Securing your passwords
 

An Intro

It will never happen to me. Sure it won’t.

But it might do, and if it does, the consequences can be huge. 

Sadly, I have known people lose their mortgage deposits from fraud. I have also known someone pay their wedding venue fee to the wrong bank account. So it probably won’t happen, but I can promise you that you are a target. 

So, what can you do?

Well, the risk is always there, after all, the internet is accessible to the world. However the more difficult you make it, the less likely you are to be targetted. Make yourself more difficult than other members of the public, and they will be hunted before you. Simple.

This guide is not an all inclusive and doesn’t contain everything. I don’t profess to know it all and never have done. But it is here to help, not solve, and it is free 🙂

 

1. Your Email Account

Personally, I consider your email account as the gateway to everything. If someone gets your email password, then can no doubt access most of your other accounts. And just in case the reason isn’t obvious, then simply put, they can read your emails, view your orders or welcome messages, then simply head to the website, password reset and they are in. And furthermore, most of those accounts will also have your credit card details stored for nice and easy ordering. Sure, the address will be traceable to the hackers address.. BUT another scam is as follows:

    1. Hacker gets into your account.
    2. Hacker places an order to your address.
    3. You get a delivery you are not expecting.
    4. From the correct actual company.
    5. 5 minutes after delivery, hacker turns up.
    6. Knocks on your door, and…
    7. Says that the package was a mistake.
    8. The collect the package.

Fraud complete.

Advice as follows

    1. Make your email password STRONG.
    2. AND unmemorable.
    3. Do not EVER write down your password.
    4. Except a secure password vault – see 4 below.
    5. Protect your email with MFA – see 7 below.

 

2. Never use the same password

Not many people know, but your password is more vunerable than you think. It’s not just about it being secure and something that someone will be unable to guess. There are many more factors, and some will surprise you. 

Did you know, it is now a recommendation to NOT change your password that often? Yep, you read that correctly.

Why? I hear you cry.

Well, studies have confirmed that if you are asked to change your password too often, it will be less secure. For example, you are likely to change the 1 for a 2 at the end, or add an additional ! mark. But the root of the password remains the same. This is simply because you are being asked to change your password too often, and it is a hassle. And this is good news for someone hacking you, as if a previous password is known, they will use this as a basis for a brute force attempt.

What is a brute force password hack?

Well, a brute force is a way of hacking someones password, often using software. This software can cycle through thousands of passwords per second, until eventually it hits the right one. And as above, if your original password is known, it can often be used as the starting point in a brute force attempt.

 

Why never use the same password?

Well, not many are aware, but at various points in time, certain websites have been hacked. And you can find that list here:

https://haveibeenpwned.com/ PwnedWebsites

If you were a member of that site when it was hacked, the password you stored at that time is now public. Furthermore, if you are still using that password for various other online services, they are low hanging fruit for hackers to login to.

There is in fact a popular email template that goes around, sent by hackers who have access to these passwords, emailing you knowing that most of you probably still use that password for other websites, or your office accounts. These emails claim that they have hacked your current setup, when in fact, they probably just have your password from a previous data breach many years ago – and quite simply, you have never changed it, and they are guessing.

This is why it is so important to not use the same password, even for 2 different online accounts.

 

3. Choosing Passwords

Choosing a password is actually more difficult than we think. Hence the reason why I am guessing you all use the same one across multiple accounts (I am right aren’t I?). And chances are, if your password is something you are able to remember, then it probably isn’t strong enough.

Going forward, I strongly recommend using a password generator such as:

https://www.lastpass.com/password-generator

where you can choose the complexity. Or if you use Google Chrome, you will also find that it suggests a strong password, and furthermore if you are logged into Google Chrome, it will save it for you in the password manager.

 

4. Online Password Managers

A password manager is a way of securely storing your passwords online. Some popular ones include:

https://www.lastpass.com 
https://www.1password.com 

and of course the built in Google password manager, although in the Google example, you cannot view these, they are simply saved so you can login to passwords quickly.

In terms of security in password managers themselves, everything is encrypted, and although this isn’t total security, most have 2 factor authentication and master passwords assigned to them, making breaking in very difficult indeed.

DO NOT WRITE YOUR PASSWORDS DOWN!

Dave King

View all posts

Add comment