We’re all asked to sign in to a myriad of web sites daily for our jobs, shopping, managing finances, or reading current events. Not only do these sites have conflicting requirements for passwords, they have vastly different security goals for storing passwords and other account information. Because passwords, especially in combination with your email account, are the key to so much of your private information, here are some rules to live by:
- Use strong passwords. Most of us think about using passwords we can remember, which generally translates into 7-11 characters. It takes around 6 hours to crack an 8-character password even if you’re following the standard instructions to use a capital letter, lower case letter, number, and character when you create the password. Instead of passwords, consider using a passphrase (sentence or string of 3-6 words) with 16+ characters. It will be more secure and easier to remember than a random string of characters.
- Don’t re-use your passwords. Passwords for highly sensitive accounts such as your Onyen or your bank should never be re-used. One time only.
- Don’t create accounts unless it’s absolutely necessary. Many websites want you to create an account so they can market a product or service to you or make a future checkout quicker. Don’t fall for it.
- Use a password manager. Password managers, like LastPass, will help you manage all your passwords, making it easier to create strong passwords and not re-use them. With a password manager, you will need a single strong password that you must remember to access a vault of stored user names and associated passwords for each site you create an account for. But if you forget or lose your master password, you will lose access to the entire vault, so make sure you write it down and keep it physically secure or memorize it. To protect these cloud services from breaches, the sites typically only store a mathematical representation (a hash) of your master password that is useless if stolen.
- Think carefully about letting a web browser store your password. If you are the only user of the computer and you take full system backups, there shouldn’t be any problem. But on a shared computer, it could make your password(s) open to everyone who accesses that device.