How to Keep Your Passwords Safe
Internet security is complicated, but it’s also incredibly important that everyone understands the basics. Many realize that making a strong password is necessary, but few take the precautions required to keep those passwords secure once they’ve been made. Here is an overview of how to keep your passwords safe.
Can you keep a list of passwords lying around?
The answer to this question seems obvious, but is it really? Is there any way you can keep your passwords organized without compromising security?
As it turns out, you can. The key lies in how much extra effort you’re willing to put it.
For example, take a straight list of accounts and associated passwords. Keeping that lying around, whether it’s on your computer, phone, or desk, is a recipe for bad news. If someone gets to it (and there are many, many ways to get to it), then you’re compromised everywhere. Not only that, but you might not even know you’re compromised until it’s too late. Hackers in such cases aren’t necessarily going to immediately go out and use your information, they might sell it to a bidder who will use it later.
However, you can get around this by adding a little bit of extra security. Instead of having a list of accounts and passwords clearly written out for anyone to see, consider using abbreviations, acronyms, or hints that only you would recognize. If your password is “John90”, consider writing down “Johnbirth” or even “namebirth”.
Similarly, using the same password for multiple things is frowned upon, but if you do have several common passwords, you can give them short labels. Instead of writing out entire passwords, simply jot down that a given account is associated with “password 1” or “password 2” and so on and so forth. As long as you don’t write down the exact meaning in the same place as the password list, an opportune hacker won’t be able to make much use of it.
If you absolutely do need to write down passwords, possibly because you use randomized passwords that are changed at regular intervals, then you should never store them all in the same place. Keeping them separated and in unexpected places can make them useless to opportunists, especially if you don’t explicitly label what they’re for.
The general idea here is that you can use lists as reminders, but you should limit them to being simple reminders. They should never be comprehensive guides on how to break into all of your accounts and if anyone but you can look at the list and figure out how to get into an account, you’ve done something wrong.
Is your browser trustworthy?
When logging into sites on your browser, it’s natural to wonder whether the whole system is safe. Could someone be copying your passwords as you type them in? Could your very browser and stored login information be compromised?
For the former question, the answer comes down to keyloggers and whether you have one. A keylogger is a (generally hidden) program that records every key you press. Obviously, this can be used to steal login information, but it can also be used for more legitimate purposes, such as employers monitoring their employees. Fortunately, most keyloggers can be easily caught if you have a competent antivirus program.
As for the storage of information in your browser, the answer is a little more complicated. Firstly, there isn’t just one simple type of program like keyloggers that you need to worry about. There are a number of different types of malware that can infect your browser and get ahold of your passwords. Some might redirect you to a page that looks like a normal login page, yet is entirely unrelated. When you enter your login information, it’s effectively stolen, a prospect that is doubly dangerous considering that the thieves know exactly what site the login information is used for.
Additionally, some malware may try to get the passwords stored by your browser. These are the usernames, emails, and passwords that are used in autocomplete. Fortunately, it’s pretty difficult for malware to break into this specific section because direct access generally requires some additional verification on your part, such as the password to your account on the computer itself.
For both of these subtypes, there are two main solutions: a good antivirus and plugin monitoring. Having an effective antivirus is pretty straightforward and there are many free options that offer excellent protection. As for plugin monitoring, you should make a habit of checking your browser’s plugins from time to time. Look up anything that seems suspicious and remove them if necessary. Most people only have a couple of plugins enabled, so this shouldn’t take all that long.
What is two-factor authentication and why is it important? Is it different from two-step authentication?
Two-factor authentication is a security system that combines two separate elements. It features some combination of knowledge (what you know), possession (what you have), and attribute (what you are). For example, a phone app might ask you for a password (knowledge) and a fingerprint (attribute).
Two-step authentication is another type of security system that combines a known password and an unknown element that is sent to them via other means. For example, a site may have you log in via password, then send a separate code to your phone number or email and have you enter that.
Functionally, these two systems are fairly similar in that they vastly increase the security of a login. If an attacker doesn’t have your phone or email, then they won’t be able to break through a two-step authentication process even if they have your account name and password. This greatly increased security is why you should set up such options if they are available. The additional layer may seem like a hassle, but the dramatic increase in protection is well worth it.
Is this all it takes to keep your passwords safe?
Though these tips can be very useful with minimal investment on your part, there’s always more you can do. If you’re willing to put in a little more effort, then changing your passwords regularly, taking the time to memorize randomized passwords, and never letting your browser store passwords can be used to maximize security.