Passwords: commonly known as the annoying codes we have to remember and then constantly reset because we forget them. In our day to day life, they seem like a nuisance more than a protection. Rarely a day goes by without a client or friend telling me how frustrated they are with passwords. And it's not their fault. 10 years ago, we all had about 10 websites that we had to keep track of. Today, we each have many many more than that. Keeping track of all those login credentials can be daunting. The problem is that strong passwords are the only true protection against online attacks. So what are we to do? It's time to clear up the misconceptions about passwords and show you how you can best protect your private information online.
Having a bad password, like "123password", is like leaving the key to your house under the mat outside your door. It's obvious. You're practically inviting people to come and steal your things. Though having an easy "123" password (or maybe a password that's the name of your adorable dog) makes it easy to remember, it also leaves you extremely vulnerable. In this "house" scenario, imagine that each home's street address represents a website, like www.apple.com, www.gmail.com, or www.chase.com. To get into all of the real houses, the thief would have to travel to each house, find the key, break in, then do the same thing for each home. Not easy, and very time consuming. But to break into all of the digital houses (websites), in many cases the thief only needs to get into a single house. If they gain access, they can use sophisticated software programs to instantly open the doors to the other houses. Just a couple of clicks on their computer and they suddenly have access to all of those houses... to your websites... and eventually, to your entire digital life.
Many of us believe that certain websites are "unimportant", and we therefore create easy to remember passwords for sites like Netflix, Hulu, or YouTube TV (Ryan's new favorite service!). Who cares if someone knows what shows you're watching, right? Wrong. Thieves may not be able to find your financial information on Netflix, but they are keeping a record of you, and any information is helpful toward their mischief. Imagine on the thief's computer screen, there's a big folder that reads "YOUR NAME." If they hack into your Netflix account, they'll gain access to your name, phone number and email and they'll add that info to your folder. Over time, they'll hack into another site, find more info on you, then another site and find even more info, and slowly that folder will have enough info to hack into your life.
What is your main defense against this?
Now, you're probably thinking, "Ryan, how do you expect me to remember different, complex passwords of 16 characters or more for a bunch of sites?" The idea of remembering dozens or maybe hundreds of long, complex passwords does sound truly daunting. But don't worry, you don't have to. First, let's talk about good passwords vs. bad passwords. ;-)
Here's a quiz: Which password is better, "iliketoeatpizzawhilelayinginthesnow" or "$%^&dS1"? Maybe surprisingly, the guy who eats pizza in the snow has the better password! The reason is that the first password is long and the second is short. The best password is a long password.
If you remember one thing from this blog, remember this: The best password is a long password. Thieves aren't sitting at a computer and randomly typing in keyboard combinations to guess your password. They're running very sophisticated programs that enter letter/number/special character combinations every second, and if your password is short enough, that program will eventually guess it. The longer your password, the harder it is to crack it. In fact, if your password is 16 characters or longer, it will take even the fastest computer decades to guess it.
That being said, nowadays computers are guessing even word combinations, so “iliketoeatpizzawhilelayinginthesnow” isn’t as safe as it used to be. Therefore, the strongest password is long AND complicated. In addition to this, you should have a unique password for each website. (If you owned all of the houses on the block, you wouldn’t use the same set of keys for every house, would you? See below at what happened to MyFitnessPal as a warning to not reuse passwords). Having a long and complicated unique password for each site is the main way to keep your data safe online.
Many people write their passwords in a Word document, on a Stickie note, in their computer address book or in another place that is convenient and easy to access. This makes it simple for people to find their passwords as they need them. It’s often the primary choice for moms and dads who not only have to keep track of their passwords, but also the kids’ and family passwords (“Honey, what’s the Amazon password again!?”). Soon keeping track of passwords becomes a full time job. The danger -- HUGE DANGER -- of storing passwords this way is that thieves know that people like to do this. If they ever hack your computer, these hiding places are the first things they’ll look for. And if they get physical access to your computer, they will find it within seconds. They even know all the tricks some people use, like putting their passwords into code, reversing letters and numbers or changing the name of the contact card that lists the passwords… the thieves know ALL of these and can usually crack them fairly easily.
This is why we recommend that you get a password manager. A password manager keeps track of all of your passwords for you but locks them into a digital “vault”. Not only that, it will also help you update all of your passwords from simple ones to longer, more complicated ones. When you need to login to a site, the password manager will do it for you. Voila! ;-)
Our favorite password manager is Dashlane (www.dashlane.com). Dashlane works and syncs to your Mac, iPhone, iPad, and most non-Apple products. It’s a safe and easy way to have access to your passwords on all of your devices. Using Dashlane will allow you to go from remembing dozens of passwords to only having to remember one password: the password used to unlock the Dashlane “vault” and gain access to all your other passwords. This is called your “Master Password.” It’s like the key to your safety deposit box at your bank. (Some competing password managers that we also like are 1Password, LastPass and KeyPass, and Apple has their own free version called iCloud Keychain).
As we were writing this blog, a major website was hacked (true story!). MyFitnessPal, one of the most popular fitness and nutrition tracking apps in the world was recently hacked, and 150 million users’ passwords were compromised. You would not be alone if you missed that news. However, when we opened our computers today, Dashlane let us know that MyFitnessPal had been hacked, and offered to help us change our password. Thank you Dashlane! Since we have unique passwords for all websites, however, even if the hacker got our MyFitnessPal password, that would have been the only password they got from us. If we instead had been one of millions of people who use the same password for most of their logins, then the hackers would have been able to hack our entire digital life (you can read more about the MyFitnessPal hack here: https://content.myfitnesspal.com/security-information/notice.html).
1. Passwords are VERY important. They’re the main and only true defense against online attacks.
2. All of your websites should have a unique password that is both long and complicated.
3. Password managers (like Dashlane) are the safest way to store your passwords.
We can’t stress enough the importance of password protection on your computer, but we realize that this can be overwhelming. If you need any help setting up a password manager or want someone to double check that your passwords are strong and secure, feel free to contact us. You can call, text or schedule an appointment online. We’re happy to send a technician or talk with you over the phone. Visit our website at www.ryanbailersupport.com or use this direct link rbs.as.me to schedule an appointment. We’re here to help. :-)