How do I keep my passwords secure?
An author I was doing some work for recently sent me login details for one of their online accounts. In an email. All in plain sight. When I had a call with them, I suggested that they use a password manager or at least send the user name for an account using one medium (e.g. email) and the password using another (e.g. SMS). Still not ideal, but much better than sending a plain text email with the keys to your online world.
Here are some tips to help you navigate the tricky world of password management.
Complicate your password, at least a little bit
Password123 is not a password. Letmein is not a password. ILoveU is not a password. These are among the most commonly hacked passwords in the world. Your birthday or your children’s birthdays are not passwords either. You may as well walk around with your user name and password taped to your forehead. Try a bit harder. Add some dashes and underscores in there, then an asterisk for good measure. Three stars for you.
Don’t use the same password for everything
This seems pretty obvious, but too many people do it.
Use different passwords. I know it’s hard to remember them, but if you follow the next tip, you don’t need to worry about this. If you insist on using the same password for multiple accounts, at least have a different password for your email and for your bank account. Your email is the key to so many things online; online bank accounts, social media accounts, and everything you have ever sent to or received from anyone.
The reason you don’t want to use the same password for everything is that if someone was to hack one of your accounts, they could put that user name and password combination into a hacking application and it could try it on thousands of different sites in a matter of seconds.
Use a password manager
There are many of these. Exampes are lastpass, 1Password, and …Some of these have autofill features enabling you to automatically login to sites by filling in your password for you. Some have sharing features, so you can share passwords with other people and not have to send them by email, or scream them over the phone. But, did I just condone sharing passwords. No, I didn’t. Check out the next tip.
Do not share passwords unless absolutely necessary
Where you can avoid it, do not share passwords with other people. Seriously. It’s so much better to have different logins for everyone. If you have a developer working on your author website, they should have their own login details. If you hire an intern, own login. If you fall in love and your partner wants to help update your site, own login.
Login with only the access level you need
Let’s use your author site as an example again. If you login to the site to add blog posts every now and then, you do not need to be logging in with full administrator privileges. Editor privileges work fine. Set up an admin account for all the high level work and then set up a second account for general edits. Use the latter one. If you login to your site using a shady wifi connection at your favorite coffee shop and some naughty fella or felicity has some clever software on their laptop, they can hack into your site and add or delete stuff, but it will be very hard for them to take over the whole site and you can hopefully kick them out before they do massive damage.
If they were to login with an admin account however, it’s bye-bye website.