Protect your Digital Stuff!
“What’s your Netflix password?” A friend asked one day when visiting for a weekend. I grabbed my phone, opened the 1Password app, and proceeded to recite the 13 characters generated by 1Password as my Netflix password.
“That’s weird.” My friend mumbled after a short pause. “I use the same password for everything.”
This is something that I hear all of the time — not just for passwords, but usernames, and security questions, too. Doing this makes digital identity theft easier than traditional identity theft, and in the day and age where more and more things are taking place online, using your dog’s name to log into your Netflix and bank account are sure fire ways to make yourself an easy target.
So now the question is, how do we make our online lives more secure without adding too much friction to getting into what we want?
Keep in mind there are plenty more options and methods out there you can use. There are two methods I prefer: first is using a Password Manager like LastPass, 1Password, Google Chrome’s Password Manager or Apple’s iCloud Keychain to store and manage all of the personal identifiable information you use on the internet. The second option is to use little tricks to create easy to remember passwords for the sites you use all of the time, while still ensuring they remain different.
A Password Manager is software and/or services that store passwords using encryption, and in order to gain access to your passwords, a Master Password is required to decrypt the entire database. Like the examples I mentioned above, Password Managers can all also be used on Smartphones and Tablets, so in essence, you need to remember only a single, ideally very strong password. The Password Manager remembers the 200 different logins, passwords, and Security Question answers you have created.
I have been using this method since 2008 and it has not let me down and it has made my digital life a whole lot easier to handle. When I am surfing with Safari or Chrome on a desktop or portable computer, and a new usernames or passwords is needed, the LastPass extension asks if I want to generate a random password, and then saves the information.
Creating Easy to Remember - Hard to Crack Passwords
Some people may not be comfortable not knowing their passwords. In this digital age, when we don’t recall phone numbers, a Password Manager which features a two factor authentication will protect us, and allow us to focus on more things than whether the Netflix password has a capital ‘R’ or a lower case ‘r’.
It is a common practice use dictionary words with a mix of numbers when creating passwords. These can either be easily guessed if the thief knows who you are, or easily brute forced if the word can be found in any dictionary. So that password you have used for 5 years, Rover2014 is not a good password. Something closer to M2ndbdRim1fp2014 is complex enough, and would not be easily guessed.
“How could I ever remember that password?!” I can hear your minds all collectively exclaim. Easy! I chose a sentence and took the first letter out of every word, to create the password, and stuck a number on the back of it for good measure. My sentence was “My second bulldog Rover is my first favorite pet.” All I have to remember is that I replaced the numbers and tagged on the year at the end. I kept the same sentence structure so it is easy to remember where the capital letters are.
If you are concerned about forgetting your sentences, you can use the password hints the site may allow, or choose something easier. Like your favorite lines in a movie or book! Idnlgeah.IdnltS-I-a! - This one? It’s a famous line in Green Eggs and Ham! Can you find it?
Now, a risk that is evident with an online Password Managers is there is a single point of failure. If my Master Username and Password are discovered, the thief has access to everything. This risk is mitigated by two-factor authentication which adds an extra layer of security. Logging into my Password Manager, not only requires a username and password, but also a one-time code which the Password Manager sends via text or an app to my phone to initiate the login.
Some other Tips and Tricks
Having a set of great passwords and using two factor authentication is not the definitive answer to password security. Using the same Usernames and answers to Security Questions can give a thief access to your account without having your password if they can successfully find the answer to your mother’s maiden name or childhood street address. This is a common practice used to recover your password from websites. The use of standard security questions is not ideal, however until sites give us the option to fill out our own Security Questions with the questions we want, what can we do to protect ourselves?
First, use a different username and recovery email address for as many services as possible. This will serve you well if done properly. For instance, when you use firstname.lastname@example.org for your Netflix password and your bank, if the thief can figure out what email address you use for these services, they can target accessing that email to gain access to everything else. What is great about modern email providers like Gmail, Outlook, and Yahoo is they allow you to create email aliases. An email alias will allow you to send mail to an “alias” email you create that ends up in the same inbox as your main account. This way, your Netflix Username could be masked better as email@example.com, and your recovery email could be forgottenpasswrdROFLcopter@gmail.com. Using email aliases makes it harder for a thief to recover or change the information because the thief cannot find the pattern in your email.
For sites that require a username, but is not social (like some banks, schools, and utility sites) - I like to “Generate a password” with my password manager with 10 to 14 characters with a mix of letters and numbers and just have that username saved. This is a great step for Security Questions as well. Creating a random string of characters verses having good ol’ Rover protecting my password reset ability helps ensure that my online identity is safe. With all of these tools at our disposal, even if the companies we entrust our information to can’t always be perfect, we can take the necessary steps to protect all of our digital information . I always imagine it like a big digital vault with different tricks to get all of the keys. Kind of like that iOS game The Room. Only, I’m the one that built the box, and only I know where the keys are.
Things to keep in mind
Keep changing your passwords, especially the Master Password!
Just because your passwords are random, does not mean you should not change them. I would say it is safe to change them less often (i.e.. not every 30 days), but every 3 to 6 months is a good goal, especially for that master password! Afraid you’ll forget? Set a reminder on your computer or your phone.