How to Protect Your Passwords in the New Year
Hello! My name is Jonathan Hickman and I am the Director of Development at Virtual Resort Manager. According to Microsoft Research on password protection, the average person uses 6.5 passwords across 3.9 different sites. Most users manage about 25 password-protected accounts.
I know what you are thinking. How are we expected to keep track of all the different passwords, and consistently change them every few months?
"This is the same thing everyone keeps saying!"
We know that you care about Internet security. Right? But, let us pretend you shrug your shoulders or throw up your hands at the notion of ever changing your password or having more than one of them. Nonetheless, you still want to avoid spending hours or days cleaning up a mess from a hacker breaking into your system!
Here is the good news. When it comes to password protection, we are not telling you to change all of your passwords. You should simply have more than one. At VRM, we recommend that you have five different passwords that are completely different from one another. Each of them should be easy to remember but reasonably complex.
- Banking websites.
- Sites that hold your credit card information.
- Your email account tied to your banking website and websites that hold your credit card information.
- Your email accounts that you give out to people that you think might be willing to sell your information and websites you do not trust.
- Websites you somewhat trust.
To show the importance of this, let us pretend that you fell in love with a celebrity cat online. (We have a vivid imagination.) You go online and sign up for the "Smudge the Cat Online Fan Club". This forum has lots of new pictures of Smudge the Cat so you are excited.
You put your email address and the password that you always use "ilovecats". However, after a short period of time, you find the official Smudge the Cat Instagram account at https://www.instagram.com/smudge_lord/. And, even though you enjoyed your time talking to others about your obsession in the fan club, you also discover the official Smudge the Cat subreddit at https://www.reddit.com/r/Smudge_the_cat/.
Months go by, and you forget about the "Smudge the Cat Online Fan Club". But, you did not know they were storing plaintext passwords in their database. (Even if they were using weak hashing algorithms, your password could still be vulnerable to various attacks.) This site was running PHP forum software that was not kept up to date. Hackers have taken over, and now they have both your email address and your password! So, the hackers send you an email saying, "We hax ur computer! Pay now or we erase life! We know ur password 'ilovecats'!!" You panic... for good reason. You do not even know how they found out your password!
If you were using a single password for everything, the hackers not only have access to your fan club account, but they would also have access to your email account. They could visit multiple sites and request password resets and take over all of your accounts. Facebook, Reddit, Instagram, and even your business accounts? Hacked! Plus, now, the spammers are using your email account to send spam messages and viruses! They also contacted your grandmother via email and told her you were stranded in Monowi, Nebraska with no money for an Uber. (Fortunately, she could not figure out how to send the wire transfer.)
If you had multiple passwords, you would know that only the insecure websites were vulnerable, and you could possibly even track down which site was hacked. Plus, while you would need to change your number 4 password (which was used on the fan club), your number 5 password (which was used for Instagram and Reddit) would be safe.
For effective password protection best practices, five passwords should be the minimum. You can certainly have many more. Plus, with browser extensions such as LastPass, you can even have different passwords for every site on the Internet and only need to remember a single password for your LastPass account. (We highly recommend this plugin, and it works on every major browser.)
It is inevitable. Eventually, one of the many websites you use online will be compromised. This year, make it your resolution to stop using the same password everywhere. This little bit of work now will save you a lot of work down the road.