Ahh, the humble password.
Whole worlds can be unlocked with a few simple syllables or keystrokes, from prohibition bars to top government secrets.
Passwords have never been more important today, with the average person having at least 19 for various accounts. That's a lot to remember. Some of our most important information is protected by this inherently flawed form of security.
Allow me to clear up some of the absurd password security rumors I've heard to keep you all safe online.
"Customer service asked for my password."
Satan would sooner build a snowman.
Any weird messages prompting for login information should be deleted and reported. This includes email but can also be telephone calls from alleged "Microsoft Support". Nobody reputable will ever ask for this information, so keep it to yourself.
PRO TIP: save spammy emails and numbers to a blocked contact. After about 30 entries, I noticed a significant drop in new BS.
"Nobody is going to guess that."
Hackers' garbage cans are not overflowing with crumpled pages of guesses. If your password is stolen, it's because you were phished or it was leaked from another site's database. Phishing is just a term for duping others into surrendering key information, which is crazy easy to do online. Humans are by far the weakest link in the security chain.
Let's say you get a virus (yes, even if you have a Mac) or use an infected computer. Malicious software can record anything you type and sell that information for pocket change.
Or maybe you click on a bogus link and enter your password not to "www.Wonderwall.com" but "www.Wonderwa1l.com" . That's an obvious example but it can get pretty sneaky.
If any guessing is done, it will be by hacking software that can try multiple thousands of combinations per second. This is known as brute force. For all you statistics people, that's why sites encourage special characters ($#@!&%), capitals and numbers. There are exponentially more possible combinations, meaning it will theoretically take more time and energy to guess than your information is worth.
PRO TIP:use a short sentence instead of a single word to effectively rule-out brute force hacks.
"I use the same password for everything."
We're all guilty of doing this to some extent, but let me explain why it's an awful idea.
Large companies and websites at least have the money and staff to offer good security, but what about all the little stupid things we sign up for online?
Security could have been an afterthought and eventually someone will steal it. Then it's only a matter of time before that information is tried against more valuable websites. If you used the same password, it doesn't matter how long and complicated it is. A password that's not a kept secret is just a word.
PRO TIP: keep one or two throw-away passwords for unimportant sites and accounts and have at least four variations on a stronger password for important ones.
"Well okay what can I actually do...?"
The bright side is that some basic due-diligence will keep you plenty safe from most threats. Make sure you:
1. Install anti-virus on your laptops and mobile devices.
2. Don't click on weird emails or links.
3. Double-check URLs when entering passwords.
I cover these and other tips in more detail, which you can read here.
There's one great site I like to refer others to. It lets you enter your email address to check if any accounts have been leaked in the past, and register to be alerted if it comes up in the future. Definitely use this tool and consider not using those registered passwords again.
Hopefully, I have been helpful with these tips, but leave a comment with your own to help me improve it. We covered a mere sliver of the massive digital security pie. I really like pie, so subscribe for future articles and we can eat it together!