Password Security

We use passwords for everything these days. Our email accounts, our bank accounts, our social media accounts. While you may believe you have come up with the most bulletproof, cryptic combination of your dog’s name, your kid’s birthday, and a couple wildly unpredictable punctuation marks (who’d ever think to put that zany @mpers&nd there?)—the fact is, hackers often spend less time trying to guess your password than they do simply asking someone to send it to them. Someone like your bank, for instance.

I just read this terrifying article in Wired magazine, and so that I’m not the only one losing sleep at night, I thought I’d share it with all of you. The gist of it is this: no wild arrangement of letters and numbers, on it’s own, is going to protect you from a committed hacker. You need to take further precautions.


Two-Step Verification

We recommended that everyone uses 2-step verification for passwords. Though it can be a pain at first, you’ll get used to it. It is one more (effective) barrier between you and your identity being stolen and your life consequently ruined.

Basically, 2-step verification means that whenever you log into a website, app, online form, etc. you will be given a second authorization code (often texted to your phone or something). Then you finish logging in with that second code. The advantage is two-fold:

  1. it forces you to have immediate access to more than one personal device—something hackers won’t often have; and

  2. you get a unique code every time you do it. It’s never repeated.

Here’s how just a few of the major digital services employ two-step verification:


Multiple Passwords

Another important precaution is to mix it up more. You gotta STOP using the same username password for every daggone login you have (you know who you are, Ronzetti78). I guarantee you that once someone figures out your Twitter password, the next thing they’re going to go for are your PayPal and HSBC accounts. They’re going to start with the same login info and just go from there. So if you’re using the same password for multiple accounts, it’s just a matter of time. If you need a way to keep track of multiple passwords, Abena Bailey recently recommended LastPass, an app for Chrome.

Or if you’d rather have something that’s not an extension of your browser, try Dashlane or RoboForm. By using these, you can keep all of your passwords encrypted on your machine, and only one crucial password (you have to keep track of this one) will allow you access to the others.

A few more things to consider:

  • Stop with the obvious. Whenever you can, choose original “secret questions” and “password helpers”. I’m no hacker, but I bet I could figure out your mother’s maiden name pretty quickly.

  • Make things complicated. I can tell you right now the wifi password for 90% of all bars in Saigon (it’s 12345678). But generally speaking, the harder it is for you to remember your password, the longer it will take for a hacker to figure it out. Take time to garble it all up, and resist that compelling urge to include the year you were born.

  • Circle the wagons. If your laptop, phone, or tablet is stolen, drop everything right now and start taking steps to protect yourself. Two-step verification won’t do you a lot of good if someone else is using your phone. You need to immediately start changing your account logins and using apps like “Find My iPhone” to remotely disable your devices.

  • How badly you get hacked is not up to you. Let’s say someone hacks your Facebook account. No big deal, you change your password and delete all the spammy posts, right? But what if they take an extra hour to snoop around? Before long, they know your hometown and they can easily figure out your home address. They know where you spent your honeymoon, which happens to be one of your security questions. They also know your dog’s name, your kids’ names, when they were born (very likely to the minute) and how much they weighed when they were born (to the ounce). They could soon have a wealth of other information about you. It’s really up to them how far they want to take it. By tomorrow morning, they could be in control of your bank account, credit cards, your Amazon account (you can buy anything on Amazon), your mortgage payments, student loans, the list goes on and on...

  • It can (and does) happen to anyone. We all know someone whose identity has been stolen in one form or another. Just in the last year I can think of my sister, at least one teacher at SSIS, and a good friend of mine. You may not be sitting on piles of money; that’s okay—Small-time and Unsuspecting is who identity thieves target.

Until the day comes when passwords are a thing of the past—and hopefully that day will come soon—we are all particularly vulnerable to weak digital encryption methods. We all need to be more proactive about protecting ourselelves.