More than half of all Americans express concern about the security of their data, but too many use the internet equivalent of putting the front door key under the welcome mat when protecting their digital assets.
For cybersecurity experts, the list of poor practices is harrowing and includes: using an overly simple password, using the same password for all sites, sticking to an out-of-date smartphone app with missing security patches or signing on to an unsecured public Wi-Fi network when performing sensitive transactions.
Since the password is the key that unlocks your sensitive accounts, experts recommend several key password practices to protect sensitive and personal information on the internet.
Use a “strong” password
Obvious and simple passwords such as “password”, “admin” or “123456” are a sure way to allow a hacker into your accounts. A random combination of upper and lower case letters, numbers and special characters is the preferred format for passwords.
Use a unique password for every account
If one of your providers is hacked, using a common password across every account hands the keys for all your accounts over to the cyber thieves.
Use a password manager
If you have a long list of strong, unique passwords, it’s impossible for the average mortal to remember each one. A password manager stores, encrypts, and fills in the appropriate password for each website you access. It can also generate and store a strong unique password whenever you open a new account.
Using a password manager does carry its own risks. Since the master password for a password manager unlocks all your passwords, guard that master password carefully. And don't ever write passwords down, especially the master password.
Sign up for two-factor authentication where possible
With two-factor authentication, your account can only be accessed using devices you have registered with the provider. Here’s how it works:
When you want to sign in to an account using a new device, in addition to your account password, you have to provide a verification code that's sent to one of your already registered devices. By entering the code, you're verifying that you trust the new device. This prevents hackers from signing onto your account because they don’t have access to your registered or “trusted” device.
Don’t give password or personal information in response to any incoming email
John Podesta, Hillary Clinton’s campaign manager, got an email appearing to be from Google asking him to reset his account. When he did, hackers gained access to his email archive. We all know what happened after that.
This sort of online scam is called a “phishing” attack and the techniques used by hackers are increasingly sophisticated. The best defense: don’t click on any attachment or embedded button ever when asked by an email to sign into an account. Instead, call the sender or open a new browser window or access the account app to sign in on your own.