stolen or your bank account being emptied. Take a look at this article, showcasing how hackers used credentials stolen from other websites to breach people’s Best Buy accounts to charge your stored credit card for thousands of dollars in gift cards.
“But how on earth will I remember my password if I have 100 different ones to keep track of?”. Don’t worry! More on that later. Keep reading.
2. Use random passwords.
Making passwords easy to remember also means making them easy to guess. Setting your credit card website password to “Charlie2021” after your favorite pet is pretty easy to remember, but also one of the first things that a hacker will try when they find out you have a dog named Charlie.
In contrast, setting your password to “v5GHeuajKCPjbtakcxs5” is a LOT harder for a hacker to randomly guess. Using random passwords is the single easiest and most effective method you have at protecting yourself from someone figuring our your password.
3. Length trumps complexity.
That’s right. The longer your password is, the more secure it it. Regardless of the types of characters you use. You’ll notice above that my random example only has letters and numbers. You are probably used to hearing people tell you to use special characters. Make sure your passwords are complex! Well that’s not necessarily better. Simply using special characters to make “MyPassword” into “MyP@$$w0rd” is nor really any more secure. It’s just harder to type. Making your password longer, however, means an attacker needs to try exponentially more combinations of characters to guess it.
But how on earth will I ever remember so many long random passwords?
Easy. You don’t. We’ve finally come down the the entire purpose of this post. Stop thinking you need to remember any of your passwords. That’s simply not necessary anymore. The world of password managers has come a long way in the past decade.
So what is a password manager? It’s a tool that safely and securely stores all your passwords, making it easy for you to access them without needing to memorize them. All you need to remember is a single master password that unlocks your password manager. There are many good choices out there that are FREE for individual users. I recommend a few of them:
- Bitwarden. This one’s my favorite! Not just a password manager, it doubles as a 2FA app too (see my article on 2FA if you don’t know what that is.)
- LastPass. This was my preferred before switching to Bitwarden. Still a good option.
- Dashlane. I haven’t used this one, but it has good rankings and reviews.
Not only do password managers help you store and retrieve your passwords, they type them for you too! Good password managers (including the 3 I listed above) have mobile phone apps and web browser extensions that allow them to automatically fill your password into websites on your behalf. Just think about that. Not only do you no longer need to memorize your passwords, you don’t need to ever type them again either. Now nothing should stand in your way from using long, random, unique passwords everywhere!
Is it realistic to think that everyone will use random passwords for every single different website? No. Do I? Nope. A good balance is really what I’m hoping this post helps you achieve. Personally, I share one password across many “throw away” sites that I don’t really care about getting breached. Any site that has credit card, billing, or sensitive data though, totally unique random passwords in each.
Want to know if your credentials have already been stolen? Search for your email address at Have I Been Pwned. Do results for your credentials come back? Then CHANGE YOUR PASSWORD NOW!