unknowingly Every few weeks, we hear the news that another major corporation and their website has been hacked, just last week we heard about Equifax being hacked and data on millions of users being compromised. We of course only hear about the major newsworthy hacks which have been discovered or disclosed, but the scary truth is that around 30,000 websites are hacked every single day.
Often these hacks mean your personal information has also been compromised, most likely without your knowledge as often website owners either do not know they have been hacked, or choose to keep it quiet. In this post, I cover the important reasons
Passwords & Online Security Best Practices
Most websites rely on a simple login process for a user to gain access their account–a username and password.
As an online security best practice, you need to have long, complex and unique password for every web account you use.
Strong passwords need to be:
- Long – The more characters in a password, the longer it would take a hacker to guess your password.
- Complex – By adding additional characters to your password you add complexity or password entropy. Password entropy is a measurement of how unpredictable a password is, based on the character set used (a combination of lowercase, uppercase, numbers and symbols) as well as password length. Basically, your password needs to be something you could never pronounce.
- Unique – You need a different password for every web account you use. Yep, that’s right. Every login on every website needs to be unique and never reused.
Unfortunately, in the real world, meeting all three criteria for strong passwords is basically impossible without the use of a password manager.
Why Use a Password Manager? The Nightmare Scenario
So why is having a long, complex, unique password important?
If you use the same email address and passwords for multiple websites that you log into (as a lot of people do), what happens when one of those websites gets hacked?
The hackers now have your username and password on a list that will be used to try to log into thousands of other websites around the internet. If you use the same email address and password for all your websites, now the hacker will be able to log into all your accounts at once and get access to all your personal data and details. If those same login details are used for your email account as well, they can now access
If those same login details are used for your email account as well, they can now access pretty much anything. Any site they cannot get into, they can simply issue a password reset, which will come to your email, which they now have access to. Identity theft at this point is a high possibility.
Once your password has been compromised, you now have the challenge of updating your information individually on every single website that has the same login information. Do you even remember them all? If you use the same email and password again on each one, you’re probably going to have to repeat this process again in the future.
Don’t Use Common Passwords
Here’s Keeper Security’s list of the most common passwords of 2016. Do you recognize any of them?
These are all lazy password, achieved by just pressing keys which are next to each other on the keyboard, and are easily hackable in seconds by automated hacking tools.
|1. 123456||10. 987654321||19. 555555|
|2. 123456789||11. qwertyuiop||20. 3rjs1la7qe|
|3. qwerty||12. ||21. google|
|4. 12345678||13. 123321||22. 1q2w3e4r5t|
|5. 111111||14. 666666||23. 123qwe|
|6. 1234567890||15. 18atcskd2w||24. |
|7. 1234567||16. 7777777||25. 1q2w3e|
|8. password||17. 1q2w3e4r|
|9. 123123||18. 654321|
The use of security questions is a common solution used by websites and organisations as an addiitonal method of identification and also as a way to reset your password.
But this has also now become a major issue, as users unknowingly give out the answers to their security questions on their social media accounts, such as the name of your first dog, where you met your spouse etc.
So once the cyber criminals have scraped all this personal information from your social media profile and posts, chances are they will have the answers to all your security questions and will will be able to use that information to then reset any of your passwords or even access your telephone banking.
So I recommended that you never give honest answers to these security questions, instead give fake answers for every account or website you use, and store those details in your password manager too.
Password Managers vs. Browser Password Storage
A Password Manager such as LastPass not only remembers your login information but also helps you generate long, complex passwords and stores them and other useful information securely.
You may have noticed that your browser prompts you to save login details, but be warned that the password storage built into your browser is a solution of convenience, but is not secure. Anyone using your computer can access those saved details and login to websites, plus you will not have access to those details from other devices. Also bear in mind that if you lose your device or it is stolen, or your hard drive dies, or any disaster, you have lost all those details.
LastPass vs. Other Password Managers
The only reason I explicitly mention Lastpass is because that is the tool I currently use at the time of writing this. But there are numerous excellent password managers available, depending on your budget and requirements E.G.
It is also worth mentioning that if you use BitDefender Anti-Virus or Kaspersky, then these both come with a simple password manager.
Ultimately, using any one of these password managers is a good choice, but I can vouch for LastPass having used it for many years, especially for business users, it offers great value in free vs. paid features and is the most configurable with additional security options and options. They also have a handy family license which you can share with your whole family.
So as well as passwords, it is great for storing bank details, licences, card details etc and is very easy to share passwords with other people. It is also really secure, you can set your LastPass to auto lock after xx minutes so that anyone else using your computer cannot access your passwords without your master password. You also have the option of 2-factor authentication.
However, it can be over complicated for the same reason if you are not very competent with computers, in which case one of the simpler solutions might be better for you for personal use.
You can find a review of the top password managers over on the wired website here.
Watch LastPass Tutorial for Beginners
LastPass Free vs. Premium
LastPass Free has everything you need to securely store and fills passwords on a single kind of device (for example, a Mac computer, a PC Computer, an iPhone, an Android Phone).
But if you want to access LastPass on different kinds of devices, you will need to upgrade to LastPass Premium for $24/yr. LastPass also offers Business and Enterprise versions that focus on sharing data among multiple users and creating rules and policies for your staff/users.
If you need help to get LastPass configured or require some training, then please contact me.