Blog

Your Passwords Probably Suck.

DNews has a great video on how hackers gain access to passwords in ways other than social engineering, which was the method that gave bad actors unwanted access to the email accounts of John Podesta, Colin Powell and the DNC.

As someone who deals with passwords created by users of varying comfort levels with technology on a day-to-day basis as their job, it amazes me how horrible everyone is at password creation and management. Unfortunately, the odds are pretty good that your passwords aren’t great, either. If you’d like to improve on that — and I see no reason why you wouldn’t, unless you’re a crazy-person — here’s some things you can do.

Use Two-Factor Authentication When It’s Available

Two-factor authentication can sound overly-technical and a little scary, but it’s (a) really easy and (b) the best thing you can do to make your accounts more secure right now. All “two-factor authentication” means is that logging into your account requires:

  1. Information that you know, which is your password

  2. Something that you physically have on you, which is generally your cell phone

The service can then either send you a text message with a code to put in to prove that it’s you or, if you want to get fancy, you can use one of the dozens of authentication apps on the assorted app stores to generate the code for you. Lifehacker has a great tutorial on enabling two-factor authentication here, and you can get a pretty comprehensive list of sites that support two-factor authentication on TwoFactorAuth.org.

Use a Password Manager to Generate and Remember Passwords for You

The next thing I recommend to people is to use a password manager program to generate and remember your passwords for you. Some of these programs also let you use them to generate two-factor authentication codes, which can save you the headache of having to open two different programs to log in to see what stupid nonsense your uncle has posted on Facebook this time.

I personally use 1Password by AgileBits, but other options like Dashlane and LastPass are great, too. Lifehacker published a comparison of five different password managers last year, so you can take a look at that and decide for yourself which one best suits your needs and budget.

Don’t Overwhelm Yourself With Insanely Difficult to Remember Passwords

If you don’t want to use a password manager and want to commit your passwords to memory, remember that difficult to remember doesn’t necessarily equate to difficult to guess.

XKCD: Password Strentgh
From XKCD.com

While I don’t necessarily recommend this method, it’s still better than coming up with passwords that are so difficult to remember that you become frustrated and reset your passwords to all being the same thing again.


So there you have it: a few easy ways to make your online accounts more secure, which will hopefully reduce your existential dread at having your accounts stolen or, worse, giving someone a chance to find out what you have in your Netflix queue. Relatedly, if you’d like to find out what the most common passwords of 2016 were, you can find out in this BGR article.

Source: Lifehacker