Four Realistic Steps for Increasing Your Online Security

I have some tips for improving your password practice, even if you are dealing with LastPass’s recent vaulting breach. You must realize that perfection is not possible. Your goal should be to make a small improvement in today’s dumb password reality.

Also, I want you to remember this long-term mission. Passwords must go.

There is hope. Popular iPhones, Android phones, as well as web browsers, have integrated technology that makes it possible to securely access online accounts without entering a password. Instead, your phone, fingerprint, or face are proof that it’s you.

For a long time technologists have promised a passwordless future. This is unlikely to happen soon. However, we must bypass the password.

If you do just one of these steps, you will be a security superstar.

Longer password phrases are better than shorter passwords

You should choose at least 16 characters to create the best password. Hackers will take longer to crack your password if you have more characters. You don’t need to worry about symbols, capital letters, or numbers.

Many security experts recommend using memorable phrases for passwords, but with a twist. If you like nursery rhymes, try the password, “L1ttleMi$sMuffetSatOnATuffet” with a number and a symbol replaced by two letters. Or you can combine four words to make nonsense such as “TumblerElbow @MerinoWoodpecker”.

Due to the requirements of these passphrases, not all online accounts allow you to set them up Old government security guidelines.

You are set up for failure. you knowIt is not acceptable to create easy-to-guess passwords such as “RedSox04” and to reuse passwords across multiple websites. No one is able to create and remember unique passwords for all our accounts.

Prioritize your accounts by using strong passwords or passphrases to protect financial accounts, email, and password managers. (More on her later.)

Two-step authentication for your most important accounts is an option

Adding a second step to signing in to your accounts—such as a one-time code sent to you—protects you in case scammers steal your password or you’re tricked into handing it over.

This is a common security tip that most people ignore. Don’t feel guilty. It is not easy and not all online accounts support two-factor authentication. (this siteIt allows you to search for apps and websites you use. Two-step authentication is an essential aid in a broken password system.

You can also add a second step to log into your important accounts, such as your bank accounts, email, and social media accounts, if it is manageable.

It is safer to use a dedicated one time code app such as Authy, Microsoft Authenticator or Google Authenticator than to receive codes via text. However, don’t be upset about the two-factor authentication process.

If you can, use a password management program

My colleagues have recommended password managers over and over. 1Password and Dashlane create strong passwords for each account, store them securely, then automatically fill them in when they’re accessed via apps and websites.

These services save one password to your password vault and save the rest.

Password managers aren’t foolproof. I prefer to clean the bathtub rather than fill it with water. It’s also a smart investment in your online safety.

I’ve used Dashlane for years, and while it’s not cheap—I pay about $65 a year—I find it greatly improves my online experience and is well worth the peace of mind.

To save my Dashlane password, I have written it down on two sheets. One I keep in my desk drawer, and one I keep in the pocket of my wallet.

What if a thief takes my wallet and gets access to all my passwords. There is no risk, but the passwords I use are probably more secure than those of most people. Don’t let perfection become the enemy of good.

Continue reading Tips on how to get started with a password managerAlternate options include writing down all your passwords in an organized notebook. It’s okay! (Some of this advice may be old, but the basics are still valid.)

LastPass, the most popular password management service, recently released the following: Alarming security breach.

According to the company, hackers had stolen passwords and usernames. LastPass informed customers that they were likely safe because passwords and basic information was misaligned, making it difficult for scammers understand what they had stolen.

Chester Wisniewski (an internet security researcher at Sophos) told me there were so much red flags about LastPass that he recommends users consider switching to another.

Wisniewski stated that he is confident in 1Password and Bitwarden password managers. These companies offer the ability to transfer passwords from LastPass.

I asked LastPass representatives for their advice. They referred to the last company. blog post.

Wisniewski said that LastPass might still be a good choice for you. An alternative that is less secure is to use your child’s name as a password for accounts is LastPass.

The future you desire: without passwords

Did I mention that the password system insecure and stupid is insecure? There’s nothing you can do to protect your self in this system. yes?

Here is where things get optimistic.

Some companies, such as Microsoft, Best Buy and PayPal, now allow you to set up an account without entering a password.

This is not a new concept. Some apps ask you if you want to sign in with just your thumbprint or face scan — but you still have a password somewhere. Imagine that you can only log in to your accounts using your phone, other devices, your thumbprint or a facial scan.

This passwordless system, also known as a “passkey” in the tech industry, is not as secure or easy as it should be. You are about to be equipped.

Passwords will be with you for years. Even if we abandon the stupid password system, it is difficult to change. Security experts believe that this year and 2024 will offer more options for accessing online accounts. Instead of using a password, you can verify your identity using a phone or another device.

“The hack moment is here,” said Sam Srinivas, a Google executive who oversees online security and passkey projects.

Srinivas and other security professionals told me that standard encryption is more secure than current password systems. If there are no passwords, hackers cannot steal passwords or guess them. It’s even easier to access your accounts using your phone, finger or face.

Microsoft has made it possible for people to access Outlook email accounts for about a year. without a password. According to the company, about half a billion people have chosen not to use their Microsoft accounts passwords and signed in another way.

Microsoft passwordless login was not perfect, I will admit. baby steps If your accounts offer the option to sign in with a passkey (passwordless login), you should definitely consider it.

When I hear that magic technology can fix it, I often roll my eyes. Technology is in decline. In this case, the passkey might be the magic bullet.

With the stupid password system we have, you can make yourself safer. But it is better to end the tyranny that passwords have on you.

After speaking with online security experts, I realized that I could make some adjustments to my password practices.

Dashlane has allowed me to create longer passwords on my Google account and for my financial accounts. I also replaced my 10-character Dashlane passphrase with a 20 character passphrase of four words, strung together.

I have known for a while that I needed to create stronger passwords for Dashlane. I didn’t. Give yourself a break. Everyone can benefit from simple security improvements, and it’s never too early to get started.

Be proud of your one small win! Tell us aboutYour favorite tech tip, gadget, or app that made your life easier. Your tip may be featured in a future issue of The Tech Friend.