Passwords are the guardians of our online lives, the keys to our private digital diaries. They are the first (and sometimes only) line of defense against someone trying to break into your account, so it's important to make sure your passwords are strong and secure. This is critical if you have a credit card saved, like on an Amazon or Steam account.
Expert advice for best password practices changes frequently, and taking every precaution to keep your information safe is simply the smart thing to do in our digital age. Data breaches happen, and they can impact some of the most vulnerable accounts. Here are a few ways to prevent yours from becoming one of them.
Use strong passwords
If you're using a default password and it's something like "123456" or "password," stop reading this article and change it right now. Those are among the most common passwords used and are incredibly easy for hackers to crack. The strongest type of password looks like a mishmash of letters, numbers, and symbols that are difficult for others to guess. They usually contain at least eight letters, a symbol, numbers, and avoid consecutive capital or lowercase letters.
It's not easy to come up with a password that has all that, but the U.S. Federal Trade Commission (FTC) has a nifty suggestion: Turn a phrase into a password by cutting out letters and inserting numbers. For example, "I ate snails at a restaurant in Paris" can become "i8S@aRiPaR." While the phrase itself is weak, the altered version makes for a pretty strong password.
Try to avoid using simple words and numbers associated with your personal information. That means no birth years or favorite colors; they might be fairly easy to guess with some social media snooping.
Set different passwords for each account
It might feel convenient to have one great password for all your accounts, but you need to resist that urge to streamline. If just one password is compromised, then all your accounts are at risk.
By having different passwords for each account, you protect the others when one is hacked. You'll only need to take extra security measures for the account that was breached, and there will be less need for you to go through all the others to change their passwords before someone breaks into them.
Consider using a password manager
According to a cybersecurity study conducted by Harris Poll and Google, the average American has about 27 online accounts that need distinct and safe passwords for protection. That's a lot of scrambled passwords for one person to remember. One way to keep track of them all is by using a password manager.
A password manager, such as LastPass, can help you store passwords, routinely generate new ones, and fill in passwords so you don't have to type that jumble of letters all the time.
If that doesn't appeal to you, you can still keep track of your passwords using good old-fashioned pen and paper. It's not recommended, especially if you're keeping it where someone might see the list, but it might prevent some panic if you forget one of your many passwords.
Change your passwords regularly
Don't get too attached to that brilliant password you made, as you'll need to change it again, on a regular basis, to maintain maximum security on your accounts. Instead of wracking your brain to think of another phrase or song lyric to jumble, you can make it easier on yourself by using a password manager to generate a new one.
How often you change your password is up for debate. Some experts believe you shouldn't change your password unless you think your account has been compromised. Others have recommended at least every three or six months.
Enable two-factor authentication
Two-factor authentication is an extremely helpful extra barrier that can keep your online accounts safe. Essentially, two-factor authentication means there's another authentication step, other than your password, that will confirm it's you trying to log-in.
This could be an email sent that asks you to confirm your log-in, a text message, or a notification on your smartphone requesting approval to access. Using your smartphone as another protective step is a good idea because most identity thieves will take information they nabbed from online sources, and aren't likely to have your phone with them, too.
For folks who are uneasy about adding their phones to their accounts for two-factor authentication, emails can work as an option. They're not as safe, since it's possible for someone to get your email credentials, but they're probably better than nothing.
Stay alert for scams and unknown links
If you get any unusual emails from strangers that look dubious, don't click that link! Stop and examine the contents before clicking anything, opening any attachments, or downloading any programs. Check to see who it's from and always be skeptical.
For example, a message that claims to be from the U.S. Secretary of the Treasury, written as "MR. STEVEN MNUCHIN," with a subject header that mentions some sort of treasury payment approval wouldn't come from an email address like "email@example.com." Keep it imprisoned in the spam folder and don't give away any information — ESPECIALLY if the message asks for something like your banking account details.
Most companies will not ask you to send them sensitive information via email. If you're not sure about whether an email is legit, go to the company's official webpage and call them to ask. Don't call using the phone numbers listed in the email, as they could be fakes.
Think twice about what you post
Social media can be a casual place where you can ramble about your life, but be careful about giving away some information that an identity thief can use to access your account. Think about it for a moment: Have you made any posts that mentioned the name of your first pet? How about the make and model of your first car, your mother's maiden name, or your high school mascot?
These are all very common security questions someone could answer and use to reset the password on your account and lock you out. Make sure your account has two-factor authentication to prevent this from happening, and be mindful of what kind of information you're putting out there on the very public internet.