Fix Your Password Habits NOW, Before Identity Thieves Strike

Computer Privacy
With so many criminals eager to break into your online accounts to steal your money and your identity, it’s critical to create and use strong and long-length passwords to keep them all out.
But the average person probably has scores of passwords to remember and manage – and unfortunately most respond to this challenge by adopting very simple, easy-to-break passwords.
Many individuals who are less net-savvy tend to use easy-to-break passwords for all of their online activities, involving bank accounts, retirement accounts, and other critical items.

Password Management
Must Become a Personal Goal

Let’s face it – without adopting an effective personal password management system, there are just too many user names and passwords to memorize. After Sony’s security breach in 2011, security professionals were able to analyze the exposed passwords and discovered 92% of passwords were re-used across more than one Sony platform. (Implying most do not create unique passwords to protect their various accounts. Sound familiar?)
This is disturbing, because once a thief breaches one of your accounts, all of your other accounts could fall like dominoes if you’re using the same password everywhere. Creating and using long, secure, unique passwords is vital to your privacy and security.
Below are savvy strategies that can help take the burden out of creating and memorizing passwords. These approaches can make the whole process of “password management” much more convenient, fast, and more secure than what you may be doing now.
Before diving into them, let’s review how to create secure passwords in the first place because in order to get the most out of either of these strategies, you will need to create strong and secure passwords first.

Best Practices
for Creating Secure Passwords

  • Make your password much longer! Hint: aim for at 15+ characters in length. Pad it!
  • Include each of the four character types in the password: symbols, uppercase letters, numbers, and lowercase letters; in that order of preference. Most people use only lowercase letters and do not use symbols – go against the herd.
  • Turn easy-to-remember phrases into passwords, then add in and flip around the four types of characters… then, pad it and make it longer.
  • Do NOT use easy to guess passwords or passwords that can be found in any dictionary (including foreign language dictionaries). It’s worth mentioning, don’t use any personal information as a password either – birth date, child’s name, address, etc.
  • Do NOT use the same password, or similar passwords, for all your accounts (bank, broker, online credit card portal, Facebook, Amazon, or hotmail)! If one account gets compromised you don’t want to create a domino effect.
  • Do NOT use your top-secret, extra-secure passwords (banking or insurance, for instance), with less secure accounts like webmail or free membership sites.
  • You may want to create a password file. It could be a simple document with a list that contains the account name, user name, and password. For instance, Facebook: username, password; Gmail: username, password; and so on.
  • When you need to login to an account, open your encrypted password list and retrieve the appropriate login and password credentials.
  • You can keep a back up of your password list on your jump drive or upload the encrypted list to a cloud storage account such as Wuala.com.
  • Wuala adds a bit more convenience because it allows you to automatically sync your stored data onto different devices. And it lets you access your password file from virtually any Internet connection in the world.

    • In addition, Wuala enables you to encrypt, back up, and store any file (not just your password list) to the cloud and access it via the Internet.

LastPass.com was founded specifically to address secure password management concerns. Their free option is extremely robust. All the steps mentioned above – using Truecrypt to encrypt your password list and storing it on local hardware (such as a USB jump drive) or in the cloud – are rolled into one seamless package with LastPass, with a few extras included.

Here are some highlights:

One Click Login – Once you load your accounts, usernames, and passwords into LastPass, all you need to do in the future is click one button and LastPass automatically logs you into the account you want (banking, webmail, Twitter, etc.). No need to type!
Generate Secure Passwords – You can ask the program to generate secure passwords for you. You don’t have to spend any time “inventing” new passwords. Just choose the parameters you want the program to use to generate new password ideas such as: lower case letters, upper case letters, numbers, and special characters. Then accept or decline the passwords the program generates.
Screen Keyboard – Protect yourself from malicious keylogging software. Keylogging software records the keys you type onto your keyboard. This is especially a concern if you access LastPass from a computer that doesn’t belong to you (perhaps at an Internet cafe). Instead of typing your password on the keyboard, click on the “screen keyboard” link and a “graphical” keyboard image appears on the computer screen. Then, use the mouse to select each key you need to input your login and password information into LastPass. Any existing keylogging software is rendered useless.
One-Time Passwords – These are auto-generated, throw-away passwords that give you temporary access to your LastPass account. LastPass makes this feature available to help secure your master password while you’re on the road or if you want to share your account information with a trusted person, but only once. Once a One-Time Password is used, it expires and can’t be used again.
Password Sharing – This enables you to securely share certain passwords with others and maintain the ability to cancel the privilege at any time. This is a feature you’d use when collaborating on a project and you want other members to have access to the same account. Perhaps to the back end of a website or online film and photo-editing service.
Multi-factor Authentication – This is a paid feature that greatly enhances security. It allows you to set up LastPass to grant access after “two-steps” are satisfied. For example, enter the correct LastPass credentials AND an additional set of credentials. Perhaps input a second graphical-based password or connecting a “physical key,” such as a USB jump drive or Yubikey, into the computer to allow access to your LastPass account. If one step is missing, access is denied.
Other features worth noting: Phishing Protection – Helps protect you from phishing attacks. These attacks work like scams. The crooks send a fake email, perhaps one appearing as though it’s from the victim’s bank. The email asks the victim to enter their login information onto a fake web page designed to look like the bank’s website. If the victim is duped and complies, the crooks have all the needed banking account information.
Identify Weak Passwords – LastPass can analyze your passwords for weaknesses and offers suggestions to strengthen them.
Identities – This enables you to organize your passwords by segregating your personal accounts and passwords from your work-related passwords and accounts.
There are other password management services on the market. However, one more important security feature not available with many other services is the decryption keys stay with you. This means even LastPass employees cannot and do not have the ability to access your encrypted data through their corporate servers.
Please note: you still have to create strong and secure passwords for each of your accounts to maintain enhanced security. But the good news is with a secure password management system, you no longer need to memorize all of them. Just simply memorize the one master password for the password management program and better protect your privacy and security the easy way!