So much of what we do every day, day in and day out, is either done online or has a record kept online. Things like your email or a shopping website are obvious, but your bank, mortgage holder, health insurance provider and more are also online companies even if that's not how we interact with them. There is a pretty complete fingerprint of your life stored where plenty of other people can (and often do) look for it.
So what should we do about it? That's easy — use a good password for everything, make sure you don't use the same password in more than one place, and secure things with a second step anytime you can.
You can't remember all those passwords
Don't feel bad because nobody else can, either. A good password simply means one that someone else who is really good at figuring this stuff out isn't likely to be able to use. That means they aren't something you can remember, especially when there are more than a few of them. That's where a password manager comes in.
A password manager, like LastPass or 1Password, is like a safe that holds all your passwords and gives the right one to the right place when it's needed. Enter all your account information into it and then all you need to remember is one good secure password that's used as your OK to let it share its data with another app or website. Now instead of having to remember multiple passwords, you only need to know one.
Remembering one good password is something we can all do.
There are a lot of good ways to manage passwords. A recipe box filled with index cards that sits on your desk is one way, but a good app from a trusted company does a better job and offers more features. Most have a way to keep a backup copy of your password database in case you lose your phone or it gets stolen, as well as extras like a place to store credit card info or secure notes. The best secondary feature you'll find is a password generator that can create a good password, then put it in the database and be ready to serve it to the right place so you never have to worry about keeping track of it. Password managers work great on your Chromebook, too!
The first thing a person who gets your password is going to do is to try to use it everywhere. That's why it's important to never reuse passwords because when someone breaks into the servers at Target, Adobe, Yahoo! or anywhere else and gets your username and password, you don't want to let them run up your credit card by buying things at Amazon or another unrelated website.
The convenience and security a proper password manager offers are better than anything you can do to manage things yourself and it's more secure, too. If you're not using one, stop right now and set one up — then help make sure the rest of your family is doing the same thing.
A password is a key to the door and 2FA is the drawbridge over the moat
I forget who said it, but 2FA (two-factor authentication) has been described this way. Imagine a castle with attackers at the gate. It has a very strong door (the password) but also has another deterrent in the form of a drawbridge that's lifted so nobody can get over a moat filled with medieval monsters of some sort. 2FA is that drawbridge and it only gets lowered when you tell it to lower.
In non-technical terms, 2FA is simply a second way to prove your identity before access to digital data is given. You prove your identity using two of these three things:
- Something you know (a password)
- Something you have (a code from an app or text message)
- Something you are (your fingerprint)
Most of us have used it in one form or another even if we didn't know it. The three-digit number on the back of your Visa card is a good example; ideally, you only know it if you have the card there in front of you, which means you have your wallet, which means you are probably the person whose name is on the front. Another example is when you log into your computer at work and the server checks to see if you swiped your employee ID to get into the building before it starts showing you any company data.
2FA for our online accounts is (thankfully) much more simple that an authentication server at work thanks to our smartphone. An Authenticator app will give you a short code to enter along with a password. Having this code means that you have your phone and your password — two of the three things from the list above. As long as your Authenticator app is protected with a good password, only you can use it.
This sounds like a lot more hassle than it really is because your phone is also secured and can be trusted. Most places that offer 2FA also allow you to say you trust the device you're using to access it and you can bypass the step once you've proven your identity. As long as you have a good password on your phone and the company that makes it doesn't allow someone unlimited tries to guess that password, you're pretty safe.
One extra layer of security is never a bad thing!
Trying to access the same account from another device, whether it be another phone or a computer, means you'll need to enter the 2FA code. This means you can get on Twitter, Amazon, or wherever else from your phone easily but I can't get in from my phone or computer without having your 2FA code, which only comes to your phone. Following? It's a great big circle of trust that doesn't allow anyone else in it.
- Google wants you to upgrade to (its) better two-factor authentication
- How to install and set up Authy for two-factor authentication on your Android
Be safe, be secure
Look, we know that most of us aren't high-profile targets of people focused on hacking into our lives. Those people have extra steps they can take, but we don't need those. However, we're all potential victims of chance when it comes to phishing attacks or corporate database breaches. Not using a password manager and 2FA whenever it's offered is crazy.
Don't be a victim. And don't let the people closest to you be one, either. Use a good password manager and two-factor authentication for everything, all the time!