So after reading this terrifying infographic on passwords and online security, I just spent the last 3 hours changing all of mine and setting up all new procedures for recovery and access. Oh, I’m sure it’s still not perfect or hacker-proof, but maybe it’s enough to discourage someone and send them off to find an easier target.
And I will bet dollars to donuts 99% of you have vulnerable passwords just like I did. I know most of us use the same password or a variation of it for just about everything. Something like “kitty2004”. We all do. It’s human nature and it’s a pain to remember 19 different complicated ones. But you have to.
And what’s even worse, most of us have very vulnerable procedures to reset and recover passwords. Do you use your main email for all your password resets? Bad. Very bad. As soon as someone gets access to your email, they get access to everything. Use phone numbers for alternate password resets? Most of your phone numbers are public on the web – Facebook, IM profiles, LinkedIn, tons of places (trust me, I can find them).
So what do you do? Well here’s a few tips to get you started being safer and less hackable:
1. Use complicated passwords, never repeated, unique for every account you have. And no, not a favorite word with a capital letter and a number. You need something untraceable and random using symbols and numbers like “#9zgDDy57%”.
2. Setup a new web based email address (hotmail, yahoo) to be used ONLY for password recovery. Leave it alone for anything else. Do not use your primary or work email for any account settings.
3. Make bogus answers that no one could guess or find online to security questions. This means “What is your mother’s maiden name” is answered with “tigerpoop”
4. Go get rid of all personal contact information online on any social accounts or anywhere else they may be. Use only email addresses. NEVER physical addresses or phone numbers. (spend some time searching yourself on all the major search engines and dig deep, like 10 results pages in just to make sure you track them all down).
5. And finally, maybe most importantly, use gmail or another email service that offers 2 step verification. That means in addition to a password, Google will ask you to enter a security code sent to your phone by text, that you enter anytime you try to login on a machine that you haven’t used before (so this means you only have to do it once on your home computer – which obviously should be password protected as well).
So yes, it’s a hassle. But losing your identity will be a much much bigger hassle and costly. Store your new passwords in a text file on your phone – which yes, should be password protected. If you’re not already locking your phone constantly, you’re making a big mistake.
Good luck. Now I just remembered I didn’t change my Amazon password. So off we go…….