Password leaks and hacks have become almost a commonplace. In 2016 alone we had breach of 117 million emails and passwords from LinkedIn, 43 million of Webly users, MySpace and of course Yahoo!. Twice. Oh and again in 2017.
Computer security is not easy and there are many challenges that providers need to face. Imagine you have a castle build on a mountain top that has millions of users running through their gates every day to do their work from within the city. There is only one legitimate entry to get to get in and you also need to know a secret phrase so the guards will let you in. But you also have guards that need to change 3 times a day and might take a nap at times. You have windows from sides that aren’t as secure as the main gate and I’m not even talking about the aerial approach. My point is that the companies need to think about security from almost every possible angle however the bad guys only need to find one tiny weakness that can expose the whole castle. That is hard.
My point is that the companies need to think about security from almost every possible angle however the bad guys only need to find one tiny weakness that can expose the whole castle. That is hard.
I am not trying to justify poor security at any of those companies and mainly not at Yahoo!, who didn’t even bother to invest in security, but I want you to understand what is going on here and that you need to play your part in order to stay secure.
In case you missed it, Mark’s Zuckerberg account got compromised last year because he used the same password that got uncovered in LinkedIn’s leak earlier as he used for Twitter. Voila! They were in.
Now you’re probably thinking what you can do with internet security if even mr. Zuckenberg isn’t safe. Well, it’s actually pretty easy and Mark has done it right after the compromise – he used two factor authentication and he changed his passwords. (2FA is a system which allows you to authenticate using a password, something you know, and something you have, like an SMS or a special code from a smartphone app that changes every 60 seconds). Do not be scared by the complex way it sounds, it only prompts you for your second factor authentication if you connect from an unknown device or location, not every time.
So now finally, how do you secure your password?
You have at least two options and I would advise you to use both for services that you find most valuable, like email, social media accounts and banks.
- Use 2FA or two factor authentication
- Use strong and non-repetitive passwords
I get it – this might still be too nebulous for some people so let’s look at it practically in a step-by-step approach. Roll out your sleeves, this will take a moment. Or two.
- Identify your primary email address
- Secure it with 2FA authentication. If it’s Google, download Google Authenticator and enable it in Google Account Settings
- Change their passwords to unique ones (don’t zuckeberg it!)
- Make sure you add recovery email and a phone number
- If you use Twitter, Instagram or Facebook, do the same
Next step involves a password manager – it’s an application that remembers all your passwords and you only need one to access all of them. “Woohoo, stop there cowboy!” I hear you yelling at me, “I don’t want to give all my passwords to someone just to get them all stolen!”. Understandable but let me briefly explain how it works. First of all, your passwords are protected with a strong password you create, like a phrase from your favourite poem, song or something that you can easily remember. Secondly LastPass never receives your master password nor your passwords in a readable form, they only receive the encrypted vault and can’t access it, even if it gets stolen. Breaking into it would require hundreds of years with current technology. To sum up, your passwords database is always encrypted locally before sent to their servers.
- Now register with a password manager like LastPass/Dashlane or 1password. I personally prefer LastPass and have been using it for years. LastPass is also the cheapest option at $12/annum for the premium features. Don’t worry, you can use it completely free without paying on PC or Mac – paid option is for mobile only.
- Import all of your passwords from your system and browsers
- Now change LastPass’s settings so it logs you off after period of inactivity or when you close your browsers. This is essential to protect your passwords as well as making sure you don’t forget your master password as not even LastPass is able to recover it for you
- Disable saving passwords in your browser, it’s not secure
- Use unique, generated passwords (use alt+G for LastPass)
- Done, you can pat yourself on the back
Your passwords are now secure yet you don’t need to remember them. You can use LastPass for other important or secure information like credit card details, notes and so on. You can also share them securely with friends and family without exposing them to email or messaging apps. There’s also an enterprise version which lets you share passwords with your team – wonderful tool since we implemented it late last year.
Share in comments what is your experience with passwords (good or bad) and what password manager you’re using!