Last year I attended a private security conference where some of the most senior and influential professionals in cyber security shared their insights on the state of global cyber security. One of my favorites presenters there was Chris Roberts. He was a brash, outspoken Scotsman in a bright plaid kilt and his long green hair in a ponytail (yes, that’s exactly what I said – an outspoken Scotsman). We eventually came around to the question of what he thought was the biggest single security weakness in the world of computer technology or information technology. Without any hesitation… and with more than a little frustration in his voice… he said: “weak passwords!”
Our passwords are often the only gatekeeper protecting our Facebook accounts, our tax accounts, our email accounts and even our banking accounts. So here is my short, no-nonsense advice about what you (and frankly everyone) need to do about creating and managing passwords. Follow these tips, and you’ll never have to worry about anyone getting and abusing your information or your money.
1.Use a strong password for everything.
Strong passwords are easier than ever. The people who first came up with the idea of using password security on computers decades ago now realize that passwords don’t have to be super complicated – they just have to be long. For example, a password like “The flowers in my garden are beautiful.” is much harder for bad guys to break than a password like “0bZ529qw!”. The first one is also much easier to remember, isn’t it?
Here’s what you should do…
- If you are being a super-cool Grandma and using online banking or mobile phone banking but you are using the same password for them as for other things like your Netflix account, change you banking password right away! Think of a phrase you’ll remember easily (but not one associated with family names, favorite quotes or that kind of thing).
- You should also set a strong password to get into your computer. It’s really easy to change it for either a Windows PC or an Apple Mac.
- It’s OK to write it down AS LONG AS you don’t identify what it’s for and you never put it near your phone or computer or in your purse. Hide it in a sock drawer if you like but don’t tell anyone else about that – even me or others in the family! This is only for you and only in case the password does slip your mind.
- Over time, as you change your passwords on your other accounts, make sure each of them is unique and strong. A simple way to do that is to just look around where you happen to be or look out the window. Make up a phrase of what you saw or what you thought at that moment like “Is that a squirrel eating from my bird-feeder?” (In my case, the answer is yes. We have a very fat and happy squirrel here, but that’s a story for another day). This passphrase is 47 characters long; it could not be broken by a modern-day password cracking system within my lifetime.
2. Install a Password Keeper on your phone
A password keeper is a like a secret diary where you can write down all your passwords (and it’s safer than writing passwords down on paper, even if you hide it away from your computer). Using a password keep also allows you to use different passwords for everything, and never lose or forget any of them since they are kept safely inside your phone.
Here’s what you should do…
- Install a password keeper onto your phone. Here is an article to some of the best secure password keepers, as reviewed by PC Magazine in November 2018. If you want to save time, here are their top two picks:
- Keeper Password Manager & Digital Vault (reviewed here). A license costs $34/year CAD and covers all your devices.
- Install the same password keeper onto your phone, tablet and laptop (or PC). The license for most of these programs (just like Keeper and Dashlane above) covers all your devices and comes with a simple way to synchronize them. That way, if you enter a new password on one, it’s securely copied to the same program on your other devices.
3. If your phone, tablet or computer comes with Fingerprint ID features – use them.
This is one of the best things about mobile phones, tablets and laptops in the last few years – there is a little pad or button on them that can scan your fingerprint, just like in all the James Bond movies. You can teach your computer to recognize your finger prints and then after that you can use either your strong password OR your finger to unlock your computer. Best of all, your fingerprint information will never leave your device (so a thief on the Internet will not be able to get a “copy” of your fingerprints or anything). It also ensures you will never get locked out of your phone or computer. (And you don’t worry – nobody is going to take a finger just to get into your phone. That only happens in the movies.)
Here’s what you should do…
- For your Android phone or Android Tablet look to setup your fingerprint authentication.
- For your Apple iPhone or iPad, look here for do-it-yourself instructions or just ask for help at an Apple store. Best to call them first and make an appointment.
- Similarly, for Mac computers, look here for do-it-yourself instructions or ask for help at the Apple Store. Again, best to call them first and make an appointment.
- For your Windows 10 laptop or tablet, you can follow the instructions here.
In addition to the above instructions and advice, you can also take your device back to the store where you bought it to obtain help in setting up fingerprint ID. Stores are usually good about this kind of basic service.
4. Never, and I mean never, give your password to anyone – no matter how nice they seem.
Cool Grandma Tips
Bad guys don’t guess at passwords. When they get a hold of lists of names, email addresses and encoded passwords from a breach (think of Marriott, Panera, Facebook, etc.) they feed those lists into programs called password crackers. These programs try to guess at the passwords of everyone on the list, so the hackers can then try those passwords to get into people’s work, their bank accounts, pretty much anything that will help the bad guys get money.
The good news for them is that most people use the same weak, short passwords as millions of other people all over the planet. The problem is so common that there are now lists of the worst, most often used password on the Internet. So for this Cool Grandma Tip, here is a countdown of the 25 worst, mostly commonly used and most easily cracked passwords on the Internet as compiled by password management and research company SplashData. You should sit down before you read this, or you may fall down laughing. After you read this, make sure you never use any of these passwords for anything.
And finally, at #1, the worst, most unsafe, most common and most easily guessed password on the entire Internet…