Every account you make on any website or app has one thing in common – a strong password. At least ten randomly generated characters, a number or two as well, and some symbols thrown in for good measure. Oh, and every account has a unique password.
Does that sound like you? It sure doesn’t sound like me. What it does sound like though is well thought out, effective, and secure password security – something many of us take for granted, because the credit card company will credit back the fraudulent transaction and the support team will help reset your password for you. The problem is that they can’t refund your identity.
Step 1: Password Management
We’re all human, falling into a rhythm can be forgiven, don’t beat yourself up if you reuse the same three passwords on every website. Thankfully, security minded individuals have taken the legroom – well, brain-room – out of remembering all of these unique passwords for us – many browsers have built in password managers, and some include the option to generate a strong, random alphanumeric password for you when creating an account. This is the best free option available and it’s better than nothing – plus it’s a strong step in the right direction.
It’s no secret that Google and other browsers are keeping your information and selling it to advertisers, and to some that’s the cost of living in a digital world. If you’re uncomfortable with providing them with access to your passwords as well, there are third party services available like LastPass that work on any browser and are accessible on mobile devices. The paid service also includes encrypted storage, multi-factor authentication, and one-to-one sharing for when that one friend we all have asks to borrow your Netflix account for the night.
Step 2: Be In The Know
Even with a super secure randomly-generated password sometimes the worst happens, and the wrong people access your account. Often, it’s due to a data breach on the website itself, something completely out of your control, and unfortunately in many scenarios the public isn’t informed until months after the breach.
Would you like to be one of the lucky ones who knows the second their account has been compromised? HaveIBeenPwned has long been my go-to website to check up on my various accounts. Simply type in your email, click “pwned?” and a list of account breaches will populate, unless you’ve been lucky. My ten year old Gmail account has been breached 17 times, and I know for a fact I was never contacted by at least half of the companies.
Step 3: Prevention
This same website offers a newsletter signup that operates a little differently from the marketing emails you’re used to. Instead of weekly messages filled with advertisements, sales, and feature updates, once you’ve entered your address with them, you’ll only ever receive an email if they’ve detected that you’ve been affected by a breach. This allows you to react very quickly and change your passwords, remove credit card information (or change the card entirely depending on how severe the breach) and protect yourself when it matters, not weeks after the fact. I would highly recommend setting this free feature up with all your email addresses, work and personal.
There’s no simple solution to account security, every person has different needs. Breaking it down into three steps though, hopefully makes this process a little easier.
It’s not a matter of if, but of when.