Ten Ways to Protect Your Accounts with Strong Passwords

Recently, many of us have been receiving messages that some of our passwords have been compromised. I have written about passwords before but I want to give you another dose of rules, tools, and suggestions to keep you as digitally safe as possible. I have been sitting down with friends and relatives recently and asking them to evaluate both their passwords and how they store and create them. 

Here are some suggestions, rules, and tools:

1. Don’t use the same password for more than one login. If one of those sites has a breach, someone now has your email (or user name) and password. You can be sure they will try it on other sites! 

2. Make passwords long and complex. Use numbers, capital and small letters, and symbols (if the site allows). 

3. Do not, do not, do not, do not keep a list of your passwords on a post-it note on your computer. While a piece of paper in a file might have some degree of security and practicality there are better ways to do this. On Apple products, you can create a password protected note, which is better than having a slip in your wallet – but there are better methods. 

4. I recommend everyone use a password manager. I use 1Password, but there are many others. Apple offers Keychain built into the Apple ecosystem. The main benefit of a password manager is that it stores all your passwords securely and you don’t have to remember all of them. All you have to remember is how to get into the manager (thus the one I use is called 1Password because I only have to remember the password that lets me into my password manager). I STRONGLY suggest looking at a dedicated password manager that is not a locked note, Keychain, or the password saver built into your web browser. 

5. Another benefit of a password manager is that it can autofill your usernames and passwords when you go to a website. It will also remember your password when you use it on a new website (and even offer to create a strong and complex password for you). 

6. A side benefit of this is that, if my password manager does NOT offer me my password on a website that LOOKS LIKE it is my bank, for instances, it is a warning that I might be on a fake website and about to give away my username and password to a hacker! If my password manager doesn’t recognize the website, I need to find out why. 

7. Consider trying passkeys instead of passwords. Passkeys are when you use another device instead of a password. You might use your fingerprint or other biometrics. A website might ping your phone, watch, or other device. You can even purchase an actual digital key that plugs into your computer and lets websites know that it is really you! 

8. Many websites now use one-time password codes instead of passwords. You log in with your email and they send you a code. This is great – as long as you have control over the means of getting that code. If a hacker gets control of your email or phone number, you will be unable to receive these one-time password codes.

9. For this reason (and others), it is critical that you use secure passwords with your high-priority assets: your email account, financial institutions, any website where you have stored a credit card (Amazon), social media accounts (Facebook, Instagram, TikTok, etc), and of course, work-related websites. All of these should be protected with long, complex, and unique passwords – so long and complex that you could never ever remember them. Thus, storing them using a secure password manager would be a good idea (there is a theme here – get it?). 

10. Always, always, always take advantage of two-part authentication when it is available. This is when you get a code sent via text or email or through an authenticator app when you log on to a site for the first time on a new device or browser. This is not foolproof. If someone has your phone, they might be able to use this to reset a password. However, if you receive a message with a code when you haven’t logged in to that website, you know someone else is trying to. 

The scammers are getting more and more clever and devious, as I have written about before. We have to help each other stay safe and protected! While a warning that you have a compromised password may or may not be true, we all could improve our password security. Be safe out there! 

Reading for Treasure: Protecting Your Information and Privacy

Reading for Treasure is my list of articles (and other readings) that are worth your attention. Click here for an introduction.

Once again, here are some articles to keep you safe as you use your technology. Specifically, how to thwart being tracked or scammed by devices, websites, advertisers, and others. 

This video from CNN includes a password tip that is genius and I have never heard of before. I am not going to list it here, but listen for the word “salt” in the video: "Here's how to keep your passwords safe, according to a hacker.” 

Wired provided a simple and common sense list of “6 Things You Need to Do to Prevent Getting Hacked.” Read the article, but I’ll list them here: Use multifactor authentication, get a password manager, learn how to spot a phishing attack, update everything, encrypt everything, and wipe your digital footprint. If any of those terms are foreign to you, take it as a sign you need this article. 

A great compliment to the above article, Propublica’s article, “A Former Hacker’s Guide to Boosting Your Online Security.” provides a straight forward and simple list of ten things to preventing stolen data, identity theft, and other online hazards. Again, I’ll list them here, but read the article for more: stop reusing passwords, delete unused accounts, use multifactor authentication, manage your privacy settings, think before you click, keep your software up to date, limit what you’re sharing online, security your SIM, freeze your credit reports, and back up your data! 

Lifehacker is also a great source for digital safety. Here a short and simple article that lets you know “How to Tell Which Apps Can See Your Private iPhone Data.” It is an older article, but still worth reading. 

This somewhat scary article from The Conversation via Inverse is a good overview of how your use of technology may put your privacy at risk: “Here’s exactly how tech companies and apps conspire to track you 24/7.”

Yes, emails can snitch on you. Many emails report back to their senders if you opened them, when you opened them, and even for how long you engaged with them. Want to stop this? Read this article from Wired: “How to Tell Which Emails Quietly Track You.” If you use Apple devices, this Lifehacker article, “How to Stop Email Trackers on Your iPhone, iPad, and Mac” will help you with this issue and more. 

A new form of hacking is to use free USB charging stations. Apple Insider discusses, “What juicejacking and trustjacking are, and how to protect yourself.” The basic piece of advice here is, if your phone asks you “Do you trust this computer?” or “Allow this device to access.. and you are not connected to your home computer, say, NO! 

How many of us have lost our phones or have had our phones stolen?  We may feel safe because our phone is locked with a passcode, fingerprint, or our face. Lifehacker says, “Your iPhone Is Still Vulnerable When It Is Locked” and then helps you secure it! 

And it is worse than that: Lifehacker provides instructions on how to use screen time on the iPhone to prevent a stolen phone from becoming a stolen Apple account or worse: "How Screen Time Can Save You When Your iPhone is Stolen." 

I am currently reading The Paper Menagerie and Other Stories by Ken Liu

Reading for Treasure: Scamdemic!

Reading for Treasure is my list of articles (and other readings) that are worth your attention. Click here for an introduction!

I have written about scams before and my most recent post deals with some thinking strategies to help us sift through the overwhelming mounds of information (and disinformation) in order to evaluate them well. However, the evil fraudsters are taking advantage of the current crisis to trick people into giving away their money, information, or more; thus here are some articles to help you protect yourself and your loved ones from the evildoers who would trick you. 

CNN’s article, “6 coronavirus vaccine scams that target your money and personal information - and what to do about them” is a short and very clear listing of possible scenarios. It is worth sharing with family-  especially elders! 

Wired has a good review of “How to Avoid Phishing Emails and Scams.” I have also written about this issue, but the fraudsters are getting more and more sophisticated. I also want to note that this article recommends the use of a password manager – and so do I (see below). 

Scamming can pop up in all sorts of places. Lifehacker’s article “Beware of These Creative Online Dating Scams” reminds us that people are trying to trick you even when love is what you are searching for! 

Another way to foil scammers is to improve your security. You must have a password manager if you are going to use complex effective passwords. Since LassPass changed its options, Bitwarden is a good choice if you want a free option. Lifehacker’s article about Bitwarden is worth a read if you want to taste test a password manager: “Bitwarden is Now the Best Free Alternative to LassPass.”

One more Lifehacker article reminds us, “Don't Trust Phone Calls From 'Venmo' or Any Other Service.” When your bank, utility, or other service calls, hang up and call back using the number you would regularly use to reach them – not the number from which the possible fraudster called you! 

Google has created a new feature to help you figure out if the sources that appears in your search are credible and trustworthy. Engadget lays out how to use this feature so you can evaluate sources and be sure you are getting the best information possible: “Google search results can tell you more about a site before you visit it.”

Currently, I am rereading Foundation by Isaac Asimov

Reading For Treasure: An End of the Year Digital Grab Bag!

Reading for Treasure is my list of articles (and other readings) that are worth your attention. Click here for an introduction!

Since we are all sending so much time on our digital devices, here is a grab bag of articles to make both your online and offline life safer, healthier, and better.

If you use an iPhone, it is time to retire those old “in case of emergency” designations in favor of the phone’s built-in emergency contacts. You can make any contact an emergency contact by editing it and selecting “emergency contact.” In addition, this article from Apple World goes one step further and explains “How to Send Your Medical ID to First Responders in an iPhone Emergency Call.” During a pandemic, this seems like a feature to activate. 

Many of us are spending hours and hours on our devices. If these devices break or lose our data, we may have significant problems. That is why it is critical to back up everything – and I mean everything. Wired Magazine has a good overview of this: “How to Back Up Your Digital Life.” If your answer to “what would happen if your computer crashed?” Is that you would be up the creek, consider reading this and backing up everything! Remember, you probably want to back up your phone, too! 

Often the weakest link in your digital armor is your password. Some of us use the same password all the time. Some of our passwords are easy to guess, even if you don’t know us well. Some of us have answered quizzes or done those Facebook questionnaires and shared the answers to every possible security question with the world. The key to good passwords is making them long and complex, but that means they are difficult to remember (and to crack). The key to making long passwords usable is a good password manager. I use 1Password, but there are many to choose from. Here is an Engadget article to get help you start using one: “It’s time to start using a password manager: Here’s how”

Finally, two good pieces from one of my favorites, Lifehacker. First and most important, “Never Email Your Social Security Number, I Am Begging You.” The title says it all, but I will add this: please think of any unencrypted email (which is probably all of our emails) as a postcard, not a letter. There is no envelope and anyone on all the systems it passes through (and there are many) could look at it. 

Finally, since we are sitting in front of screens all the time, we need to protect our necks, backs, wrists, eyes, and the rest of our bodies. Lifehacker also provided a good guide to make sure that you are not making yourself sick by the way you are using your computer: “How to Ergonomically Optimize Your Workspace”

I am currently reading The Peripheral by William Gibson

Seven Simple Shortcuts I Really Use

Recently, I have seen several videos and articles on “life hacks,” quick tricks that make life a little easier. Here are seven that I actually use:

Get your lost smart phone back: If you use a pass code (as you should) to lock your smart phone, how will someone be able to return your phone to you? It is simple: put a “If lost, please call…” number on the lock screen. Of course, this number should not be the cell phone number! I use my work number. You can make this in any program and take a screen shot of it. I made mine in Word.

Get your flash drive back: I name my flash drives with my phone number. I also have an “If Found, Please Open” document on each one that lists both my email and phone number. This way, I help a good Samaritan find me without going through all the files on the drive.

Get your luggage back: In every checked (or carried-on) suitcase, I place a piece of paper at the top. If someone opens my bag, that person will see a note with my contact information and itinerary. Just to help my bag get to the correct destination, I put the airport code on a piece of tape on my luggage. My luggage is also marked with large orange H’s as well. It is very easy to spot and cannot be mistaken for someone else’s bag.

Stop annoying cell phone calls: My default ringtone on my smart phone is silent. I assign individual ringtones to my family and close friends who call frequently. I have a standard ringtone I assign to most other numbers. However, if I get a call from an unknown number or someone who has never called before, the phone doesn’t ring at all. I don’t even notice spam calls- and when I see I’ve missed an unknown call, I block that number.

Easy closet origination that shows you which clothes you really wear: When I put my laundry back in the closet, I put the hanger in backwards. This way, it is obvious which clothes I have worn recently. Each summer, I take out the items that are still hung on forward facing hangers. These are the clothes to give away because I have not worn them since my last closet clean out.

Thin your wallet and have more at your fingertips: Rather than stuffing my wallet full of loyalty, insurance, and other cards, I photograph or scan them and keep them in my smart phone. Yes, there are apps that do this, but this is far more simple. Most of these cards I use infrequently. Rather than having them make my wallet bulky, I create a photo album and store them there.

Good passwords you can remember: I have two types of passwords: those I need to have in my head and all the others. I let my password manager program (I use 1Password) create long and random passwords for any websites that I use only on my home computer. For the rest, I recommend creating a long and unique password using the first letters (or suitable replacements) for a phrase you know well. So, if I was going to use Hamlet’s famous speech, my password might be: 2BoN2b-TiT? I alternate capitals and replace words with numbers or symbols when I can. I often insert a special character somewhere in the password as well. I can remember this password and it is going to be much more difficult for someone to hack.

Do you have similar little life hack shortcuts? Post them in the comments!

Prevent the Hack Attack!

Been hacked lately? Received an email containing a strange link? Seen people tagged as shoes on Facebook? Friends stuck in a foreign country and need money? If you don’t take precautions, your accounts could be hacked.

Everyday, people lose control of important online accounts. There are three simple ways to prevent this: better passwords, a password manager, and a security system called two part authentication.

Better Passwords: The first step is to make your passwords harder to crack. Don’t make your password a simple word or phrase; the longer the password, the better; include numbers, capital letters, and punctuation marks; don’t use the same password for everything.

One way to make a stronger password is to base it on a phrase. For example, the first few lines of Browning’s famous poem:

“How do I love thee? Let me count the ways.
I love thee to the depth and breadth and height
My soul can reach,”

This can turn into a password by using the first letters of each word (or some version of them): “HdIlt?Lm123tw.Ilt2td&hMscr,”.

This is a much better password than any single or combination of words –and I will be able to remember it!

Password Managers: Remembering passwords is difficult, but there is a good tool to help you: a password manager program. These programs store all of your passwords securely. Instead of a list of your passwords in a text file or on a scrawled piece hidden under your keyboard, these programs collect and enter passwords in your browser, and even help you to create more complex passwords. So my password can be “eKHnqjnqJCL98bUwrF” because I don’t need to remember it. When I need to use it, my password manager will fill it in for me. I only need to remember the password to that program! I only need one password!

Two popular password manager programs are LassPass and 1Password. Both offer apps for your phones so you can have your passwords in your pocket.

Two Part Authentication: Beyond making your password more secure, the other precaution you should consider is two-part authentication. Two part authentication means that your password is only one part of logging into a site like Facebook, Google, or iCloud. The second part is a code sent to your phone.

Yes, this means revealing your cell phone number. While that may make you nervous, I have not encountered any problems with it and the benefit is additional online security.

After signing up for two-part authentication, the first time you sign back on to your account, you will be asked for your password. After you put it in, a code will be sent to your phone. After you enter the code, you will have access to your account. You don’t need to do this every time you log on. You can indicate that you want to authorize a computer and the system will remember it. However, when you are logging on using a friend’s machine or any other “foreign” computer, you do not click that box, and even if someone gets your password, your account is still safe.

In order to log into your account, a hacker needs your password and the code sent to your phone. A person might hack your password, but will not have your phone. If a hacker is trying to get into your account, you will get a text message with a code. Didn’t request one? You know what is going on: change that password, and stay ahead of the hacker!

Here are links that show you how to set up two-part authentication for Facebook, Google, and iCloud.

Better passwords and two-part authentication will make your accounts less vulnerable to hackers. They are not perfect of fool proof, but why not put secure locks on your valuables?