In today’s world where you use the Internet every day for many different purposes, you end up using dozens or hundreds of different websites where you need to register an online account to properly use it: forums, online course platforms, email providers, social media, online banking and so on. You will need an email and a password for each online account.
Photo by Mackenzie Marco on Unsplash
Often what you end up doing, however, is that you think of a few passwords (or even just one), and then you re-use them on many different sites. But this is a dangerous practice because when attackers breach the security of one particular website, and your password gets exposed, they will be able to use it to access many other online accounts where you kept using the same password.
To keep these online accounts safe from malicious attackers, you need to:
- Use a different password for each online account
- Use strong passwords
- Use two-factor authentication on accounts where it is available
You need many different passwords
If you come up with a new and different password for each of your online accounts, then how do you remember all of them? A password manager comes to the rescue. It will not only save all your passwords for your online accounts, but it will also automatically generate new and strong passwords for you when you register a new account. So you don’t have to wrack your brain about coming up with them.
My choice of a password manager for this is LastPass. There are other good options out there, but this is what I have been personally using for years now, and I am happy with it. It will run in any popular browser you are using on your computer and also on your smartphone as an app, so you always have access to it. And you can get started with it for free. In addition to storing credentials, you can also save all kinds of Secure Notes onto LastPass, for example, credit card PINs, bank account numbers, WI-FI passwords, or anything else valuable but private, that you would like to remember.
You need to remember a few strong passwords
Your password manager will remember the password for all your online accounts, but you need to remember the master password of your password manager itself. And this needs to be a strong password. However, strong passwords are generally hard to remember because they need to be lengthy first and foremost.
What I recommend is that you come up with a long, full sentence that is meaningful to you so that you can remember it. And ideally, have at least one number as well in it. Then write that without any spaces. You can find a more in-depth article with some good ideas on how to create a strong password at HowToGeek
In addition to the password for LastPass, I would also recommend that you similarly remember a strong password for your primary email account (even though that will be in LastPass as well). Because through your email, you can restore access to any other online account that you need, but it’s more problematic if you lose access to your email account as well because you can’t get into LastPass. Access to your email will also help you to regain access to LastPass if you forget the master password. And the vice versa is true as well. So it’s a bit of a safety measure, you rely on two strong passwords, not just one.
How to migrate your existing credentials
Once you have LastPass up and running, any new online account registrations will be saved there with a strong and unique password. But what about all your existing online accounts?
Whenever you log in to an account for the first time, LastPass will ask if you want to save those credentials. Choose yes. Then once you have collected most of your accounts in LastPass, you can go through them and change the password for each to a newly generated, strong password. Or even go ahead and change it when you need to use it for the first time from now on. There is also a Security Challenge feature which checks your existing saved passwords and warns you about any duplicates and other issues. Once you resolve all of them, you should be in an excellent position.
Use two-factor authentication
For really important and highly used online accounts, like Google, Facebook, Twitter, online banking, there are options for setting up two-factor authentication, and they even highly recommend it, or it’s mandatory (especially for banking). In addition to your username and password, there will be another check required to log in to your account. It could be a code sent to your mobile phone as SMS, or it could be a code from a mobile authentication application. On each of these online accounts, there are specific instructions on how to actually set this up and I highly encourage you to avoid skipping this step.
With all of the above sorted out, you have taken a great leap towards securing your online presence. There is a lot more to online security than this, but this is a fundamental and crucial step. Do not procrastinate on it! I wish you all the best and stay safe online.