Passwords - Top 3 Tips to Improve Your Safety Online
Think for a second about how many different online accounts you use every day. We have email accounts, Facebook, Instagram, Twitter, Snapchat, bank accounts and online shopping accounts, just to name a few. Collectively, almost our entire lives are contained in these accounts, and there is typically only one thing protecting all of these accounts from the prying eyes of hackers: a password. We've all forgotten passwords (yes, even me!) and have struggled to come up with a password that meets some strange set of requirements.
A strong password is your first line of defence against online intruders and imposters. It's integral to the safety of your personal accounts, e.g., email or online account portal. Unfortunately for us, if a hacker manages to break in to one of these services, they often gain access to that password-related information, and the consequences can be pretty bad as we’ve seen in recent memory. I want to ensure our customers are informed and protected, so here are three simple ways to strengthen your password security:
1. Use longer passwords, don't worry so much about complexity!
Why couldn't hackers guess some of the passwords for LinkedIn accounts? I'm going to let you in on a trade secret:a longer password will almost always be more resistant to hackers than a short but complex one!Why? Due to advances in technology, hackers can use special password cracking programs along with relatively inexpensive hardware to guess hundreds of billions of passwords per second!
Let's look at some examples assuming a password must have at least one lowercase letter, one uppercase letter, a number, and a symbol: (Disclaimer: these are only high level estimates!)
What's the easiest way to make a long password? As an example, best practice for services such as your telus.net email or online account include:
Being at least 8 characters long
Contain at least 1 number or 1 special character such as #, $, %
Contain at least 1 lower case letter
Contain at least 1 upper case letter
Consider this: A survey of 2000 web users by Google Apps discovered that a pet’s name, person’s name (e.g. child, partner), significant dates and place of birth are among the top 10 of most commonly used passwords.
Instead, select a random word or phrase and insert letters and numbers into the beginning, middle, and end to make it extra difficult to guess by other people but easy for you to remember. For example, it may be easier to remember a sentence like “TELUS Garden is located at 510 West Georgia Street”. You can then turn that into a password by using the first digits of each word, so your password will become “TGil@5WGS”. A small trick here is you replace the letter “a” which represents “at” by the symbol “@”. Remember, the more characters you use, the more secure it becomes!
2. Don't re-use passwords. Seriously, don't!
Some websites are in much worse shape than LinkedIn was. Some of them store your passwords in a way that means hackers don't have to do any extra work to figure out your password. A long password won't help you here unfortunately, so what can we do?
The only protection here is to use a different password for each site. If a hacker gets a hold of one password, they won't be able to try the same password with your email address on countless other sites. "But John, I have SO MANY ACCOUNTS! I can't possibly remember a different password for each one!" That is where password managers come in. Password managers allow you to remember one awesomely long password and not have to worry about remembering a different password for each site. I'll cover password managers in more detail in a post in the near future!
3. Use Two Factor Authentication if possible
Have you ever logged into a website on a new computer and they ask you for a code that was sent to your email address? That is what's known as two-factor authentication. Two-factor authentication may use email, text messages (this is what Twitter uses), or even special apps you can load on your phone such as Google Authenticator* or Authy.
What this means is that even if someone gets a hold of your password, they can't log in without access to your email account or phone. Keep in mind not all sites support this, but most of the major ones do!
Finally, I’d like to bust one common password myth. Has someone ever told you to change your password frequently? Well, studies from organisations such as the Federal Trade Commission (FTC) of the United States have shown that this actually leads to the use of more predictable, less-secure passwords. So don’t worry about changing your passwords constantly.
In spite of all the doom and gloom about hackers constantly gaining access to different websites, the 3 tips I’ve mentioned will make it much less likely that you’ll wind up in a situation like Mark Zuckerberg did! Stay tuned for my next blog post focusing on one of the best solutions to Tip #2, password managers!
* TELUS is not responsible for the actions of any third party service, application or content provider.