Those crazy Russian hackers (but not this guy https://www.youtube.com/watch?v=Sp47lvGR8Ek) are at it again. Hold Security reports (http://www.holdsecurity.com/news/cybervor-breach/) that a Russian crime ring hacked nearly half a million websites and amassed 1.2 billion unique user names and passwords which belong to over half a billion email addresses.
If that doesn’t scare you, that’s great news because that means don’t use the same password at multiple websites. However, password management developer Dashlane reports that 70% of users use the exact same password on a minimum of nine websites. With an email address and a 70% likelihood of getting a hit, hackers can turn to financial websites and feel confident that they will hit several nice paydays.
Using an insanely complex password (for example, Kl#_9i%E3) – like we’re all trained to use these days – doesn’t help because the hackers can still get to your wallet if you use the same insanely complex password everywhere.
The solution? Use a different password for every website. Yes, I know. What a royal pain that would be. Keeping up with that would be a nightmare. But with a little planning, and the tips below, you can rest assured that your online accounts are safe, secure, and separate from each other.
1. Long Password vs. Complex Password
If you have to choose between a long password you can remember, like OurDogIsABlackLab, or a short password you can’t, like the above Kl#_9i%E3, go with the long password. There are two reasons for this.
The first is, you can actually remember it and won’t get frustrated having to reset your password all the time. And you won’t have to write it down.
For the second, click on the comic to the right for a better and simple explanation that I could ever give. If you don’t want to read the comic strip, the summary they give is that we’ve been trained to make passwords that are easy for computers to guess, but hard for humans to remember.
While you’re making that long password, throw a number or punctuation mark into the mix just to crank it up a notch and satisfy those password requirements: Our2ndDogIsABlackLab or OurDogIsABlackLab!
2. Use Different Passwords for Different Kinds of Websites
I just did a mental count of all the websites that I have to log into. Without thinking too hard, I hit 50. These include bank accounts, investment accounts, credit card accounts, household utilities, email accounts, social media, my blogs & websites, other people’s blogs & websites, entertainment websites, tools & utilities, and others. It’s a long list. If I really did an exhaustive search, the count would probably come in well over 100. That’s a lot of separate passwords to keep track of. So I segment my websites into several groups to limit the number of passwords I need.
- Financial websites – any website that has anything to do with my money gets a unique password. Period. This includes banking, investment, credit, shopping, and even my personal email address.
- Social Media – like financials, these get a unique password.
- Websites I Manage – I cluster these. All accounts (website administration, email, online tools) relating to a single website get an group password. I do this to simplify my life a little when I’m logging in and out of accounts to manage a website and its tools.
- Entertainment – online games, IMDB, and other such money-less entertainment website get the same password. If someone hacks one of those sites, what can they really do? Lose all my current chess games for me? I do a pretty good job of that on my own.
3. Use a Password Manager
Even if you are using long but memorable passwords and you are grouping your passwords so you don’t need quite as many, you will probably still come up with a long list of unique passwords that must be maintained. Using a password manager – either home grown or store bought (on the internet) – can help you stay on top of all these new passwords.
Home Grown
Unless you are Big Bang Theory’s Sheldon Cooper you will have to write your passwords down. If you go this route, please don’t write down the actual password. Write down a reminder that only you will know. For example, your password might be a combination of your favorite song, “Open Arms” by Journey, and the year of your first car, a 1987 Chevrolet Cavalier: JourneyOpenArms87. For your personalized reminder, you could use “prom + chevy” since the song was played at your high school prom (it was played at everyone’s high school prom, right?) and that Cavalier was the only Chevrolet you ever owned.
By using personalized reminders (your first dog, the name of the street you lived on in first grade, your first grade teacher’s name, etc,) a list of passwords like this could be extremely difficult to crack without someone hacking into your brain.
Store Bought
A number of companies offer great password management programs. Ranging from free to around $50 per year, finding one with the right feature set for you and your wallet won’t be hard. Below is a list ot get you started. Some (maybe all) of these will even generate the passwords for you.
- Dashlane - http://www.dashlane.com
- Free or $40 per year
- LastPass - http://www.lastpass.com
- $12 / year
- Keeper - http://www.keepersecurity.com
- $10 / year basic or $30 / year unlimited devices
- Password Box - http://www.passwordbox.com
- Free
The Quick Takeaway
The weak point in almost any security system is the shortcuts that we humans take in order to make them easier on us. Reusing passwords on multiple websites is a definite shortcut that helps us in our daily lives, but undercuts our online security and leaves us vulnerable.
Follow these three tips and get a good night's sleep.
By the way, I use the home grown variety. What password manager do you use? Or which ones have you used?