Tech Made Simple

Hot Topics: Samsung Galaxy S6 | Best iPhone & Android Apps | Best TV Under $500 & Under $1,000 | Best Wireless Music System

Use It

author photo

How to Minimize Your Risk of Password Theft

by on January 06, 2014
in Computers and Software, Computer Safety & Support, Tips & How-Tos :: 16 comments

stealing a passwordWhen it came to protecting your private information, security professionals used to focus on the complexity of your password. Make a password harder to guess and for hacking programs to break, and you would be safe.

That advice is still valid. But with the massive security breaches at tech companies like Adobe and LinkedIn exposing hundreds of millions of user names and passwords (and who knows how many breaches we haven't even heard about), simply creating a complex password isn't enough. The only way to minimize the impact of stolen log-in credentials is to use a different password for every site.

For most of us that's a daunting challenge. Who can remember 50 different passwords? The answer is a password manager that lets you create as many complex passwords as you need and store them all in an encrypted database under one master password for easy reference and auto-filling. Once you have your password manager running, it fills in your user ID and password for you whenever you visit a website.

When creating your strong passwords, go for at least 8 characters (the longer the better), with a mixture of upper and lower-case letters, numbers and, if the site or service allows, special characters, such as “!,” “#” and “?.” It should be something you can remember easily. A long sentence works well when you take the first letter of each word and then substitute the vowels for numbers or symbols.

For example: The quick brown fox jumped inside the orange box and slept = Tqbfj1t0b&s

However, it's also been proven that really long passwords work just as well. Numbers, capitalization and special characters are all bonuses, but a short password that uses all of these tricks may still be easier to crack than a long password with real words, such as "iliketobakecookies"

All of the major browsers have password managers built-in. Sometimes you'll find it under "auto-fill," since the browser automatically fills in your password. Only the free Mozilla Firefox Web browser for PCs and Macs has lets you protect your password list with a master password. Google’s Chrome browser requires you to log in to save or use saved password, so logging out will protect you. Apple’s Safari browser on Macs stores your password in the iCloud Keychain, which means your passwords will auto-fill if you're logged in. However you'll need your iCloud Keychain passcode to view the stored passwords. Internet Explorer will auto-fill any passwords stored and show you the passwords.

Fortunately, all browsers will only auto-fill if you’re logged in to your computer profile, so remember to log out when you’re done. And set your computer to sleep after a few minutes of inactivity and require your password to come out of sleep so no one can use your computer when you step away.

  • On Windows PCs, you’ll find this under “Control Panel” then “Appearance and Personalization” and then in the “Personalization” section you’ll find “Change screen saver.”
  • On Macs, go to “System Preferences” then “Security and Privacy” and you’ll find it under the “General” tab.

RoboformA better option is to use a stand-alone password manager. The best let you sync your passwords across Windows PCs and Macs, as well as Android and iOS devices, plus help you generate unique strong passwords for sites and securely store your credit card info. Two of my favorites are RoboForm (free for 10 logins, premium with unlimited logins $9.95 the first year, $19.95 thereafter at roboform.com) and LastPass (free for desktop app, or $12 per year for a premium account with access to mobile apps on lastpass.com).

For a free option, I like Norton Identity Safe, which works on Windows PCs, Macs, iOS and Android devices and stores credit card info. It doesn’t have the password generator, but it works.

 

 

Subscribe to the Techlicious Daily Email!

Get the Techlicious Guide to Great Photography as your FREE gift!

Discussion loading

gravatar

Japanese Emoticons & Upside Down Letters

From Ernesto Colina on January 06, 2014 :: 12:03 pm

Besides any password manager, if possible, use symbols that cannot be “typed” such as Japanese Emoticons or Upside Down Letters or many other tricks you can do with text. You can see those neat trick at : http://fsymbols.com/

Even simple words, converted to upside down letters, add an emoticon and not even the NSA can hack it.
For Example : pɹoʍssɐԀƃuoɹʇSʎɹǝΛᕙ(`▽´)ᕗ

BTW, and test your pasword here : http://howsecureismypassword.net/

Reply

gravatar

a new product

From Trudy on January 08, 2014 :: 9:32 am

thought you might be interested in a new product, actually just patented by an old high school friend and IT professional.  The product is called Sim2Com and here is the site for a free trial download:
http://www.sim2com.com/eng/download/download.php

I’d be interested in your opinion.

Reply

Sim2Com may help

From Roi Igarashi on January 08, 2014 :: 9:35 am

It may be very relevant to the topic of this article.

I have written a Windows based password cruncher and launched it in the market 3 days ago. It’s called Sim2Com.  It’s basically a “simple-to-complex password converter” that does its work on the fly without storing any credentials anywhere—not the cloud, not a server, not even in the local PC. The user’s brain is the database. No network or Internet necessary.

Free trial download is available at:

http://www.sim2com.com/eng/download/download.php

The con is it works only in Windows. This is because it was designed primarily for IT infrastructure professionals who babysit corporate networks and desktop and corporate users but it is still useful to Windows consumer users.

Reply

How-To Video

From Roi Igarashi on January 12, 2014 :: 10:43 am

I think it might be better to first see the How-To Video for Sim2Com before attempting to download it. Please see this YouTube video:

http://www.youtube.com/watch?v=ynJl06wKXeU&noredirect=1

Thank you.

Reply

gravatar

Password Manager

From Tony on January 31, 2015 :: 8:51 am

I use a different password for every site but it becomes increasingly difficult to remember especially if it becomes necessary to change some of those passwords.

LastPass is the resource I finally turned to for automatically remembering and entering passwords for all my sites. You simply need one long complex Master Password for security, and the rest is easy.

Reply

KeePass?

From Jennifer Wood Montalbano on February 19, 2015 :: 11:21 am

Do you recommend KeePass?

Reply

gravatar

Keepass interest too!

From Elizabeth on February 19, 2015 :: 12:57 pm

I want to know your views of Keypass as well. Thanks!

Reply

gravatar

KeePass Experience

From Ernesto Colina on February 19, 2015 :: 2:28 pm

I use KeePass in many environments, including it’s usage at work. I has many features just like the “Pro” versions of many paid password managers and it even supports the usage of Japanese emoticons, which can be used to build a super secure password. And the best of all is that it is free.
http://keepass.info/

Reply

gravatar

KeePass and Key Files

From Ernesto Colina on February 19, 2015 :: 2:38 pm

One thing I forgot to tell you, and it is about the usage of “Key Files” instead of a Master Password.
My advice is : AVOID THEM. On that particular issue, KeePass does not play well, specially if you plan to copy your password database to another machine. But as long as you use a good Master Password, everything is fine.
BTW, I also use KeePass for a lot of things where “LastPass” cannot be used. i.e. Unix or Mainframe environments where the internet practically does not exist.

Reply

gravatar

Thanks!

From Elizabeth on February 19, 2015 :: 2:59 pm

I appreciate your response. I like KeyPass a lot, but recently tried to share my database with my husband’s computer and I get an error when I enter my master password & can’t seem to get around it. I was thinking perhaps I need to move to another, more portable manager.

Reply

gravatar

KeePass Database

From Ernesto Colina on February 19, 2015 :: 3:13 pm

It has happened to me too, and I think it is because the password database got corrupted. I have solved this by getting a fresh copy of the original password database (*.kdbx) or by exporting the original database to an XML listing and importing it in the other machine.
And then again there is this page to repair it :
http://keepass.info/help/base/repair.html

Reply

gravatar

Belated thank you!

From Elizabeth on March 08, 2015 :: 2:13 pm

Thank you for your advice. I deleted the file for Keepass & reinstalled it and it seems to be working now. (Whew!) Thank you for offering some advice on how to address the problem if the cause was a corrupted file. I really like Keepass & didn’t want to have to move to another system, now I won’t.

KeePass?

From Jennifer Wood Montalbano on February 19, 2015 :: 3:28 pm

I was told that it is NEVER safe to save your PW in your browser - how do Mozilla, et all keep password information secure?

Reply

avatar

Never is a strong word...

From Josh Kirschner on February 19, 2015 :: 10:31 pm

The problem with saving passwords in your browser is that anyone who gets access to your computer when you’re logged in can access sites using passwords stored in your browser. This may not be an issue for your home computer (unless you’re worried about your kids or spouse), but could be a real issue at work, for example. And some browsers (e.g., Chrome) will display all your stored logins and passwords to anyone who knows your Windows password.

But all of this is primarily an issue for local hacking, not remote hacking. I use Chrome to store passwords on my home desktop (not my banking passwords, which I always type manually), and I’m not worried about it. I’m pretty sure my wife isn’t out to get me…yet.

Reply

But....

From Jennifer Wood Montalbano on February 20, 2015 :: 9:25 am

.. If someone remotely hacks my home PC and takes control, they can still access anything that I have my stored credentials in.

Reply

avatar

Perhaps, but depends what type of hacking

From Josh Kirschner on February 20, 2015 :: 11:17 am

To be able to access the encrypted files containing your password data, they would need the ability to take control of your computer when you’re already logged in. There is malware out there that could, potentially, allow someone to do that, though any decent antimalware program and computer running updated software should prevent it from installing. And actually taking advantage of the hack would require manual action from the person on the other side, making this much more labor intensive than your typical mass hacks.

If you weigh the likelihood of that happening (very, very small) against the (high) risk of using weak passwords because you’re afraid of password managers, it still makes sense to go with the password manager. Plus, not using a password manager exposes you to the same keylogger risks as above when you type in your password manually (still very low unless you think someone close to you may be spying on you).

That said, I’m very careful with my most important passwords (bank, brokerage, email) and never store them anywhere except in my head. The rest, I’m not so worried about.

Reply

© 2014 Techlicious LLC. :: Home | About | Meet the Team | Sponsorship Opportunities | Newsletter Archive | Contact Us :: Terms of Use | Privacy Policy

site design: Juxtaprose