Four realistic steps to upgrade your online security

Four realistic steps to upgrade your online security

Comment

This article is a preview of The Tech Friend newsletter. sign up here to get it in your inbox every Tuesday and Friday.

The whole system of online passwords is stupid and insecure.

Requiring you to create a unique, complicated password on hundreds of digital accounts is error-prone and annoying. Most of the advice you hear about passwords—including from tech journalists like me—is unrealistic, cheesy, and sometimes outdated.

I have tips for upgrading your password practices, including if you’re dealing with a recent breach of a password vault called LastPass. I know that taking care of your online security is a problem. But if you make a small improvement, you can declare victory.

I also want you to keep this long-term mission in mind: Passwords must die.

There is hope. In just the last few months, more websites and apps have started letting you ditch your password altogether. Instead, your phone, fingerprint or face is proof that you are you.

Technologists have long promised a future without passwords. This will not happen soon. But internet security is broken beyond repair. We need to go past the password.

In the meantime, you’ll be a safety star if you just take one of these steps:

Aim for longer passphrases

To create the best password, try to make it at least 16 characters. The more characters, the more time hackers need to guess your password. Don’t worry too much about having a bunch of symbols, capital letters and numbers.

Security experts recommend using memorable phrases as passwords, with a twist. If you like nursery rhymes, try the password “L1ttleMi$sMuffetSatOnATuffet” with a number and symbol replacing a couple of letters. Or mix four words together into nonsense like “TumblerElbowMerinoWoodpecker”.

Not all online accounts allow you to set up such passphrases, due to requirements derived from outdated government security guidelines.

Again, there is too much individual responsibility and blame on you. You know not to create easy-to-guess passwords like “RedSox04” or reuse your passwords on multiple sites. But no human can invent and remember hundreds of complex passwords.

Try to prioritize by creating strong passwords or passphrases for your most important accounts such as email, financial accounts and password managers. (More on those in a minute.)

See also  DoorDash adds Sephora in push to diversify fast delivery offerings

The ultimate guide to secure passwords

Consider two-step authentication on important accounts

Requiring a password plus a second step to sign in to an account — such as a code sent to you — protects you much better than signing in with just a password.

If you can manage it, add two-step authentication to your most important accounts like email, social media, and your bank accounts.

These are common online safety tips that most people don’t take. Don’t blame yourself. It takes work, and not all online accounts allow you to use two-step authentication. (This website lets you look up the options for websites and apps you use.)

Using a dedicated app for one-time codes like Authy, Microsoft Authenticator, or Google Authenticator is more secure than receiving codes via text. But don’t get too hung up on these details.

Online Security Reset Guide: Keeping you safe from scammers, hackers and digital threats

Use a password manager if you can

That’s one reason my colleagues have repeatedly recommended password managers. Services like 1Password and Dashlane generate strong passwords for each of your accounts, store them in a digital lockbox, and fill them in automatically when you’re on websites and apps.

You create a single password for the password vault, and these services store the rest.

Password managers are not foolproof. Also, I’d rather scrub my tub than put them up. But they are a smart investment in your online security.

I’ve used Dashlane for years, and while it’s not cheap — I pay about $65 a year — I find it easy to use and worth the peace of mind. It also pleases me to enter passwords and credit card numbers automatically.

As a backup for remembering my Dashlane password, I have it written down on two pieces of paper, one that I keep in my desk drawer and another in my wallet.

If you’re thinking, what if a thief steals my wallet and has access to all my passwords? Is it safe to store all your passwords in one place? Nothing is zero risk. But anything you do with a password manager is probably a security upgrade. Please don’t try to be perfect.

Read more advice on how to get started with a password manager or options such as saving all your passwords in a notebook. That’s great too! (Some of these tips are outdated, but the basics still stand.)

See also  DraftKing's promo code and bonus unlocks $200 in free bets on any sport

6 simple solutions to avoid technical headaches in 2023

LastPass, one of the better known password management services, recently revealed that hackers stole copies of usernames and passwords.

LastPass told customers that they are probably safe because important information including passwords was encrypted. It makes it harder for crooks to understand what they stole.

But Chester Wisniewski, an Internet security researcher at the firm Sophos, told me he’s alarmed by years of red flags with LastPass. He recommended users consider switching to an alternative.

Wisniewski said he feels confident in password managers 1Password, Bitwarden and Dashlane. (Here are instructions from 1Password, Bitwarden, and Dashlane for switching from LastPass.)

I asked LastPass representatives to respond to Wisniewski’s advice. They pointed me to the company’s recent blog post.

Wisniewski also said that LastPass may still be a good option for you. An alternative such as using the child’s name as a password is far less secure.

The future you want: No password

Did I mention that the password system is stupid and you can only do so much to protect yourself in this broken system? Yes?

This is where things start to look promising.

Some companies, including Microsoft, Best Buy and PayPal, have started giving you the ability to access your account without a password.

This is not entirely new. Some apps let you log in with just your fingerprint or face scan – but it mostly works on your phone. You still have a password somewhere. Now imagine using your phone or other device, finger or face scan as your only way to log in everywhere.

Last week I deleted the password from my Microsoft account and asked to sign in without a password. Now when I tap Skype on my Android phone or use Outlook email on my computer, I’m asked to verify a two-digit number that I can see in the Microsoft Authenticator app on my phone. (I have to unlock the Authenticator app with my fingerprint.) That’s it.

Hacking and data breaches are all too common. Here’s what to do if you’re affected.

Microsoft told me that nearly half a million people have removed the password from their accounts and opted to sign in without a password.

See also  20 tips and tricks! – Phandroid

This passwordless system, which the tech industry calls “passkeys,” is now built into Android phones, iPhones, personal computers and major web browsers.

Currently, going without a password is not seamless. When I created a PayPal account in the iPhone app and confirmed that I wanted to use my iPhone’s FaceID to sign in, I still needed to create a password. Nevertheless, the technology is getting there.

It’s worth rooting for passwords to kill the password system for good, even if this will take years.

Security experts told me that access keys, which use proven cryptography, are more secure than the password systems used today. Hackers also cannot steal passwords or trick you into giving them away if there is no password at all.

Even better, it’s easier to access your accounts with just your device, finger or face. It’s not a problem if you lose your phone or computer. And logging in without a password will become easier over time.

If your accounts give you the option of passwordless login called password, definitely give it a try.

I tend to roll my eyes when I hear that magical technology will fix a broken existing technology. In this case, yes, passwords can be the magic solution.

You can make yourself safer within the stupid password system we have today. But it’s even better to end password tyranny forever.

After speaking with cybersecurity experts for this piece, I realized that I could also make a few changes to improve my password practices.

Using Dashlane, I created longer passwords for my Google account and my financial accounts. I also replaced the 10-character Dashlane password with a 20-character passphrase with four combined words.

I’ve known for a long time that I needed to create a stronger Dashlane password. I just didn’t. Give yourself a break. Everyone can benefit from a small security improvement or two, and it’s never too late to start.

Brag about YOUR one small victory! Tell us about an app, gadget or tech trick that made your day a little better. We may feature your advice in a future issue of The Tech Friend

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *