Hardly a day passes without some type of news story where some online service suffers an account vulnerability comes out. For the longest time, I tried to keep all of my login account information in my head or written down in a “safe” place that I could always find. With more and more online services coming out each day, it doesn’t take long for that to become an unmanageable situation. The good news is that there is a variety of tools available to help you get that done. Remember the old catalogs in the days before the internet when you would have three choices for a particular situation – good, better and best ? In this podcast, we will start building the foundation at the good level.
1) Use a password manager application to manage your online account access
There are a variety of applications available to day to fill this need. The more accounts you have, the more important it becomes to be able to have a safe,secure copy of the information available to you whenever it is needed. A good password manager app can also help in keep track of other items such as combination codes for safes, contact information for a credit card company, the security code on your cellular phone account, and a host of other possibilities. A good password app should also be able to adapt to the way you need it to work instead of your having to change the way you do things. A good example of this is with more online sites using security questions and answers to protect your account from unauthorized password changes or as an additional layer of security when trying to login to an account, it is a good idea to have the questions used by the site and the answers you provided be recorded with the account login information.
2) Use a Strong Unique password on each account
If you can do only one thing when you start the process of increasing the safety of your online accounts, using a strong, unique password is a good first step. In a previous post on my blog, I went over the list of commonly used passwords. Another type of password that you should refrain from using is one that is the name of a sports team or type of sport. Passwords like the ones I just mentioned can make up part of what is called a dictionary attack. The tools used for this type of account attack use a list of word that usually come from a dictionary attack. While the easiest to remember, they are just as easy to guess.
In future episodes, I will go over tools that will help you come up with passwords that are difficult enough to guess that it will take more sophisticated tools and even more time in an attempt to be able to guess the password for each account. Best practice for a website or online service should a provide for the disabling of an account, either for a period of time or permanently thereby requiring contact with support to get the account re-enabled. Not every site does this. There is a cost to the site owner to do this as they need to have a manual or automated way of re-enabling an account.
Here is the danger in using the same password on more than one site. If your password is correctly guessed on one site or online service, it goes to the top of the list to be tried at other sites or online services. By using a unique password, you force the would be attacker/hacker to start their process over from the beginning since they dont know what type of password you may have used on the next site they try. When you can using numbers and punctuation in a password you start to dramatically increase the amount of effort required to correctly guess a password.
3) Use a Unique login name on each account
While not as important as using an unique password on each account, using a different login name is another way of increasing the level of difficulty in correctly guessing the correct information to access an account. Some sites are already forcing you to do something similar to this by requiring one or more numbers be a part of the login name. Some sites will only allow you to use an email address as the login name. In that case, you still have an option, depending on what service you are use to host your email. It is not unusual to have one or more “aliases” that can be assigned to an existing account. This allows you to have more than one email account but still have all the emails go into the same account.
No solution can guarantee you that an account won’t be broken into at some point. With enough time and effort, just about any account can be broken into. The trick is to put enough steps in place to make the process take long enough that the efforts being spent to break into your account will be high enough to encourage the attacker to move onto easier targets.
To learn how to protect your other social media and login accounts, purchase a copy of my book “The Hackers Are Coming… How-To Safely Surf The Internet“. This book covers how to protect your other online accounts to make it as difficult as possible for someone to hack into your account.