Seems like every week you read about another website that lost people's (meaning YOUR) passwords. The reality in today's digital world is a password alone, especially one that you use at multiple websites, is no longer an effective way to secure access to your on-line accounts. Here are some tips on how to reduce the risk of having your accounts hacked.
- The best solution is to use something called 2-Factor Authentication. 2-Factor means something you know, something you are (like a finger print) or something you have (like your phone or a security key fob). Not all websites support this, but most banks and brokerage accounts do. Always use 2-Factor Authentication when you have the opportunity to do so, especially for accounts that handle money.
- Never let your browser save your passwords. Hackers have found ways to steal those right out of your browser's storage area.
- As painful as it may seem, never use the same password at more than one website. When a website looses your password, your other accounts will not be at risk. Use of a password manager tool will greatly help and simplify the management of all your passwords.
- Use passphrases when possible. "That was a an issue in 1979&^" is almost uncrackable and more secure than passwords like "YT&TGjh!".
- To reset your forgotten passwords, some sites ask you questions like "what is your favorite music" or "what street did you grow up on". Make sure a hacker can not find the answers to your questions on Facebook or your other social media accounts.
- For extra security, make the answers to all your questions nonsensical. ex. Your favorite color is "printer". Ideally, the answers to all your questions are different at every website. Yes, hackers are stealing reset answers too, in addition to passwords, email accounts and other information about you. Again, a password manager tool can help simplify the task of managing all your security question answers.
One final suggestion. What would happen if you lost your phone? Do you have PIN access, finger print or facial recognition turned on? If you do not, then who ever finds your phone will be able to access all your phone application accounts and use your email to reset passwords for accounts that permit that type of reset.