Bill Gates predicted the death of passwords in 2004, foreseeing a shift in security towards smart cards and biometrics instead. 12 years later, however, smart cards still haven’t caught fire and, since this isn’t Minority Report, neither have biometrics. (You can’t get another set of eyeballs or fingers if your accounts are hacked.) We still rely on passwords today the same way we did back in 2004, yet computers are exponentially more powerful. That means it’s easier than ever for hackers, whose automated password crackers can make millions of guesses per second, to ruin your day, week, year and life.
“We’ve grown accustomed to the speed and convenience of the digital age, which means we don’t have our guard up as much in terms of protecting our personal information,” said Ryan Merchant, senior manager at Dashlane. “Yet, when we download apps, make purchases, and sign up for services online, most of us willingly give all of [our personal] information away without learning more about how it will be used.” To stay safe in this digital age, we’ve asked Merchant and Jeffrey Goldberg, the Chief Defender Against the Dark Arts (a.k.a. head of security) at AgileBits, the company that owns 1Password, for some helpful tips.
1Long passwords are better than complex. There briefly was a time when requiring symbols and digits did make passwords stronger, Goldberg said, but today passwords with digits or symbols aren’t inherently more secure. There is still value in adding symbols and digits, but length is much more important. A strong password is at least between 16-20 characters — so too long to probably memorize. A really strong password is over 30 characters. Goldberg recommends using an automated password generator to create passwords.
2Don’t make your password a phrase or ordinary word. “Your password should never have names, words, dates, sequential numbers, or any combination of characters that someone can guess,” Merchant advised. “It has to be random to be strong.” He does suggest using a combination of letters, numbers and symbols, and always include a mix of upper and lower-case letters.
3Have a separate password for every account. “Password reuse is a bigger problem than weak passwords,” said Goldberg. “It’s by far more important to have different passwords than to worry too much about the strength of the one password that you’re using in lots of places.” Even if it’s a very strong password, if used in numerous places, it is likely that at least one of those places isn’t treating your password securely. And once one password is discovered, then hackers are likely to try it out on every other site and service you use.
4Use a password manager. This is the single greatest security step you can take online. “We’ve found that that average American has well over 100 online accounts,” said Merchant. “I have over 500.” It’s nearly impossible to remember numerous passwords, but password managers, like Dashlane and 1Password, can automatically generate strong passwords for all of your accounts. They securely store them and then automatically log you in.
5Change your passwords regularly. According to Merchant, this is one of the forgotten practices of password and cybersecurity. “It’s important to change them regularly, because oftentimes breaches are not discovered, or publicized, for months, and even years, after they have occurred.” This means that your account could be vulnerable for extended periods of time without your knowledge. Merchant recommends people change their passwords at least twice a year.
6VPNs, or virtual private networks, are your friend. VPNs prevent ad-tracking cookies so browsing is more incognito — basically, they keep your information safe while connected to public wi-fi. “The danger is that unknown networks can hide a variety of dangers and leave the data you transmit extremely vulnerable,” Merchant said. So always use a VPN before connecting to the wi-fi at a coffee shop, university or airplane. There are a large number of VPNs, like Opera VPN, that are simple to setup and that keep you safe as well.
7Keep your system and software up to date. “Most actual intrusions into computers are through exploiting vulnerabilities that have already been fixed in updates that have been offered by the vendor,” Goldberg said. If your system has an option for automatic updates, use that option. Also, don’t install any software from dodgy sources. That said, just because you’ve downloaded from an official app store, that doesn’t guarantee that you won’t install malware; but it will dramatically reduce your chances.