Online Account & Password Security

Using online account security best practices will minimize the likelihood of problems in the future. Here is my advice.

(1) Make a commitment to online security, including the use of strong passwords, and other best practices, to keep your website and other online accounts secure. Think of it as a smart investment.

(2) The small amount of time you spend on the “front end” of account and password security will pay off in the future. Online account and password security best practices will dramatically reduce the likelihood an account and password being compromised.

(3) Need another reason to practice good online account and password security? It can take hours, or days, to recover from an account/password compromise. It can also cost you a lot of money if your bank account is hacked into or your website is taken over by a hacker in some coffee shop in the Ukraine.

(4) These days it’s fairly easy for sophisticated hackers to build very powerful password cracking tools that can try tens of millions of possible password combinations in only a minute or two (or less!). Each character you add to a password or passphrase makes it much harder for hackers to compromise an online account.

(5) Although it is often more convenient, it is a best practice to avoid using the same password across different online accounts. If one of your online account providers is hacked, and your password with them compromised, and you use that same password everywhere, you have significantly increased the risk of other accounts being compromised.

(6) Never use the password you’ve picked for your email account or bank accounts at any online site: If you do, and an e-commerce site you are registered at gets hacked, there’s a good chance someone can more easily hack into your email or bank account.

(7) There are many online services that can help you manage your online accounts and safeguard passwords, including LastPass, DashLane, and 1Password. Each stores account logins and passwords in the cloud and provides security using a master password.
(8) If putting all of your passwords online and “in the cloud” makes you uncomfortable, another option is using a local password storage program on your computer, such as Roboform, PasswordSafe or Keepass.

(9) Avoid Yahoo! accounts. Millions of accounts at Yahoo! were compromised and Yahoo! didn’t tell anyone for years! Recommendation: Switch to Gmail. For added email security at Gmail turn on and use the Google 2-Step verification option.

(10) Learn more about Google’s 2-Step account verification and turn it on for your Gmail account at: https://www.google.com/landing/2step/#tab=how-it-works

(11) Avoid easy to guess passwords like your last name, city where you live, pet’s names, kids names, and simple keyboard combinations like “qwerty” and “asdzxc” and “123456.” It should go without saying to never use the word “password” as a password.

(12) Don’t store a list of passwords on or near your computer.

(13) Create unique “STRONG” passwords that are a minimum of eight characters and use a combination of words, numbers, symbols, and both upper- and lower-case letters. Many security experts now recommend passwords that are at least ten characters.

(14) Ideally, you should change your passwords every six months, particularly with more sensitive accounts like at banks and credit cards. There are many reasons to do this. Passwords are often stolen without the knowledge of the victim, and stolen passwords are not always used immediately.

(15) Good “local” virus and malware protection on your personal computer is also an online security best practice. Programs like AVG, Windows Defender, Symantec, McAfee, and Norton offer very good client-side protection. When property configured, they can protect you against keyboard logging viruses installed by “drive by” malware at websites you’ve visited. Keyboard loggers track every keyboard stroke you make on a computer and quietly in the background send it back to hackers.