How to tighten up account security
This week we were contacted by a new customer whose primary email address had been compromised.
The hacker went through their address book and sent fraudulent emails to all of their contacts, causing confusion and getting their account blacklisted for spamming in the process.
We’ve addressed their issue now, but stories like this hammer home how important it is to have strong passwords in place. Here are a few things you can do to keep your accounts safe.
1. Make sure your passwords are memorable
This isn’t going to be a list of how many capital letters and symbols you need in a password, but before we get into the more technical tips, it’s important to point out that one of the most important aspects of a good password is one that you’ll be able to remember.
There’s no point in locking an account down so tightly that you can’t get into it yourself!
2. Consider enabling Multi-Factor Authentication (2FA) for accounts that support this feature
2FA is an extra layer of security when you try to sign in to an account.
You will need to register a phone number, email address or code-generating app against your account.
When you try to log in, a code will be sent to your device, and without this, you will not be able to log in. This means that without access to your phone or authentication device, a hacker won’t be able to log in with your password.
For more details about enabling Multi-Factor Authentication, please check out our article: Set up 2FA for an office 365 account.
Enabling 2FA can be a bit fiddly and does vary between software vendors. You can usually ask them for help though, or if you’re struggling contact us and we can advise further.
3. Consider using passphrases.
Most of my passwords are simple sentences that are easy to remember. For example, an old Netflix password of mine was: Y0ur Exclusives Are Bad!
That’s 24 characters long, contains a number and 4 symbols. According to a password reviewer, cracking it would take 15 million years!
We have some more advice on what makes a good password here.
4. Don’t use the same password for multiple accounts.
We’re all guilty of ignoring this one once or twice.
Given that these days you need a new account for everything from booking a doctor’s appointment to checking your bank account, you’re right to question how anyone is meant to remember separate passwords for all of them (don’t worry, I’ll get to a solution for that problem).
Why is this so important? It only takes one of your accounts to be compromised, and hackers will likely try that password on as many different systems as they can think of.
This one affected me a few years ago. After hackers breached Sony’s PSN, 77 Million user accounts including passwords were leaked.
I spent the next 3 days resetting nearly 300 passwords.
I hasten to add that as a professional, I’ve never used duplicate passwords for corporate or customer-related accounts, but seriously… Don’t make the same mistake I did!
5. Can you write your password down?
This is highly debatable. Personally I’m all for writing down passwords, as long as you keep the paper as safe as you would the passwords on it.
In the past, I’ve suggested keeping written passwords you rarely use in a locked container and concealing ones you use frequently where no-one is likely to look for them.
With the latter, I wouldn’t advise you to write down which accounts the passwords are for, just in case the list is found.
I used to keep my most complicated passwords on a scrap of paper stuffed between my smartphone and the case I bought for it until I had a better idea…
6. Use a password manager app.
Why not store passwords on the phone itself!
There are plenty of free and powerful password management apps that you can install on a smartphone or computer.
The best ones encrypt your passwords behind a single account and many even connect straight into your browser and enter the passwords for you when you need them.
When I need to remember a password, I sign in to my password manager account, and their browser app auto-completes login / password fields for me.
If I need to create a new account, it can generate a password for me and save the new details to the password manager.
When I’m away from my computer, I can log in to my account from a site, or I can use the app on my phone and access all of my passwords with a fingerprint scan.
If you’re going to use a password manager, we’d strongly recommend you pick one that supports Multi-Factor Authentication… Most of them do.
I’m using LastPass at the moment, but there are many of them out there.
Afterword
It goes without saying, but in addition to all of the above, we strongly recommend investing in a Security / Anti-Malware system to secure your systems and critical data.
If you’re interested in some guidance with selecting an industry-leading security system, we’d love to hear from you.
Need any help?
I hope this article on how do I improve my online security is of use. If you’d like to discuss any of the points raised, we’d love to hear from you – leave us a comment below.
Or if you need anything specific, we’d be happy to help with some free advice. Give us a call on 01992 466877 or send us a message
