You may be surprised by how many usernames and passwords you have to use on a regular basis. I typically use a combination of Last Pass and other tools, which I personally find really helpful. So, when I took a quick peek at the long list I’ve carefully curated over the past few years, I expected to see maybe 80 or 90 different accounts. What I actually had was log-in credentials for over 230 different sites and applications. Banking. Travel. Online publications. Kids’ educational platforms. Work applications. Public transportation apps. Numerous cloud services. Multiple streaming services. Social media. Shopping sites. Wow.
It would be almost impossible to create and remember 230 individual usernames and passwords for all of those sites. But if there’s one thing I’ve learned, we should never recycle or re-use passwords across multiple accounts – and it’s especially important to separate work and private applications. Why? Because if just one set of our credentials is compromised in a breach, they can potentially be used to take over your email, bank accounts, and more. The results can be catastrophic and very hard to resolve.
The Scouts were right: “Be prepared”
Personally, I haven’t always been good about staying on top of my passwords, but I also haven’t fallen into the trap of using simple passwords like “password” or “qwerty.” No judgement, but we can all do better, right?
In fact, there are a lot of things that we can do to safeguard our online presence, stop our identity from being stolen, and keep our employer’s data away from prying eyes. There’s never a bad time for a refresher.
With that in mind, take a look at the following common-sense tips, inspired by a recent CNET article.
1) Re-using or ‘recycling’ passwords is verboten
One breach is bad enough. Now imagine what would happen if the credentials for all of your applications and services were compromised. The best way to isolate the possibility of being breached is to use unique usernames and passwords where possible.
2) Don’t mix passwords between private and work
Do you use your personal smartphone to access Outlook, Webex Teams and other work applications? One of the best safety precautions is to make sure that you use different login-credentials across private and work applications. Losing your personal information is bad enough but losing customer data or proprietary corporate information can potentially leave you liable for damages, too. Sharing is caring, but not in this case.
3) Use 2FA / MFA
There are lots of great tools that help with two-step or multi-factor authentication. Most times, if a site or application requires additional verification, I opt to receive a text message on my smartphone. This has worked well for me so far, but as the CNET article points out, there is a risk. Hackers could “steal your phone number through SIM swap fraud and then intercept your verification code,” which would totally defeat the purpose.
So, to kick it up a notch, I’ve used Google Authenticator, Microsoft Authenticator and Authy among others. There are also more robust identity management and authentication tools from companies like Identity Automation that work seamlessly with most platforms and are ideal for organizations with multiple employees.
4) Use longer, more complicated passwords
The longer a password, the more difficult it is for hackers to crack. In the past, many of us thought that a mix of eight letters and numbers would be enough. Instead, think of unique phrases, book titles or sayings that you can modify into a password. Here’s an example. “One Flew Over the Cuckoo’s Nest” can become “1Flew0verTheCuck00sN3$t?” Use a mix of numbers, letters, capitalization and special characters to make something unique that you’ll be able to remember.
5) Yes, password management tools are your friend
Admittedly, as passwords get longer, more complicated and even more unique, it’s impossible to remember them all. That’s why password management tools can be an excellent option.
Yes, there are possible downsides. These tools have been (and will continue to be) a target for hackers because they contain a treasure trove of user data. As recently as late last year, one of the most well-known products, LastPass, was found to have a vulnerability that could have allowed websites to steal user credentials via a Chrome or Opera browser extension. The company dealt with the vulnerability quickly, and now posts an FAQ on its site that outlines how it stays ahead of would-be hackers.
TL;DR: password management tools are generally a very safe, easy, reliable and effective way to store and manage the log-in credentials for all of the websites, services and applications you need. But as with everything in life, caveat emptor.
6) You’ve been hacked (and you didn’t feel a thing)
All of this advice would be utterly useless if your credentials have already been compromised. Want to find out if a hacker already has the log-in or password details for your account? Google has an excellent online tool called Password Checkup that show you if your email addresses and passwords have been compromised in a data breach.
And if you want to know whether that extra special password you’ve spent hours thinking about has ever been used before, check out Have I Been Pwned. You just need to drop a password into the tool to see if hackers have already stolen that password in previous breaches. If it has, don’t use it. Period.
Stay safe out there, people.