When Wired writer Mat Honan was hacked, much of his digital life was wiped out, from his address book to photos of his daughter. It’s a cautionary tale for any sole proprietor or small-business owner who uses a Google account or other cloud-based service to store critical information.
Honan says one of the lessons he learned from the experience is that he should have done a better job managing his passwords. In a chain reaction, once the hacker accessed one of Honan’s accounts, he was able to use that data to break into associated accounts.
What can you do to prevent the same thing from happening to you? Here are three tips for beefing up the security of your passwords:
1. Take advantage of two-factor authentication. Honan notes that, if he had used two-factor authentication for his Google account, his entire nightmare might never had happened. Both Google and Dropbox offer this feature, which works by requiring not just a username and password, but also a second form of proof that you’re you.
That means you must enter a secret code that the company sends you, via text message or voice call to your cell phone, anytime you log into your account from a device that you haven’t previously designated as “safe.” Of course, sometimes this extra step can be a hassle, such as if you lose your cell phone. But ultimately it provides a second layer of protection for your account(s).
2. Avoid the most common passwords. The most popular passwords, according to SplashData, include “password,” “123456,” and “superman.” Think “qazwsx” is clever? Or that substituting a zero for the letter O in “passw0rd” is enough? Think again.
SplashData compiled its list by looking at the millions of stolen passwords that have been posted online by hackers. (Note that LinkedIn, Yahoo, and other popular services have all been recently hacked and had users’ personal information exposed.) The company, which makes security and productivity apps, recommends using passwords of at least eight characters — a mix of letters, numbers, and symbols.
3. Don’t reuse the same passwords. It’s tempting to use the same password over and over again, lest you forget it. But once one account is hacked, this makes the others vulnerable, too. One option is to use a password manager, such as LastPass, which gives you one master password and allows you to access all of your accounts. The Next Web’s LifeHacks offers an introduction to using a password manager.
You can also try some memory strategies to help you create and remember strong, multiple passwords. For instance, you can keep a “base password” and then customize it for each site by adding something like “fb” for Facebook.