As the Internet’s reach extends beyond computers and into phones, TVs, appliances, and even toys, we have to enter passwords with increasing frequency and in ever more annoying ways. If trying to remember a million-and-one passwords is driving you a little bit nuts, we’ve put together some top tips on how to make password management less painful.
To make dealing with passwords easier and more secure, we recommend that our clients use a password manager like 1Password or LastPass. These apps generate random long passwords like kD*SSDcCl7^6FN*F and store those passwords securely. They then automatically enter them for you when you need to log in to a website. In our opinion, they’re essential in today’s world, particularly when managing passwords within a business.
You’ll still need a few passwords you can remember and type manually. The master password for your password manager and your Apple ID password. Make sure those passwords are at least 12 characters, and if possible 16 characters.
If you’re unsure of the best way to create a strong password, try taking the first letter of each word in a sentence you can remember. Also, change a few words to digits. “Now is the time for all good men to come to the aid of the party!” becomes a password like this: Nitt4agm2c2ta0tp!. Do avoid saying your sentence out loud whenever you enter it, so noone overhears! Or, combine four or five unrelated dictionary words, correct-horse-battery-staple, that add up to at least 28 characters. (By the way, don’t use the examples in this paragraph!)
Accounts protected by two-factor authentication require that you enter a second, time-expiring password as part of the login process. It’s used by Apple, Google, Dropbox, Facebook, Twitter and more. If it’s available, you’ll get a second password (usually numbers) via text message, or another notification method when you log in. You can also use the use the Google Authenticator App.
How to avoid common password mistakes
Follow these tips to avoid making mistakes that can undermine even the security provided by a password manager.
- Don’t use the same password twice. If someone finds out your password, they’ll try it on other sites.
- It’s never a good idea to share passwords with anyone. And if it’s your business then we’d say never share your passwords. That’s especially true of passwords to accounts that contain sensitive information, or that give access to bank accounts or accounting systems. Similarly, if the account can be used to impersonate you or your business (email and social media) that could represent a big reputational risk.
- If you do have to share a password, such as to a blog with multiple authors don’t send passwords to shared sites via email or text message. If someone hacks into your recipient’s email or steals their phone, the password could be compromised. Instead, use a site like One-Time Secret to share a link that shows the password only once. Then the recipient should put the password into their password manager.
- Don’t write down your passwords on post-it notes. It might be stating the obvious, but it still happens.
- Similarly, don’t put all your passwords in a text file on your computer. That’s what password managers are for. If someone steals your computer, they can’t break into your password manager, whereas they could open that text file easily.
- Don’t change passwords regularly if you don’t have to. As long as every site has a strong, unique password, changing a password is a waste of time (especially if doing so makes you write down the password or communicate it insecurely).
- If you do have to update a password regularly, a password manager makes the task much easier.
Don’t take shortcuts with security
We realise that it’s tempting to take shortcuts when you’re busy. Even if you think you’ve been careful about who you trust, their bad habits might mean your password is then compromised. The consequences of identity theft, particularly for a business can be really serious. Particularly if that leads to your customer’s data being compromised.
If you’re concerned about password management in your company and would like some advice, please get in touch. If you’re an existing Dr Logic client, please talk to your Technical Account Manager.