New Year’s Tech Resolution #4: Solve your password problem

KeychainIf you’re anything like me, there are entire key pieces of your life that revolve around the Internet. With all the power that comes from having a life online, there are also a whole bunch of risks, especially when the passwords that are supposed to protect your account don’t hold up.

As we’ve seen over the course of this year, even if you have been trying to do everything right and keep your password out of the hands of those who would do you harm, tech companies can still slip up and give your password to some unsavory elements.

So, here’s a guide to locking down your digital life, and protecting yourself against the monsters that lurk under the Internet’s bed.

Step 1: Stop using the same password for everything

I know everyone says that you shouldn’t use the same password, but there’s a reason behind that: if an attacker takes your password in one place, they have it in another.

I would know. A few years ago, my Facebook password got phished. I realized it almost immediately, and changed my password there before my account could become a mindless spambot like the friend who did me in. What I didn’t do was change the password to my Gmail account, which at the time shared the same username and password as my Facebook account.

That’s how I ended up waking up one morning with confused emails from a number of contacts after my email account was used to send out a flood of Russian male enhancement spam. That was a rough morning, which involved me changing all of my major passwords. I got lucky–whoever ended up breaking into my account didn’t use that access to steal my identity, and they weren’t able to get into anything with sensitive financial information.

So please, if you do nothing else, stop using the same password for all of your accounts. Your friends will thank you.

Step 2: Stop using your brain as password storage

app-icon Of course, using more than one password is hard, especially if you want to create a bunch of secure passwords. Using “Password1″ for one account and “Password2″ for another doesn’t do a whole lot more to secure you against an attacker who sits down and uses their noggin for half a second.

That’s where a password manager can come in handy: they’re programs that create an encrypted locker for you to store the keys to all your online identities. That way, you only need to remember the password to the locker itself, and your other passwords can be a mess of characters like “pNbmNPe43e@8h9LU)tUPbQ.”

For Mac and iOS users, I recommend 1Password. I’ve been using AgileBits’s password manager ever since my male enhancement fiasco, and it has always been good to me. It’s a bit on the pricey side, but brings with it powerful encryption, the ability to sync with mobile apps out of the box, and great integration with OS X.

For PC and Android users, LastPass is an excellent choice. It’s free to install, but requires a $12/year subscription if you want mobile app access and a host of other features. Still, if you want to get started with a password locker and don’t want to pay a cent, LastPass is a great option.

Step 3: Use two-factor authentication to lock things down

unnamedSecure passwords go a long way towards protecting you from an attacker, but thanks to smartphones, it’s possible to add an additional layer of security to a number of popular services without any additional cost thanks to two-factor authentication.

Like its name implies, two-factor authentication uses two of three different types of information to determine if you are who you say you are: something you know, something you have, and/or something you are.

Most two-factor implementations on popular websites require a password (something you know) and a phone which can display a one-time code (something you have) to verify your identity.

Some popular services that implement two-factor include Facebook, Twitter and Google Apps, and enabling two-factor auth is relatively seamless. For a comprehensive guide to where you should enable two-factor authentication, check out this Lifehacker article.

Bonus: Change the locks every now and then

While it’s great to create a good password system, you still want to change the locks every now and then, just to make sure it’s harder to lose control over a key account.

I have a group of key passwords, like those linked to my bank account and email accounts, that I change after changing the clocks when switching to and from Daylight Savings Time. It’s a habit I picked up from David Sparks, the co-host of the Mac Power Users podcast, and it’s served me fairly well. The group in question is small enough that it only takes me an hour or so to change things around where they need to be changed.

There you go: a quick-and-dirty guide to getting your digital life locked down.

If you’re looking for other tech resolutions, check out our previous guides to building a robust backup system, making it to Inbox Zero and learning to code.

  • DataGenetics

    Good advice, here’s a little background

    https://www.youtube.com/watch?v=MY3XWYr726I

  • DataGenetics

    Great advice. Here’s a little background
    https://www.youtube.com/watch?v=MY3XWYr726I

  • http://sitetherapy.net/ rick gregory

    Blair – I use Lastpass… on OS X. Curious as to why you recommend 1Password over that on the Mac.

    • Blair Hanley Frank

      Hey Rick,

      Primarily, I like 1Password for OS X because of how well it integrates with the OS, as well as how easily it integrates with iOS. It’s also more cost-effective for me: I want to make sure that I can get access to my passwords on my iPhone, iPad and Mac, and that they all stay in sync. Even if Agilebits, the company behind 1Password, was to shut down tomorrow, I’d still be able to keep everything synced up over Dropbox.

      In addition, I appreciate the fact that AgileBits, really does their best to be transparent about the decisions that they’ve made with the product, as well as how it deals with various security risks.

      Still, LastPass is a great product. If it works for you and you’re happy, I don’t think you need to change.