I’m going to start our columnist-reader conversation simply, with a short but important tech practice: Password management.
Yeah, I know, that’s downright riveting. Yawn at your peril, because it’s fundamentally important to online health, safety, and sanity. My guess is, most of you haven’t stayed on top of it.
Believe it or not, even tech industry pros don’t. We all should.
Here’s a cautionary tale: In December of 2018, cyber security expert Troy Hunt found 770 million email addresses and passwords posted to a known hacker website. Worse, many of those addresses and passwords had also been involved in a separate data breach. That means that people had been hacked, knew it, and still had not changed their passwords. Duh.
First, I can’t fault anyone for making this kind of mistake, because I have. Yes, embarrassing, but true. I have been a small-business owner in the tech sector, worked for two of the largest communications companies, and currently work for a leading IT and cyber security firm. I should know better than to neglect password management, but I have.
But lucky for us, for every problem there is a solution. Well, at least this one.
Problem – Repeat passwords
We need passwords for everything, for banking, social media, medical records, to sign into devices. The more complicated they are, the harder it is to remember more than one, so some people default to using a repeat password across accounts, which is one of the worst possible mistakes to make. It’s too predictable.
There is a routine practice called “credential stuffing” where email addresses and known passwords are plugged in all over the place to see where they gain access. Our email addresses are widely known, of course, so that’s already half the equation solved. One repeated password, and you’ve just handed over the rest.
Solution – Different passwords, changed often
Simple enough. Never use the same password for more than one service, and change your passwords often. I advise setting a schedule for password changes the same way you remind yourself to change the batteries in your smoke detectors at the change of the seasons.
Problem – 17jK_7f#3b@92-!!!!
It is recommended that passwords be at least eight characters long, longer if possible. You will need to use capital letters, numbers and symbols. But each service has its own set of rules as to which characters are acceptable. This can make you want to pull out your hair.
Solution – Make sense of it
Stay away from commonplace words, because those are just too easy to figure out. So, use the numbers/symbols in place of letter. Turn the nonsense into something that makes sense. I recommend writing out a sentence and then breaking it. Come up with a phrase, say, “I like pasta.” Next, make replacements, and you get: !L1k3P@$t@. The longer and more abstract the phrase, the better.
Problem – Too many passwords
Longer, abstract passwords, changing often creates a strain on memory, and keeping paper lists isn’t a good idea.
Solution – Password managers
Store your newly created passwords in a password manager, organized and readily available. If you’re like me, your phone is never out of reach, so I recommend using an app. There are many low-cost and free options in the market. (I recommend: Sophos Mobile Security, Keeper, 1Password.) Managers give you the ability to store many passwords, and some will even prompt you to change them every 30, 60 or 90 days.
Problem – You’ve been breached
There’s little worse than getting an alert from your bank about a suspicious transaction or hearing national news about a system-wide breach. If it hasn’t happened to you yet, chances are it will.
Solution – Report it, change your security factors
If you think one or more of your accounts has been subject to a breach, I recommend immediately making the password changes above.
Next, notify the Oregon Department of Justice Consumer Protection division (www.justice.oregon.gov) and make a formal report. You can also see if your account is listed in a past or recent breach by checking the Troy Hunt online resources at www.haveibeenpwned.com.
I look forward to continuing the conversation, but for now, be careful what you click on!
Jared Swezey is Chief Technology Officer at UpTime Sciences, and advocate for technology education. He lives in Eugene.
This article first appeared in the July 2 2019 Blue Chip section of the Register Guard.