Welcome to Product Support, a column devoted to helping you get the most out of the stuff you already use.
Bill Gates predicted the death of passwords in 2004, and while biometrics are more common than ever, passwords have yet to go the way of the dinosaur. At the same time, never ending data breaches are releasing passwords into the wild every day and hackers armed with with databases full of leaked credentials are on the prowl to ruin your day or week or life.
“We’ve grown accustomed to the speed and convenience of the digital age, which means we don’t have our guard up as much in terms of protecting our personal information,” says Ryan Merchant, senior manager at Dashlane. “Yet, when we download apps, make purchases, and sign up for services online, most of us willingly give all of [our personal] information away without learning more about how it will be used.” To stay safe in this digital age, we’ve asked Merchant and Jeffrey Goldberg, the Chief Defender Against the Dark Arts (a.k.a. head of security) at AgileBits, the company that owns 1Password, for some helpful tips.
Long passwords are better than complex.
There was a brief time when requiring symbols and digits did make passwords stronger, Goldberg said, but today passwords with digits or symbols aren’t inherently more secure. There is still value in adding symbols and digits, but length is much more important. A strong password is at least between 16-20 characters — so too long to probably memorize. A really strong password is over 30 characters. Goldberg recommends using an automated password generator to create passwords.
Don’t make your password a phrase or ordinary word.
“Your password should never have names, words, dates, sequential numbers, or any combination of characters that someone can guess,” Merchant advised. “It has to be random to be strong.” He does suggest using a combination of letters, numbers and symbols, and always include a mix of upper and lower-case letters.
Have a separate password for every account.
“Password reuse is a bigger problem than weak passwords,” said Goldberg. “It’s by far more important to have different passwords than to worry too much about the strength of the one password that you’re using in lots of places.” Even if it’s a very strong password, if used in numerous places, it is likely that at least one of those places isn’t treating your password securely. And once one password is discovered, then hackers are likely to try it out on every other site and service you use.
Use a password manager.
This is the single greatest security step you can take online. “We’ve found that that average American has well over 100 online accounts,” said Merchant. “I have over 500.” It’s nearly impossible to remember numerous passwords, but password managers, like Dashlane and 1Password, can automatically generate strong passwords for all of your accounts. They securely store them and then automatically log you in.
Change passwords regularly.
According to Merchant, this is one of the forgotten practices of password and cybersecurity. “It’s important to change them regularly, because oftentimes breaches are not discovered, or publicized, for months, and even years, after they have occurred.” This means that your account could be vulnerable for extended periods of time without your knowledge. Merchant recommends people change their passwords at least twice a year.
VPNs are your friend.
A VPN (or virtual private network) prevents ad-tracking cookies so browsing the web is more incognito — basically, they keep your information safe while connected to public wi-fi. “The danger is that unknown networks can hide a variety of dangers and leave the data you transmit extremely vulnerable,” Merchant said. So always use a VPN before connecting to the wi-fi at a coffee shop, university or airplane. There are a large number of VPNs, like Opera VPN, that are simple to setup and that keep you safe as well.
Keep your system and software up to date.
“Most actual intrusions into computers are through exploiting vulnerabilities that have already been fixed in updates that have been offered by the vendor,” Goldberg said. If your system has an option for automatic updates, use that option. Also, don’t install any software from dodgy sources. That said, just because you’ve downloaded from an official app store, that doesn’t guarantee that you won’t install malware; but it will dramatically reduce your chances.