The cloud is becoming an everyday part of our business and personal lives, as we move more and more towards fully cloud-based systems that store our own and our client’s information online. With the latest reveal about the HeartBleed bug however, it has become increasingly important that we use strong, unique passwords to avoid being compromised.
Our valuable data is now out on the net for others to find and exploit it if we don’t take the correct precautions, so here’s a hotlist of things you should be doing (besides the obvious) to ensure that all your passwords are as safe as they can be.
Have MULTIPLE Good Passwords
It’s not enough to have one good password any more. If a hacker gains access to one account, the first thing they will do is attempt to access all of your other accounts with the same password and some simple variations. For that reason, you need to have a unique password for every different account and program that you access. This can be daunting for anyone like myself who has trouble remembering a single password, let alone a dozen. Fortunately, there are programs out there that help to make the process of remembering a whole lot easier.
Password Managers
Password managers are hugely useful if you need to remember a large number of different passwords to access different accounts and programs online. The best of these tools actually remove the requirement for you to log into an account every time you access it. Instead the manager does that for you as soon as you access the site. This kind of functionality also means that you can use more complicated, harder to remember (and harder to break) passwords than you might otherwise have because the program does the remembering for you.
Now, I can hear your concern, surely giving your information to another program is just giving hackers one more program to access, except this time they get access to all of your passwords? Fortunately, any good password manager is going to feature encryption software. This means that, even if someone does hack into it (which is already very difficult to do), the information they gain from the hack will be useless to them. There are plenty of password managers out there, but three that come heavily recommended from multiple sources are LastPass, 1Password and KeePass. All three are cloud based and make it very easy for you to import any passwords you might already have saved in your browsers.
Two-Step Verification
Password managers aren’t your only option. If you’re a keen Google user and store a lot of information on their various offerings, you should definitely make use of their 2-step verification system. This is easily enabled through the security settings on your Google account and requires you to provide a code as well as your password whenever you’re logging in from a new location. This code is randomly generated by an app on your phone at regular intervals, meaning it’s very hard to get right if you don’t have access to the phone generating the code. If you do elect to use 2-step verification, make sure to secure your phone as well, otherwise you’re still at risk if it’s stolen.
How to create a strong password
If you’ve got a good memory, or a password manager in place, then there are plenty of good password generators out there that will create a new, complex password for you that will make hackers struggle. However, if you are still uncomfortable with the idea of a password manager, and want to create passwords and remember them yourself; or if you’re not dealing with valuable information online and therefore don’t have to worry about being locked tight, here’s a good list of tips and tricks to create something that’s complex, while still being memorable.
- Speak Nonsense – Too many people use passwords that can be linked back to them. They might use the number of their house and the name of their street, or the birthday of their firstborn. Even that is often too complex for a lot of people. A study last year found that the most popular passwords were ‘Password’ and ‘12345678’. When designing your password, pick something that doesn’t make any sense and isn’t related to you in any way. For example, paddlingcloud. This is memorable for its silliness, but not something that could be inferred by a hacker based on your personal profile.
- Add Symbols – The easiest and simplest way to add complexity is to add some symbols to your password, either replacing letters with numbers, or just placing them at random throughout the password. Something easy for you to remember. So, in the case of my previous example, you could have paddl!ngcl0ud, or ?paddling43cloud12.
- Make It Complex – Adding capital letters is another simple way to add complexity (make sure that whichever account you’re writing the password for is case sensitive). Pick a pattern that will be memorable to you, for example, only capitalize the third letter of each word: paDdl1ngcl0Ud.
- Make It Variable – You’ve already got a memorable password here, but you don’t want to come up with 20 more different ones. So instead come up with a variation that works and is memorable. One I’ve seen recommended is to add a section of a website address to the password somehow. So for example, if you needed a password for our site, you might use: paDdl1ngpoWercl0Ud. Following the systems we’ve already put in place. This method allows you to create a varied selection of passwords which you can still quickly remember even though they differ from website to website.
Hopefully this list has helped give you an idea of what you should and shouldn’t be doing on the internet when it comes to password security. Simply by reading this article you’ve already taken steps that will make you safer online than you were before. Don’t hesitate to get started with the methods listed above, you’ll immediately feel more peace of mind online and so will your clients.
What password manager, if any, do you use?