#TechToolTuesday: Stronger Passwords
Nearly everyone knows that they should be using strong passwords for accessing their online services. But lots of people are picking their passwords incorrectly and, further, they're sharing those password across online services. Both of these practices are bad, and here's why:
Email Is King
Your email password is the most important password. Nearly every online service allows you to reset your password via your email. So, if someone has your email password, they have access to nearly everything else.
Your email password should be unique and not be used for any other sites.
Likewise, use a unique password for any other website that handles your credit cards or transactions in some way like online banking, credit card issuers, PayPal, Apple ID, Google Wallet.
If your service allows it, turn on two-factor authentication.
There is little risk in using same password across less-critical services like Pinterest, Pandora, or espn.com.
Keep Your Password Strong
For a long time, the prevailing wisdom was to use numbers, special characters, capital letters, and all sorts of other things. This had the unintended effect of creating passwords that were hard for humans to remember but easy for computers to guess.
The lesson is that longer passwords are better A 20 character password comprised of lowercase characters is better than an eight character password full of symbols.
This thinking is nicely summarized in the following cartoon by XKCD:
An easy way to come up with a password is to use a song lyric:
Keep Your Password Secure
Don't share your password with anyone and don't put your password in plain text (like an email). If you do (or have done this in the past), then change your password.
If you've typed your password into a public computer in an Internet cafe especially overseas then you must change it when you get home. It is very easy to compromise a computer in an Internet cafe and have the computer email an attacker with the contents of every keystroke.
But I Always Forget My Passwords!
So you've gone ahead and changed your email, online banking, credit card, and brokerage accounts to fresh new unique passwords. Where do you put all of those things so you won't forget?
There are several options for password storage but I use a tool called KeePass. KeePass is free, cross-platform, and open-source.
Also, uncheck "remember me" and type in your password each time you log in to a site. You'll have the password memorized in no time.
Do I Really Have To Do This?
The importance of keepng your online identity secure cannot be stressed enough. The hassle you experience from doing all of these things is far outweighed by the damage that can be done if your banking or email accounts are compromised.