Monthly Archives: March 2013

Password Best Practices & 2-Step Verification

Capture

There have been an alarming number of recent high-profile password hacking incidents among some of the largest online services such as Twitter, Apple, Facebook, and Dropbox. The latest being Evernote. Considering how lazy most of us are with our passwords, this is a very scary trend. To highlight the seriousness, let me toss out a quick scenario:

So, let’s assume you are smarter than 94% of us and have a nice, long, alphanumeric password with punctuation (something like “Ih@t3MyP@ssw0rd!”) for your gmail account. This is a very good first step. The problem occurs when you decide to use that same password for say Facebook, Twitter, your bank, and perhaps Amazon. Or maybe you even go so far as to use it everywhere, including that new dog grooming forum you joined last month. So what happens when one of these sites are hacked? Suddenly, that super strong uncrackable password is now as naked as your two year old in the kiddie pool. And, suddenly, someone has taken that password and cleaned out your bank account.

So what ARE the best password practices?  

If you have time, please read this great post on password best practices. If you’re like most everyone else, just keep reading and hopefully you’ll soak in a couple of the most basic points:

  • Make your passwords (yes, it stinks, but you have to have a bunch of them) nice and long (8 characters is bare minimum, 16 is considered pretty good) and as random as possible (no, your birthday/anniversary/kid’s initials are NOT random). Include capitalized letters and special characters whenever possible.
  • Your email and banking passwords are SUPER important. You need an unique password for these accounts. ONE per account. Not one per account type (i.e. all my bank accounts use this one password), but ONE specific password for EACH individual banking and/or email account. Banking accounts include anything you’ve tied your checking accounts to such as PayPal or Amazon. Email is especially important, because all those great “forgotten password” tools use your EMAIL to help you reset your password.
  • Your data accounts are nearly just as important. Most people are using the “cloud” to store more and more files these days. Services like Apple iCloud, DropBox, Box.net, Google Drive, Microsoft SkyDrive, Carbonite, etc. are popping up everywhere. They are super convenient, and yet, a poor password on any of these accounts is a recipe for disaster.
  • Use a strong password for anything tied to your credit card. There are probably more of these than you realize. Good examples are your Apple ID, your Google Account (Google Checkout), Amazon, eBay, BestBuy, OfficeDepot, AmericanAirlines, etc. Again, individual passwords are best, but if you must duplicate these, at least pick a good one to copy.
  • Don’t forget your computer password. It’s tempting to keep the login password(s) for your actual computer(s) simple and quick to type in. This can be one of the most devastating passwords to have hacked, as it opens up your entire home network to trouble. And, while you’re updating your computer password, go ahead and strengthen the password on your router (which is actually the very first door a hacker has to open).
  • Use 2-step verification. The most advanced sites are now offering a process called 2-step verification. I’ll be honest, turning this on can be an annoyance, but it’s well worth the small hassle. Basically, this forces you to enter a special code sent via text to your cell phone in order to log in a particular site from a new device. Not everyone offers this (yet), but here are links to a few of the most important ones: Google, Dropbox, Facebook, Microsoft, Yahoo, and LastPass.
  • Remember all your passwords SECURELY with a password manager. Instead of writing your passwords down and “hiding” them on the shelf next to your monitor, consider a password management service. There are a number of these tools, and I’m not really qualified to assess their security, so I’ll refer you instead to a great  Lifehacker article on the topic. Per their recommendations I prefer to use LastPass.
  • Teach your kids. While they may not yet have an online bank account, nor any credit cards to hack, teaching your kids good password practices is a very important life skill. It’ll also help keep other kids (and predators) from hacking their social sites, email, etc.

Now that you know some best practices for password security, enjoy the following info-graphic highlighting just how smart you are compared to the rest of the world.

Advertisements
Tagged , , , , , ,
%d bloggers like this: