How to Minimize Your Risk of Password Theft

The only way to minimize the impact of stolen log-in credentials is to use a different password for every site.

  • Share
  • Read Later

When it came to protecting your private information, security professionals used to focus on the complexity of your password. Make a password harder to guess and for hacking programs to break, and you would be safe.

That advice is still valid. But with the massive security breaches at tech companies like Adobe and LinkedIn exposing hundreds of millions of user names and passwords (and who knows how many breaches we haven’t even heard about), simply creating a complex password isn’t enough. The only way to minimize the impact of stolen log-in credentials is to use a different password for every site.

For most of us that’s a daunting challenge. Who can remember 50 different passwords? The answer is a password manager that lets you create as many complex passwords as you need and store them all in an encrypted database under one master password for easy reference and auto-filling. Once you have your password manager running, it fills in your user ID and password for you whenever you visit a website.

When creating your strong passwords, go for at least 8 characters (the longer the better), with a mixture of upper and lower-case letters, numbers and, if the site or service allows, special characters, such as “!,” “#” and “?.” It should be something you can remember easily. A long sentence works well when you take the first letter of each word and then substitute the vowels for numbers or symbols.

For example: The quick brown fox jumped inside the orange box and slept = Tqbfj1t0b&s

However, it’s also been proven that really long passwords work just as well. Numbers, capitalization and special characters are all bonuses, but a short password that uses all of these tricks may still be easier to crack than a long password with real words, such as “iliketobakecookies”

All of the major browsers have password managers built-in. Sometimes you’ll find it under “auto-fill,” since the browser automatically fills in your password. Only the free Mozilla Firefox Web browser for PCs and Macs has lets you protect your password list with a master password. Google’s Chrome browser requires you to log in to save or use saved password, so logging out will protect you. Apple’s Safari browser on Macs stores your password in the iCloud Keychain, which means your passwords will auto-fill if you’re logged in. However you’ll need your iCloud Keychain passcode to view the stored passwords. Internet Explorer will auto-fill any passwords stored and show you the passwords.

Fortunately, all browsers will only auto-fill if you’re logged in to your computer profile, so remember to log out when you’re done. And set your computer to sleep after a few minutes of inactivity and require your password to come out of sleep so no one can use your computer when you step away.

  • On Windows PCs, you’ll find this under “Control Panel” then “Appearance and Personalization” and then in the “Personalization” section you’ll find “Change screen saver.”
  • On Macs, go to “System Preferences” then “Security and Privacy” and you’ll find it under the “General” tab.

A better option is to use a stand-alone password manager. The best let you sync your passwords across Windows PCs and Macs, as well as Android and iOS devices, plus help you generate unique strong passwords for sites and securely store your credit card info. Two of my favorites are RoboForm (free for 10 logins, premium with unlimited logins $9.95 the first year, $19.95 thereafter at roboform.com) and LastPass (free for desktop app, or $12 per year for a premium account with access to mobile apps on lastpass.com).

For a free option, I like Norton Identity Safe, which works on Windows PCs, Macs, iOS and Android devices and stores credit card info. It doesn’t have the password generator, but it works.

This article was written by Suzanne Kantra and originally appeared on Techlicious.

More from Techlicious:

4 comments
SpawnAllan
SpawnAllan

Great article. From what I have seen so far the best thing about RoboForm is that you can use it to generate different password for each account you use so if your LinkedIn or Adobe account gets compromised you only have to change your password for those accounts, not everything else using the same password.

MSanchez327
MSanchez327

I didn't know LinkedIn had gotten breached, well written article.
Will need to look into RoboForm, looks really well managed after looking at their Facebook and home page.

PetrPinkas
PetrPinkas

Great article. Another solution for managing passwords could be Sticky Password. www.stickypassword.com