Every one of us has at least 3 to 10 active accounts on web services like Facebook, Gmail, Linkedin etc. If maintaining different passwords for multiple accounts is not tedious enough, IVLE makes us change our password every three months. Consequently, people end up using one simple (easy to remember) password for all their web services.
Using one password across all accounts puts your digital life in danger. Once one of your password is cracked, the hacker basically has a free pass to wreck havoc on your online identity. This can happen to anyone, even the most tech-savy people. Wired’s Gadget Lab’s senior writer, Matt Honan‘s digital life fell like a deck of cards when hackers managed to hack into his google account.
Don’t worry though, there are a few easy steps that you can take to better manage your passwords.
Don’t be obvious. The first thing to remember is not to keep passwords that can be guessed or searched easily like the name of your child or the birthday of your spouse.
Choosing the right password recovery question is also important. Use questions with answers that aren’t as straightforward or easily googled.
Password hints are also as important as the passwords themselves. Instead of putting obvious hints, put misleading ones with relevance only meaningful to you.
Use passphrases. For a long time, complex passwords – passwords containing numbers, small, capital letters and symbols – was highly advocated for online identity security. However, these passwords are often difficult to remember. Instead, we could use passphrases – a string of words only meaningful to the user – for example, “Nexus4rockswith2gigprocessor”. This not only makes the password more resilient to brute force attacks, but also likely to be more memorable. Check out how secure your passphrase is here.
Use a two-step authentication process. Many of you might have heard about the two-step authentication introduced by Google. It double-protects your account by requiring an additional pin to login. This pin is texted to your phone, or generated through an app. Other services like Facebook and Dropbox also provide this option. Check all the services you use for this option and get it activated for a more secure authentication process.
Alternatively, one can consider hardware-based tokens as a second-step identity authentication. A good example of such tokens is Yubikey. The hardware tokens are more secure as they would be harder to tamper with, as compared to their software counterparts, like the Google authenticator app.
One should also set up another email account specifically for password recovery. In many scenarios, your hacked email account is the hacker’s base to recover passwords for your other accounts. Hence, it is important that you have a separate account for password recovery.
Always change default passwords and delete emails from service providers that come with explicit mention of your passwords.
Lastly, stay informed of the latest security breaches. Read tech news regularly to keep an eye out to check if your web service has been hacked and if you need to take any measures to ensure the safety of your information.
Special Mention: Password Managers
This article wouldn’t be complete without the mention of password managers, a popular form of password management these days. Password managers do provide a mentally relieving automated alternative to the users. These as the name suggests manage all passwords to your web services. They generate, store and deploy complex alphanumericsymbolic passwords, which you don’t even need to know. The only password you do need to remember is the master password to unlock the manager itself. Some of the popular password managers include Lastpass or KeePass.
At the end of the day, do keep in mind that password managers are softwares, and this means that they can be hacked like any other web service.
These methods may seem cumbersome to start with, but once in practice they provide a streamlined and hygienic approach to your digital authentication. Some initial effort from your side can be the difference between you enjoying a nice movie with your girlfriend or her chastising you for the certain photos due to a compromised Picasa account.