Passwords are a pain. And we have tons. You can manage them on a spreadsheet, use the same or similar passwords on all sites, or you can use a password manager.
The first two ways leaves yourself vulnerable. All it takes is one site to get hacked and a hacker can quickly run your username and password through multiple sites.
The best way to alleviate this risk is to use a password manager, like LastPass. It allows you to generate unique and secure passwords for each site. The current recommendation is 12 random characters (a mix of uppercase, lower case, numbers and special characters).
You’ll never need to know what these are because your master password, face, or fingerprint unlocks your library of login credentials.
You can even create unique answers to your security questions, so you don’t have to remember those either. Who remembers their favorite movie when they were 18? I change my answer depending on the day.
Password managers have a learning curve and will usually slow you down at first. But in the long run, they provide added security and good workflow (they use Face ID or fingerprints) as your navigating your sites.
Run the updates for your devices
Most companies advertise these as feature improvements. My wife sometimes thinks they’re trying to purposely slow her device down, so we’ll have to buy a new one. As tempting as that is to belief, they actual imbed security enhancements or patches for vulnerabilities in these updates.
Beware of Public Wi-Fi
The next time you’re at the coffee shop or airport, be aware what sites you’re logging into on public Wi-Fi. They’re usually not secure and someone could gain access to personal information on your computer.
It’s a good idea to wait to login to your bank or financial sites until you get home. And imagine if they found a spreadsheet full of your passwords.
You can also set up a hotspot from your mobile device and avoid the public network altogether.
Be aware of phishing emails and texts
It’s sometimes difficult to differentiate legit emails and texts from phishing. Bad actors are very creative with their schemes.
The most recent one I’ve seen is the phone bill text. You’ll receive a text that says your bill is ready or that you are owned a refund for an outage.
Never click the link.
What they are trying to do is gain access to financial information or your login credentials. A way to avoid these altogether is to never click a link (even if you’re confident it’s legit) in these messages. Instead, go directly to the app or website and login directly.
Here is a library of resources if you’d like to read more:
How to recognize and avoid phishing scams
How to protect your smartphone from getting hacked
Securely working remotely
Podcast episode on cybersecurity
Andrew Eppes, RICP®