(This post is part of an ongoing series on Online Security. The other parts can be found here.)
These days, almost everybody has dozens of online accounts most of which are tied to their email address. It is tempting to reuse the same ‘easy to remember’ password but securing online accounts such as banking, email, Facebook, App Stores, and others with strong, unique passwords is critical to staying safe online. Email accounts are especially tempting targets for hackers because they not only provide the usernames for other accounts, but they also can be used to reset passwords and spread malware to other users.
For example, as reported in the news last December, hackers currently have data on over 1.5 billion Yahoo accounts. The Wikipedia article (https://en.wikipedia.org/wiki/Yahoo!_data_breaches) states that in the first part of the attack “The hackers had obtained data from over 500 million user accounts, including account names, email addresses, telephone numbers, dates of birth, hashed passwords, and in some cases, encrypted or unencrypted security questions and answers.” Hashed passwords can be translated as encrypted passwords, but to make a long story short, easy to guess passwords such as ‘123456 or qwerty’ are so common that hackers don’t even need to break the encryption.
Since user names are known by many other terms such as account name, user, user ID, email, login, login id, and screen name, this Yahoo data is an excellent starting point for more serious hacking. However, finding the time to change passwords is a daunting task. Each website’s password change option is in a different place and requires entering the old and new passwords. Then the new password has to be recorded somewhere safe. In a family, some of these new passwords also have to be available to others.
The good news is that the change doesn’t have to be done all at once. It is easier to start with the most critical accounts such as email, banking, computer locking, and cell phone passcodes. Next other accounts can be updated such as social media, utilities, games, etc. little by little as they are used. The problem then becomes how to safely store those passwords. Many people store them in a small notebook next to their computer or in a text file on the desktop named PASSWORD.TXT. Please do not do that! The next post will provide several options for storing and automatically entering safe, strong passwords. As a teaser, if you don’t mind paying less than the cost of a latte a month, try 1Password from AgileBits. It can automatically securely store, enter, and share passwords. Ahhh, finally a world where only ‘1Password’ has to be remembered! (https://agilebits.com).