Password & Account Security

May 06, 2014

Internet privacy is an especially hot topic these days, between surveillance programs, social network tracking, and the Heartbleed SSL bug. While websites are getting more secure, hackers themselves are also smarter than before. In 2005, 1.6 million identity theft incidents were reported. In 2012, almost 17 million incidents were reported. With constant attempts at hacking going on around the world every moment, becoming a statistic is not something you want to occur. While significant financial loss is re-mediated by bank insurance, the hassle of identity theft can take months or years to put behind you – from poor credit to the need to create entirely new accounts. Not to mention, you may not be aware of the identity theft until long after the fact. There are some tips for keeping an eye on your identity in a previous post.

Change your passwords

This is your number one threat to yourself: choosing a weak password. The most commonly used password is literally “password”. In fact, 40% of all passwords are in the list of 100 most commonly used password, and 70% are in the top 500 passwords. In other words, almost three-quarters of all internet users can have their accounts hacked in a blink of an eye.

Now that you’re properly scared, check how strong your passwords actually are (don’t worry, the tool is encrypted and secure, and anything entered is deleted immediately after the test). You’ll be amazed at how fast your password can be cracked.

Once you’ve tested your passwords, go and change them. Use some of the strategies on our password tip section, and you’re probably going to want to store them somewhere secure. Here’s an obvious tip: don’t write them on a post-it note affixed to your monitor.

It’s also worth looking into password management software, such as 1Password or LastPast, both of which allow you to store all your passwords (encrypted of course) behind one single password.

But seriously… change your password at least.

Two-Step Authentication

Now that you’re daunted by the task of mass password changes, there is a simple step that you can take which makes your accounts many-time safer. Most hacking attempts occur by brute force – effectively trying passwords (at a rate of thousands or millions a second) until one finally works. However, by enabling the increasingly popular Two-Step Authentication you can stop them right there. Where you go to login, and input your username and password (correctly), you are then prompted to input a unique code. Depending on the site/service, this code can come in an email to you, a text message, or instantly generated on an app such as Google Authenticator on your smartphone.

Many sites and services support two-step authentication already, and more are embracing it. To list a few:

  • Google accounts (Gmail, YouTube, etc)
  • Microsoft accounts (Hotmail, Office 365, Outlook.com, etc)
  • Dropbox
  • Facebook
  • Twitter
  • LinkedIn
  • Evernote
  • PayPal

While this may seem like a hassle at times, in most cases, you can set it so that once you’ve logged in with a device, you won’t be prompted again on that device. However, this extra couple seconds it takes to log in can easily save you from hours, days, or years or headaches.

Public WiFi

These days you can easily jump online at Starbucks, McDonald’s, the airport, and on a train. The convenience is unprecedented, yet you need to be wary of what you’re using the public WiFi for. Just as the name implies, it is public. Just as you wouldn’t stand up in the middle of Starbucks and holler out your Social Insurance Number (really, don’t), you need to be conscious of what you’re transmitting over public WiFi networks. It is incredibly simple for hackers to use these unsecured networks to obtain everything you’re sending over the network, from your banking information to your passwords. Therefore, consider to connecting to VPN or ensuring that the site’s you’re browsing are using HTTPS (check the url to make sure it’s instead of http://yoursite.com). More more tips check out this article on staying secure on public hotspots.