Online Security Tips
A big thank you to Dave Raffensperger and Andrew Chi for this series of security tips! I’ll add links at the bottom of each post to the other posts in the series as they’re published. Here’s the first of several tips to keep your digital life secure.
Security Tip: Use a Password Manager
Have you ever been spammed by a friend’s email or Facebook account? A hacked online account is embarrassing at best and costly at worst.
One strategy hackers use is to break into a site and steal its password data (a number of known attacks have occurred at big names like LinkedIn and Evernote). This spring, the “Heartbleed” bug, which left secure servers open to data theft, brought another reminder of just how vulnerable many online sites can be. According to Wikipedia, the bug affected 17% (around half a million) of the world’s secure web servers and, even over a month after the attack became known, 1.5% of the world’s top 800,000 sites were still vulnerable.
When hackers steal passwords from a site they try those stolen logins in other web email, social media and bank sites to find people who used the same or similar password there. So, to be safe, your passwords should be different for every site and unguessable – like a random string of 16 characters – i.e. something unrememberable… even for you, unfortunately! (Web browsers like Chrome and Firefox can “remember passwords”, but they typically do not save them securely by requiring a master password to access them).
You Just Need to Remember Two Passwords
A secure password manager will require you to know one longer password that allows you to access the rest of your passwords. Web/mobile managers include LastPass, PassPack, 1Password and RoboForm, or you can use an offline one called KeePass. However, you should memorize your email / work password in case you need to access your email without your password manager.
Some websites ask you security questions like “What’s your father’s father’s first name?” or “What’s the name of your first pet?” and then they’ll allow you to reset your password in the future by entering that information. So, if an attacker knew the answers (which they could possibly find or guess), then they could access your account. Prevent this by entering random information for those questions and then storing these random answers in your password manager as well. Doing your answers this way, a hacker can’t guess your information to get into your account and also you won’t need to remember lots of different passwords and security question answers.
This may seem like a lot of work, but you can ease into it gradually. Start by getting a password manager set up and change the password for just one site. Then as you visit other sites, make a habit to reset their passwords to something long, random, and secure (often password managers can automatically generate such passwords for you), and store each unique password in your password manager.
What’s your strategy for keeping your passwords secure? Are you using a password manager that you’d like to recommend?
Guest Post by: Dave and Andrew
Andrew Chi is a Ph.D. candidate in Computer Science at UNC-Chapel Hill.
- Learn more about Password Managers from Top Ten Reviews, including how secure the password managers are:
- The Security Series:
- The photo for this post is the “lock of an ivory… reliquary casket. The combination lock is made of gilded brass with Arab letters,… ca.1200. Treasury of Saint Servatius Basilica, Maastricht, Netherlands.” This photo is part of a project by Kleon3 to categorize thousands of Dutch monument images for Wikimedia Commons.