May 4, 2020

Creating Strong and Secure Passwords

When was the last time you updated your passwords? Here are a few easy steps to keep your accounts secure and increase your overall privacy.

Strong, unique passwords are important for several reasons. The first is that malicious cyber threat actors compromise your personal online accounts. This can completely expose your passwords, and worse yet, expose your personal information that uniquely identifies you, with information like your email address. That means that a malicious actor can look for other accounts associated with you, such as work-related, personal social media, or banking accounts. When the malicious actor finds your accounts they can try logging in with your exposed password and if the password is reused, they can gain access.

The second is when malicious cyber threat actors can’t easily find or guess the password, they can use a technique called brute-forcing. This is a technique where they try every possible password until the correct password is identified. Computers can try thousands of passwords per second, but for this technique to be worthwhile, the malicious cyber threat actor needs the password to be easy to identify, which is why a strong password matters. The stronger the password the less likely brute forcing will be successful.

Here are a few easy steps to keep your accounts secure and increase your overall privacy.

Step 1: Generate unique passwords.

No judgment here, but do you use the same password for everything? It’s okay. It’s never too late to adopt privacy and security best practices.

Before you update your passwords, make sure to generate a strong and unique password for each account and device. Don’t know where to start? You can use the methods below to create passwords for all your devices and accounts:

  • Make a game out of it! Use dice and a word list to generate a random password. Electronic Frontier Foundation has excellent instructions and word lists to help you get started: https://www.eff.org/dice.
  • Use a password generator to create each individual password. Many passwords managers such as 1Password and LastPass offer this feature without the need to the need to create an account.

Aside from helping you generate strong passwords, a password manager helps you keep track of all your passwords as well as safely share select passwords. Last month on the Startpage blog, privacy advocate and ThinkPrivacy founder Dan Arel shared one of his favorite password managers: Keepass. To review his list of recommendations, visit ThinkPrivacy.ch.

Step 2: Update your passwords.

Don’t leave any device unturned. Update all your devices and accounts.

  • Secure your mobile device. If you don’t have a passcode, pin, or password as your first level of security, now is the time to enable this security measure. Face ID may seem like a good idea to secure your phone, but it leaves you vulnerable to forced unlocking by the simple act of waving the phone in front of your face.
  • Lockdown your laptop or desktop. Whether it’s at work or home, your computer stores a great deal of your data. Just as you want to secure your phone, you’ll want to make sure no one but you is accessing your computer files.
  • Protect your accounts. If you use a password to sign in, update it! This includes streaming services, banking accounts, email and social media accounts, and work accounts.

Install always-on privacy
Install Startpage's private search browser extension.

Step 3: Enable Two-Factor Authentication (2FA).

What happens if someone breaks into your account? If you’ve enabled two-factor authentication, they face another roadblock to getting access to your account.

Two-factor authentication is an additional layer of security that requires you to provide another form of authentication. This means that when you sign into your account with your password, you’ll be prompted to enter a code that has been sent to your phone or email, require you to answer an additional question, or authenticate via an app or trusted device.

Bonus: Risks to privacy and security.

Congratulations! We’ve covered what to do and chances are you’re improving your security just by reading this. Now, here’s what not to do:

  • If possible, don’t share your passwords with family, friends, or co-workers. One day you share your Netflix password with your sibling and before you know it, your entire family is using it.
  • Logging into accounts via Facebook and Google may take the work out of remembering login credentials, but it does so at the price of your privacy. This opens a gateway for your personal data to be shared.
  • Avoid using your browser to manage your passwords. Many browsers will allow you to sign into accounts without requiring authentication. This means if someone gets their hands on your computer, they can easily sign into any account. If you’re looking for a way to manage your passwords, consider using a password manager.

Privacy Pro Tip: Update your passwords frequently. Data breaches have all the time, leaving millions of passwords exposed. To check if your passwords have been exposed in data breaches, visit https://haveibeenpwned.com/Passwords.

 

Was this article helpful?

Go Private

Make Startpage your
default search engine

Set as default