I am a paranoid internet user, and as such I take passwords and online security very seriously.
In light of poor @DarthMol’s recent Microsoft store purchase and apparent password breach, I thought I would just give a few of my tips that I found very useful.
DISCLAIMER: Please keep in mind I am not an IT security specialist, so these are just some tips, and don’t hold me responsible if you get hacked
The Obvious Ones
- Dont share your passwords with anybody. Duh.
- Don’t use the same passwords for all your sites and apps. If one gets compromised, they all get compromised.
- Wherever possible, use 2 factor authentication. We will cover this further down below.
- Mix as many non standard characters into your passwords as possible, like @$&#?!
- Never let your browser automatically save your passwords, especially for VIP sites like banking.
Some easy tips
- The longer the password, the harder it would be to guess. But it also makes your passwords harder to remember. So try to make an easy to remember formula for your passwords.
For example, use a phrase that you will always remember. Like, Greg Redd wets his bed. This is easy to remember, but hard to guess. So your baseline password can be GregReddWetsHisBed.
Now we can add some other characters. For example change any S to a $, an A to a 4, an I to a 1 or an !. Dont go too crazy, you still need to remember it!
Gr3gReddWetsHi$Bed
But we cannot use this as every password. So we customise it for each situation by slipping in a relevant word. Your Facebook password can be:
Gr3gReddWetsHi$FBBed or
Gr3gReddWetsHi$TWITTERBed
Now we have an easy to remember, very hard to guess password, and all the passwords for every application will be different.
- For 2 factor authentication there are generally 3 options.
- sms code
- email links or codes
- code generator apps
They all serve the purpose of asking you to verify a purchase or login to make any password compromise harder to follow through on.
You log in with your username and unique password and then you need to supply a unique code to verify that it is in fact you logging on. These codes are randomly generated and will only last for short periods of time to add to their security.
- Too much to handle? Then use apps to help you out.
I use 2 apps for all my security needs. These apps are on my phone and require fingerprint access to open up so should be fairly safe if my phone gets stolen. They also have backups online with a super long randomly generated password, printed out and kept in my safe room in case I need to recover their password.
The first app is LastPass. This is where I store all my passwords in a secure app. You should check it out, and compare to some others. Online storage, and free. You can also choose offline only storage if you feel you dont trust them enough. For some critical apps, it can even generate random passwords that nobody will ever guess. Finally, you can assign groups like Entertainment or Work or Banking to find the password you are looking for that much easier to find.
The second app is Authy, which is a 2 factor code generator. This is compatible with every other code generator used by sites. It supplies a random 6 digit code for every site you add. These codes expire after 30 seconds and then a new code gets generated. I even added an Authy code to my LastPass access.
This turned into a super long post! Sorry about that! I just hope somebody can use this to make themselves a little more secure online and protect their passwords.
If you see anything worng with my post, or want to add some tips, please do so in this thread! Maybe this can turn into a hub for good, safe, online experiences!