Tips for password security

There have been a number of well publicized hacks in the last few years.  The most recent being Heartbleed.  There is nothing truly secure, but that doesn't mean you shouldn't do everything you can to keep your information secure.  I’ve got a few tips to share with you to enhance your security, and do it easily.

Whenever possible, you should enable 2-Factor authentication. 

Two-factor authentication just means two ways to prove you are really you when accessing data.  The most common version of this is your ATM card.  You have to have the card and your PIN to access your account.  With a credit card, even with the CCV code on the back, anyone with the card in their hand can access the account.  Two-factor authentication for websites is implemented so that when you login from a new source, you will get a text or an email with an additional code.  The thought being that a hacker may get your password, but won’t also have your phone or access to your email.

Facebook, Google (gmail, youtube, Google+, etc), Twitter, Apple and many other sites now offer two-factor authentication.  Use it whenever possible.

Use a unique password on EVERY site. 

Even with Two-factor authentication, it is important to use a unique password everywhere.  This may sound difficult, and it can be a challenge.  However, there are tools that help with this.  Lastpass and 1Password are both password managers that will offer strong passwords and manage them for every site.   I personally use Lastpass.  It allows me to organize the sites so I can easily find the one I’m looking for.  There is a mobile app to securely access the login data.  They also have a security check you can run that will analyze all of your password information and report weaknesses.  I recommend starting out using the tool to manage your existing passwords, getting used to how it works and then changing your passwords once you are comfortable with how the application works.

What makes a strong password?

The simple answer to this is the number of characters in the password.  It is best to use a combination of letters, numbers, and special characters, but it’s more critical to use a long password.  I recommend at least 12 characters, but longer is better.  You should avoid using any dictionary words, or even common substitutions like a ‘4’ for an ‘A.’  Substitutions like that are not any more secure than the dictionary word it replaces. 

What are the most important sites to secure?

Most people assume online banking and credit card sites are the most important to secure, and they are.  However, THE most important site to secure is email.  Your email account is the key to resetting any password.  One way to improve security is to setup an email address just for registering accounts.  Use a different email address for correspondence.  It is also very important to secure social media accounts.  If a social media account is hacked, you expose all of your friends or followers to hacks.