Time to secure those accounts, and use safe passwords
When my phone broke during my holiday I found out the hard way that I had missed a few important steps in properly securing my accounts and passwords. My accounts were never unsafe or in danger of being compromised, but not being able to use my phone turned out to be the weakest link in my security chain. I effectively had locked myself out of my most important accounts. It took a few days for me to get a new simcard and get my backup phone up and running again. I was able to regain access to my accounts and walked through all the security and back-up measures.
I will share my top 5 tips into making your accounts and passwords even more safe!
- Use a password manager
- Create complex passwords
- Use unique passwords
- Use two-factor authentication
- Give someone else your master password
1. Use a password manager:
Preferably one that can sync across different devices, can be accessed at all times, has safe authentication and a backup methods. Such as 1Password, Dashlane or Lastpass. A good comparison of tools can be found here. I use Lastpass Premium, which is also the preferred tool at Indivirtual. It stores passwords, private data, files, automatically fills forms and it even vacuums your house at night! A very complete tool for a fair price.
When you use Lastpass, make sure you run the security challenge periodically to keep your passwords fresh and safe. It will let you know if certain sites have been compromised and gives you advice on your passwords. I have a score of 97%, can you beat that?
2. Create complex passwords:
Hey, now that you are using one of those great password managers it is time to get rid of your awesome secret password from the last 10 years and start creating some complex passwords instead. Go crazy, and create those 16 character GFD^y3#jkS$826De complex passwords. You don’t have to remember them anyway!
- Word of advice: Sometimes you will require a password that needs to be remembered “easily”. For instance the one for your password manager! I watched an interesting TED talk by Lorrie Faith Cranor the other day explaining what makes a good password. TLDW: a pronounceable, but not a dictionary password…
- PS: Indivirtual’s Erwin Griekspoor has written a detailed blog entry about this subject in the past as well (In Dutch): De zin en onzin van een wachtwoordbeleid
Use unique passwords:
Since you are using one of those great password tools you no longer have an excuse to use the same password for different accounts. Obviously this would prevent a “hacker” to easily gain access to all your other accounts by simply trying the same password. Your passwords should be like people; different.
Use wo factor authentication whenever possible:
Especially on your main e-mail account(s), since this is usually where all the other passwords of all your accounts can be reset!! Two-factor authentication will always prevent someone from accessing your account from a new computer or device without the second authorization (usually from your phone). Even if someone has your password.
But, here are the extra important security backup tips!
- Add a backup phone number. Better yet add two or more backup phone numbers if possible.
- Copy a recovery key, or set of keys, and save those in your password manager. This will help you get access even when your phone is broken, or you can’t access your e-mail anymore.
Give someone else your master password:
This last tip is a bid morbid, and of course, something that nobody likes to think about. But, just in case something does happen (even a long hospital stay) you’d want to make sure someone else can access your accounts to close them or view whatever else information it is they need.
Most people I have spoken to do not have a will/testament. It must be the age, but we will take care of that testament in those retirement years!There are plenty of online services who claim to do this, or you can add the passwords in a document in a will at the notary.
If you have a Google account you should check out The Inactive Account manager. This account manager allows you to leave your digital Google assets behind to whomever you choose and lets you add a personal message. have to warn you that this is extremely uncomfortable to set-up, especially the message :-(But, hey! You are reading this, so you are still here! So go ahead and take this cruise on this new cool unsinkable ship, what can possibly go wrong?! YOLO!
for those who have a Gmail/Google account. Run the Google security checkup. It will help you set-up pretty much everything that was mentioned in the earlier points.
In the unlikely event that I missed some other good tips, please correct me in the comments below. ;-)