Author: Norman W. Gutmacher
You hear it time and time again. You need complicated passwords to protect your personal/private information. You may think that you don’t have that much private information, but, then again, consider the number of credit cards, bank accounts, insurance accounts, websites [such as for your employer, social media, government accounts (e.g., Social Security, TSA, etc.), travel accounts and other accounts] that you need to log into in order to access. But it’s a pain, isn’t it? You have so many different websites and accounts that you need to log into that you fear forgetting your log in or password. How can you keep track of all the login names and passwords.
So what do you typically do? To minimize the problem, you utilize a handful of log-in names that you use for multiple websites and accounts, and a similar passwords. That way, when they do steal your credentials, they can log into all your accounts!
What can you do if you really want to protect your personal information?
First if your passwords using known personal information (i.e. - birthday, anniversary, your spouse’s or child’s birthday or anniversary or your mobile telephone number), then you should change them. There is so much information about you and your family that is easily discoverable on the Web, that these types of passwords are easy to guess. Rather, use more complicated passwords, at least 8 characters in length, that contain upper and lower case letters and at least one “special” character or symbol, such as #, %, or ^.
Second, consider purchasing a password manager. I prefer the non-cloud (non-web) based password managers because if the Website of a cloud based password manager is compromised, then so is your information. Besides, what better target for hackers than a Website that stores passwords???
Third, always use MFA or “two-step” authentication for sensitive accounts like bank and financial accounts. Two step authentication involves entering a temporary code in addition to your password (i.e. - text message or email code or a smartphone app to approve) to authenticate access. This can create a perceived problem, if say, the code was sent to your smartphone and the battery died. The reality is there are many options to receive a code (email link, app, SMS, even phone call). Most sites allow you to select the “two-step” option at login so you can avoid the worry of not having access to your important sites.
Fourth, change the settings on your computer and smart devices so that they do not “store” your passwords when you use a browser (i.e., Chrome, Firefox, Microsoft Edge, Internet Explorer). If you don’t change the settings, then the user name/passwords can by hijacked by other websites/trackers while using your browsers or accessed when device is stolen. This often involves changing settings on your smart device or computer. This may be in the form of auto-login or other settings that make it easier for you to login, but may also make it easier for someone else if your device breaks and is in for repair, or if your device is stolen.
Fifth, avoid entering passwords on “public” computers, or any computer or device, for that matter, that is not your own. The public computers (as well as other computers and devices) may “automatically” store passwords that you enter. This means that the next person, or the owner of the other computer or device, may be able to retrieve your passwords and logins.
Sixth, avoid entering passwords when using unsecured Wi-Fi connections (such as at a hotel, an airport or a coffee shop). These “public” Wi-Fi locations are often a favorite target for hackers, who can intercept your passwords and data over this unsecured connection. If you must use a public Wi-Fi connection, then access it with a Virtual Private Network (VPN) app, which makes it significantly more difficult for hackers. I went into this in more detail in a prior “Tips” article that is available on Benesch’s Website here.
Last, remember to clear information and then delete unused accounts, such as from banks or credit card services, businesses that you no longer use, college, reunions or social media. These sites may still contain your information and data and can be breached. This can be a hard and tedious process if you can actually close the account, so be stingy with what accounts you create to begin with.