We often think that having a strong password will keep our accounts secure. But, a strong password is only a small part of the puzzle. Even the strongest passwords can be easily cracked if you don’t follow the right measures to keep them secure. I explained this in part 1 of 2-part series. If you have not read that yet, please click here to read it. The steps I outline in this article will make much more sense if you watch that first. Also, I have a 2-part video series on this topic that covers everything from these articles, and some more. If you are a visual person, check them out instead. If not, continue further.
Alright, so without anymore delay, let’s get into the 5 steps you can follow to keep your accounts safe.
Step 1: The obvious one, set a strong password
A strong password has 3 key elements: it is long (at least 12 or more characters), has no meaning, and uses as many different forms of characters as possible (like uppercase, lowercase numbers, special character, etc.)
For example: g00dD@y! may look like a strong password, but it isn’t. It is simply the phrase good day, transformed into something else by replacing some characters with obvious numbers or symbols, and it is quite easy to crack with a few generic rules. I showed this in my previous video.
This dsFAjg7635@37&^%d on the other hand, is a great password. It is long, it has no meaning and utilizes lowercase, uppercase and special characters.
Step 2: Do not use the same passwords across multiple websites
Again, in my previous video/article, I explained how that can be a very bad idea. But if a new password for every site or app is not possible, at least use a priority system for your apps and sites. For example, for the least important apps or sites, that have no sensitive information from you, you use one password. Then for websites that are more important, you use another. For social media, you use a different password and for banking etc., you use individual, strong passwords. That way, if a bad site with very minimal security gets compromised, the hackers won’t have the password that you use for your banking. I hope this makes sense.
Step 3: Enable multi-factor authentication
Multi factor ensures that you have at least 2 levels of authentication. Even if your password gets compromised, whenever someone tries to log in from a new device, it will need verification from you – either via text, phone call or an authentication app. This ensures that unless they’ve got your credentials and have kidnapped you, they will not be able to get in to your account.
Step 4: Use a password manager
I use LastPass, but there are multiple others. With a password manager, you only remember one very strong password as the master password and all your other passwords are auto generated by the password manager. This will guarantee that they are strong, and encrypted well. They also track apps and websites, so if anything is compromised, they will automatically notify you and can even change your passwords for you. They also use multi factor authentication, so there is another level of security.
Step 5: Recognize phishing attempts
Phishing is when a hacker pretends to be one of the websites or apps you use. They will create an email for example, that looks exactly like it came from Paypal and warn you about something bad that happened and you need to log in and fix it. You click on it, it will bring up the log in screen, you enter the password and it gives you some random error. What just happened is that it was never sent by Paypal and you just sent your password to an imposter. There are few ways to verify if an email is legit. First, make sure you look at the email address it came from. If it is from paypal, it should come from @paypal.com … if it isn’t, it is fake. So don’t click on any link that did not come from the original website or app. 2nd, before you type your credentials, always check on your browser whether the site is secure or not. If you have the latest browser that is up-to-date, it will do a good job of warning you.
So that’s that. To summarize:
- Create a strong password
- Don’t reuse passwords
- Use multi-factor authentication
- Use a password manager
- Recognize phishing attempts
Following these steps will help you keep your accounts safe and secure.