We live in a digital world. It’s huge, it’s powerful, and it can be a bit scary when you think about how much of our personal information lives on the internet. Have you ever thought what could happen if someone gained access to it?
With all the recent news about hacking and private data being leaked, I want to take a moment to talk about account credentials and how to keep them secure. To make it easier, I put together this short list of issues and recommendations on how to prevent them.
You’ve seen the notifications telling you that your password isn’t strong enough, or that you need to have a number, a letter, a symbol and so on for your password to be accepted. This is because hackers sometimes use a method called brute-force to try and guess your passwords. However, unlike in Hollywood where they try randomly testing your family members’ birthdays or pets’ names, they will use the power of computers. Computers can run thousands of functions in seconds, which means they can guess many potential passwords in a very short amount of time.
Want to know how long it would take a computer to crack your password? Try running it through this tool: https://howsecureismypassword.net/
There is no sure-fire way to make your password safe from brute-force, but for example, most of my passwords are around 20 characters long, all randomly generated, and include lowercase, uppercase, numbers, and special characters. According to the test, a password like this would take a computer 43 QUINTILLION YEARS to crack, and I never use the same password on more than one website.
You’re probably wondering how I manage to remember hundreds of these crazy passwords. I don’t. I (and the entire Visceral team) use LastPass to manage all passwords, and I highly recommend you do the same. With LastPass, you get the following benefits:
- One place to keep track of all your super secure passwords
- Auto-filling for your passwords on any site (You don’t even have to copy and paste)
- A super secure password generator
- The ability to securely share passwords with other users
I should point out that you still have to log in to LastPass, and you want to make sure that password is extremely secure. The good news is that you only have to remember one. They offer free plans for individuals and premium plans if you need it for a team.
Sending login information between team members is a necessity, but it can also pose a huge security risk. Email can be a very insecure means of communication, but it remains one of the main ways passwords are shared.
To give you a better idea, sending sensitive data through email is like sending $50 through the post service. There is a good chance that no one knows you are sending cash, and it will get to the recipient just fine. However, if someone wanted to, they could look in your mail box or the recipient’s mail box, open your letter, and take the cash.
Back to the email example, it’s possible for hackers to monitor the data being passed over the internet by you or an email recipient. So unless you regularly encrypt your emails, they would be able to read the information.
A step up is to send your parts of your credentials over different channels (ie. email, text message, phone call, instant messenger, etc.). This way, even if part of the information is intercepted, a hacker would not have all the pieces to gain access.
This is better, but we can take it even further (without being too inconvenient). There are some very nice tools out there to securely share information with others:
- One Time – Let’s you create and share encrypted notes that can only be viewed once. After the first view, they are destroyed.
- Noteshred – Allows you to create, manage, and share many encrypted notes. Requires you to create an account.
- LastPass – Also let’s you create and share credentials either within a team (premium) or with other users. Requires you and the recipient to have an account.
- Keybase – A messaging app where you can connect and communicate with any other member, and all communication is encrypted.
- Firefox Send – A service that will let you send encrypted files that people can download with a handy link. The links expire in 24 hours.
The bottom line: Don’t send sensitive information as plain text over email. Encrypt it first, then share it.
The last thing I want to touch on is best practices for browsing the internet. If you are sharing sensitive information anywhere online, you should make sure that the domain is secure. The easiest way to tell is by looking at the URL and making sure it starts with https (note the ‘s’). There should also be a little green lock or shield which denotes a secure connection.
The reason this is important is because it means that an SSL certificate is installed. An SSL certificate basically ensures that the domain is actually who they say they are, and that all the data being passed between your browser and the server is encrypted. For a more in depth look at what I mean, check out this article.
You should also make a habit of double-checking that you are on the correct URL that you intended to be on. I say this because some hackers use a technique called phishing where they create a fake website to trick you into handing them your credentials.
It would be like a stranger wearing a suit and a badge, looking very official, saying they are an IRS agent and demanding payment. Most people may not fall for it, but others might.
How it works on the internet is you might see a page that looks exactly like the Google login screen but is actually at a URL like goolge.com. If you aren’t careful, you may mistake this URL for a real Google page and input your username and password without thinking twice. With that, you are basically handing over your logins.
I’m not trying to scare anyone with this post, but it is very important to follow these best practices to keep yourself safe online:
- Take your passwords seriously and make sure they are not easy to crack. If you have a lot of passwords, use a password manager to keep track of them.
- Only share credentials with people you trust. If you can avoid using emails, do so, and try to encrypt them.
- When inputting information online, double-check the domain URL. If it is not a secure (https) connection or you don’t recognize the URL, don’t use it.