Keeping Safe with Password Safety and Online Security
Do you panic when prompted to enter a password?
I feel your pain to remember them all and therefore took the advice of a high-tech guru. Believe it or not, she advised me to keep things simple and write down all my passwords in a small notebook and keep it in a safe place. The comfort of this precious notebook soothes the soul when it's time for a password. It's pretty old school but, it's been working for me. I'd suggest the same system for you UNTIL you are ready to jump into a more up-to-date solution.
There, I've made a confession, my life is not as "techy" as one might think. I tend to wait for trends to be set before I dive in. From what I've gathered from friends and colleagues, it's evident that a tool called LastPass is THE way to go when you are ready to shed the notebook and save passwords in 21st-century style. You'll read more about it in this guest post written by Nathan Hughes at SecureThoughts.com.
Nathan supplies excellent information that we all NEED to know in this digital age. You'll learn about the need for password security, what makes a good password, what's the best way to manage passwords and how to avoid scams.
Technology makes today’s world go round—it is the oil that greases all modern trade and social interactions. It helps businesses promote their interests and it keeps us in contact with the people we care about.
Yet technology is evolving at an incredible pace. Whereas at the turn of the century few of us had mobile devices (and those that did were limited almost exclusively to basic calling), nearly everyone today carries a phone, tablet or other device.
Even our children are armed with the latest tech, with some studies suggesting over half of kids in elementary and middle school own a cell phone. For all the benefits we derive from technology, there’s one little issue most of us still struggle with: security.
We need to have a talk. Every day of every week, we access some type of online service. The diversity of services we utilize each day vary in purpose but all share the same basic structure:
Yet something so simple often creates a world of problems. First off, usernames come in two patterns: email address or handle. Logging in with your email address is simple enough, but some sites prefer you create a “handle,” which is just a name for yourself that becomes the username.
While the first step isn’t overly complicated, it’s recommended you avoid creating any complex usernames. This is in stark contrast to passwords and a major problem year after year. Did you know that the most common password in 2016 was 123456?
I think we can do better than that. The basics of a good password are as follows with few exceptions:
- Seven characters or more long (longer is better)
- Contains UPPERCASE and lowercase letters
- Utilizes numbers (1) and symbols (#)
- Does not consist solely of dictionary words*
- Omits personal information, especially any matter of public record (birthdays, marriage dates, etc.)
- Is changed semi-regularly (once a month is best, a few times per year is acceptable)
Note the asterisk, as the exception to the rule would be what’s called a “pass phrase.” Long strings of words can often bypass this limitation, although that doesn’t make the other
rules any less true. For instance, “jerryeatsberries” would not be as good as “j3rrye@tsBerries.”
Pass phrases are highly recommended because they tend to be longer and are easier to remember. And as we’ve all experienced ourselves, the worst part of creating a great password is remembering what it was later. Aim for a phrase that’s familiar to you but not overly obvious to others.
This is why the above latter example would be a better password than something like “lkji3as#Lnm”; though more complex and less directly tied to real words, how exactly would you remember it? This brings us to our next point.
Security Software and Apps
While we’re still on the subject of passwords, one of the easiest ways to handle the dilemma of remembering a strong password is by utilizing a password manager. My personal favorite is LastPass, but there are many similar alternatives. All work on the same concept.
A password manager takes and saves all of your passwords, encrypts (scrambles them) and automatically fills them in for appropriate websites. The key is that you only need to remember the “master password” to access the rest. This can be a much more difficult password than you would normally be willing to use as it’s the only one you need to recall.
Passwords aren’t the only thing you should consider when it comes to digital security. Having some good support in the form of an anti-virus app, a Virtual Private Network, and a backup service will go a long way.
Anti-virus apps help prevent harmful programs from being installed and running on your device. Virtual Private Networks are paid services that obscure your device from other internet users and make it harder for hackers or other cybercriminals to infiltrate your device, particularly over public WiFi networks.
Backups are included on many mobile devices, but usually require you to actively setup or occasionally pay for space. They work by creating copies of your data and saving it in case something happens to your device (be it accidental or malicious).
One last thing to consider in the software realm is two-factor authentication. This is a more recent service offered by a number of different companies in which your login is tied to a third-party device (for instance, your mobile phone).
When you attempt to login, you must first enter a temporary code, usually sent via text message. This verifies that the person trying to login is you (assuming your phone hasn’t been physically stolen). It’s an excellent safety measure on top of all the other efforts you take.
Identifying the Scams
Our final point is brief but relevant for all ages. It is the one way criminals can bypass all of your efforts taken to secure your devices, passwords, and other private information. And that is by conning you into handing that information over.
No matter what you do, never give your login information to anyone but the login screen. Emails requesting this information are always scams. That includes “contests” on websites and other veiled attempts to trick you into surrendering your password.
Finally, check the website’s address before filling out any information if you got there by a link. Hyperlinks can be disguised to say anything, and just because a website looks legitimate doesn’t mean it is.
In general, the website’s actual address is whatever appears directly before the final “.com”, “.edu”, “.gov”, etc. Facebook.official.com would not be the same as facebook.com (the former would technically be a page part of official.com).
Be sure to share this information with the youth. It’s our job to keep them safe from threats online and the best way is via education.
Will you do your part to stay safe online? How will you use these tips to protect yourself and your students?
Leave a comment below and tell us what you think.
About the Author: Nathan Hughes is a tech enthusiast and internet safety specialist. For years, his goal has consisted of educating everyday people and businesses on how they can avoid technical pitfalls without breaking the bank or enrolling in IT school.