Are Your Passwords Strong Enough?
When you work at home, online security should be a big deal to you. Your professional life can be badly damaged if your major accounts get hacked. Too many people use really easy passwords, or worse, use them over and over on a variety of sites, leaving themselves vulnerable on many sites if just one gets hacked. Having strong passwords for important accounts is vital.
There are a couple ways to go about creating strong passwords, and they don’t have to involve a lot of complicated rules. Some websites make strong passwords more difficult than others to make, often by limiting the number of characters to a number too small to provide true security. 8 characters, even if mixed in with numbers, capital and lowercase letters, and special characters, really isn’t all that secure.
Here are some ways you can create strong passwords for most sites without making your own life too difficult.
Use a Password Manager
I use LastPass for my passwords. It’s pretty secure – you have to use your master password to get into your account. There’s a simple browser addon to install, then it fills in your login data for various sites as you use them, once you’ve saved that data into LastPass. I find it really easy, and it works well with most websites. The basic level is free, but you can go to Premium if you want the mobile app or other features.
LastPass can generate those absurdly complex passwords for you, at whatever length you require. That’s really handy when you come across a site that limits the number of characters you must use. I keep them on the long side for most sites, only cutting it down when a website insists on something shorter. Banks in particular are often ridiculous about insisting on shorter passwords, which drives me up the wall!
LastPass encrypts your data, and it only decrypts locally on your computer, which keeps it safer. You can even add multifactor authentication so that just having your password is not enough for someone to get into your LastPass account.
The big thing people fear with a password manager is that it is a single point of failure. If something goes wrong with it, you have a big problem. I feel comfortable with how LastPass handles my data, so I don’t consider it to be a big problem.
Use a Passphrase
If you don’t want to use a password manager, a passphrase that you use is a good solution. You’ll still want to vary from site to site, but that’s just a matter of coming up with rules you can use for the variations on different sites. Many people use their phrase plus a couple of special characters, plus something to do with the website the password is for.
Think of a phrase that won’t be obvious to others. Inside jokes, a favorite quote that isn’t too long to type in, a memorable event, etc. Don’t be too picky about length if you can stand typing it in and the site allows – longer passwords are far more secure in general.
Don’t Reuse Passwords
Reusing passwords is one of the biggest security mistakes you can make. It’s one thing to reuse passwords on sites that won’t impact your finances or professional reputation; it’s another thing entirely if you reuse a password where those things matter.
Hackers can get passwords more easily from minor sites with weaker security, and all too often those passwords will give them access to other accounts that really matter. The more important the information your account on a site is to you, the stronger and more unique your password needs to be.
For those times you need to reset your passwords, you may have to answer a security question. The problem is that too many security questions are things someone could look up about you if they chose to do so. There’s a reason why banks no longer rely so much on the “mother’s maiden name” question on new accounts, although older accounts may still use that. My credit card company recently had me change to a new security question because that one is so out of date.
But many of the new questions are really only a little more secure. Come up with a standard answer for them, but don’t be honest. Have a little fun with your answer. You can even use password rules on it… not like any site checks to see if the answers you give mean anything. They’re for your personal use.
Be Sure You’re On The Right Website
The most secure password in the world isn’t secure if you just give it to the wrong website. If you get an email from a website telling you to log in for some reason, type the domain name in rather than click the link in the email. Phishing emails try really hard to look official, and sometimes even a careful person will fail to notice that the URL is wrong when they hover over the link.
These are some of the ways you can protect your important accounts with strong passwords. While there’s no guarantee that even a strong password will always keep your accounts safe, it’s a great place to start. Do you have any suggestions I’ve missed?