Passwords are the key to accessing your online presence, whether it’s your banking accounts, social media or apps on your mobile. Keeping them safe is of the utmost importance since anyone who has access to them can either steal from your accounts or impersonate you.
Here are a few tips which will keep your passwords safe.
1. Safety in Variety
Never reuse your password. If one site does get hacked, the first thing cybercrooks do is buy these databases of hacked passwords and try them elsewhere. Always use a fresh one for every new signup.
2. Strong passwords are easy to remember but hard to guess
Despite various recommendations on keeping cryptic passwords, make them long and unguessable, humans are not geared to remember a bunch of random numbers or letters.
A password with a bunch of random words, capitalisations and symbols are easier to remember like gReedy#dOnkey^criEd which is easier to remember than a random Ge8&fg28bn8!
Easily guessable passwords like 12345678901, showmethemoney or mypasswordrocks though they may be long, are not secure. Password crackers use number combinations, dictionary words and phrases from sports or pop culture for breaking passwords.
3. Use Secure HTTPS connections
On websites, make sure you enter your password on Secure pages only. If your browser doesn’t show a lock icon in the URL bar, edit the URL and change the website address to start with HTTPS instead of HTTP. The HTTPS signifies that the browser encrypts the communication between you and the server, so no one on the network can read the password you submit.
Unsecured pages, don’t provide that protection – someone on the same WiFi network can snoop on the network traffic pretty easily and read your username and password while you login in and steal your credentials.
4. Keep your passwords in a Vault
If you sign up for new sites, apps and services very often, don’t depend on your skills to recall passwords. No matter how random we think, our random passwords are we tend to end up reusing them across.
Use a password manager like LastPass, 1Password DashLane or KeePass which will help you generate truly random passwords, and help you fill in these passwords. With a password manager, you don’t have to strain your brain to remember those complex password passwords for each site. They also suggest secure passwords for you when you are signing up for a new site.
All popular password managers integrate well within your favourite browser, with a simple and clean user interface with accompanying mobile apps to automatically fill in your username and passwords on sites. In all the good ones, your passwords are encrypted using secure encryption algorithms with your master password as the key to open them. This means that when they upload the passwords to the cloud, the companies cannot read your passwords without your master password – so they are ultra-safe.
These days browsers like Safari, Chome and Edge also come with built-in password managers, which allow you to save your passwords, so there’s no reason to stick to easy passwords or repeating the same one across different sites. These are less secure than the dedicated password managers since there’s no guarantee that Google or Microsoft can read the passwords you sync.
If you do insist on staying low tech and writing your passwords down in a notebook, don’t keep it lying around near the computer. Lock that up nice and safe.
5. Lock your Mobiles and Laptops
If you use password managers on your mobile or laptops, always set a screen lock with a password to unlock it when you’re away. What’s the point of having your passwords safe in an app, by your laptop open for anyone to steal your passwords?
6. Give unknown apps and public computers and WiFi a miss
Do not enter your password on a public computer, like the ones in an internet centre or other’s mobiles. If an unknown app or website asks you your email, banking or social network’s account details, do not enter it there. If you connect to a public Wifi like the ones at a coffee shop, hotel or airport, do not type in your passwords since we don’t know who’s snooping around on those networks. If you really have to use public Wifi, use a VPN service to secure your connection.
7. Use the Second Factor of Authentication
Second Factor Authentication (2FA) is a fancy name for a One Time Code (OTP) which sites or banks send you on your mobile or email to gain access to your account. Where ever possible, enable 2FA on your account, so even if your password gets compromised, people cannot gain access to your account without entering the code.
8. No Passwords and OTP over phone calls
Despite how urgent the call may seem, do not share your passwords, ATM pins or OTPs over the phone. Banks or sites never ask for this over the phone. Even if the person says that he’s an authorised bank employee, don’t do it! It’s surprising how often these phishing attempts take place.
I’ve had seemingly genuine callers from banks and insurance agencies ask me to verify my date of birth, phone numbers and OTP codes which appear on my mobile over the phone. I end up telling them that I’ll go over to the offices to do any verifications.