- Your passwords are too simple and too short.
- You reuse your passwords in too many places.
- Your system of writing them down is risky.
- Your system isn't convenient enough so you use shortcuts.
So here is the problem: Some of your passwords are already out there in hackers' databases, and they are testing them against many common websites. They don't have to use massive computing systems to guess at millions of character combinations per second anymore. There are so many breaches of corporate systems the hackers have databases of millions and millions of emails and passwords at their disposal. It's just a game of guessing which password goes with which website.
What You Are Doing Wrong
If you are still memorizing your passwords then you don't have enough of them. In other words, in this day and age everywhere we go online requires a login. We have dozens and dozens, possibly hundreds of websites to manage. You just can't remember that many.
That means you are reusing them. Or possibly you have a system of having a password base with a part that changes with each website. Like "mybasepwd+eby" for your eBay login and "mybasepwd+amz" for your Amazon login. The problem is if one part is common and a hacker successfully gets one of your passwords it simplifies the guessing they have to do for the rest of your passwords.
And how are you tracking them all? Writing them down on paper? Paper is sooooo 20th century! So what do you do when you are downstairs and your notebook is upstairs? Or sitting at the doctor's office browsing on your phone? Home vs. office? Oh, you have a spreadsheet on Dropbox? Dropbox has already been hacked!!
So you can't reuse your passwords because too many websites have been hacked and they can get into other websites you use, and there are too many passwords to remember and your system is either not complex enough or too cumbersome. And your method of collecting them and writing them down isn't convenient or if it is convenient then it is easy to compromise and all your passwords are gone!
What You Should Be Doing
The obvious solution (!) is to use a modern application designed just for this purpose. There are dozens of competent applications that have stood the test of time.
Think of all the corporations and websites and famous people that have been hacked over the years - how many password systems have been hacked?? Hmmmmmm? Can't think of any? You would think that would be big news!
And here is the epiphany I had a few years ago - if my password manager automatically saves a password when I log into a new website, and then automatically logs me in when I go back there - why do I care what the password is?? I don't see it anymore. So that means my passwords can be 20 or 30 random characters. Here is one of my passwords now: 9jSm5!qG!9Swl&F1W6#TfgFtLe97a
Take The Next Step
So for goodness sake, this is 2018 now, get a password manager, ANY password manager! Experiment with it. Read some reviews, watch a few YouTubes, install one or a couple of them, play with it, practice on half a dozen basic websites you don't care about that much (Craigslist, Flipboard, some news sites, etc.).
Or read my other blog posts about the application I have used for over 6 years now with almost 500 logins or websites in it.
Stay safe out there!
Jerry
PS. How to see if your email or passwords are already out there
Check out haveibeenpwned.com and breachalarm.com.
No comments:
Post a Comment