We have discussed the importance of using strong passwords, and different ones for each important website and internet service you, use many times before.
Because remembering multiple truly strong passwords is all but impossible, our most important advice is to use a password manager (and we recommend KeePass in particular because it free and completely open source).
If for any reason (although we can’t think of a good one) you prefer to keep passwords in your head, our Ultimate Guide offers some ideas on making them somewhat more secure than the internet’s number one password disaster -123456 – but really, you should be using a password manager!
Assuming you are using KeePass (or a similar commercial alternative), there is a little regimen you can perform to ensure that your security is tightened up, and that all passwords are up to scratch.
1. Audit your passwords
Once you have imported all your existing passwords into KeePass (etc.), go through them one by one and:
- identify and change re-used passwords – if a hacker obtains a password for one website, he/she will be able to access all websites where you have used the same password – this is an absolute gift for hackers
- identify and change weak passwords – hackers will of course go through passwords such as Admin, password, letmein, etc. like a knife through butter, but a determined hacker can also make a good guess at passwords that use your children or pet’s name, your favourite ice-cream, or any other thing that can be discovered or just plain guessed at.
Ideally, you should let KeePass generate a properly secure password using random letters, capitals, numbers, and symbols.
2. Remove passwords from your email account
It is common (and bad!) practice for websites and internet services to send passwords by email, which is convenient but wildly unsecure. Not only are these passwords often sent in unencrypted cleartext and therefore vulnerable to interception anywhere along their route through the internet, but it means if a hacker compromises your email account then he/she will have access to a treasure-trove of your passwords.
You should therefore search all your emails using search terms such as ‘password’, ‘login’ and ‘account details’, and delete all the results. Ideally you should also change all the found passwords too (using KeePass to generate secure new ones).
3. Turn on 2-factor authentication for critical accounts
While you probably don’t want any of your accounts hacked, there are some that you really don’t want hacked – such as your email, bank, and eBay accounts. For these it is a very good idea to turn on 2-factor verification (2FA), where your identity is verified with a code sent to your phone ( combining ‘something you know’ i.e. your username / password, with ‘something you have’ i.e. your phone). We have a guide on how to do this for Gmail.
The main problem with 2FA relates to VPN users who regularly switch VPN servers to alter their apparent geographic location. This tends to throw 2FA systems into a bit of a panic, causing them to require a new phone code every time you log in, which is a bit of a pain…
Password Security Conclusion
Switching to using a password manager such as KeePass is one of the biggest steps you can take towards improving your online security, and by taking the time to perform these simple additional housekeeping tasks, you can maximise your security gains.