How to keep your passwords safe online

Keep prying eyes out - or at least make it more difficult for them to get in

Password managers and two-factor authentication should both be high on your list of options for protecting your data.

Password managers and two-factor authentication should both be high on your list of options for protecting your data.

 

From password managers to two-factor authentication, here are a few ways you can keep your online accounts safe.

Choose strong passwords

If you use the same password over and over again, you are putting yourself at serious risk if there is a breach in any of your services. All it takes is for hackers to try the password and email combination in other websites and you could end up losing more than the few minutes it would take to change your passwords now.

So choose a unique password - a phrase perhaps - and use a mixture of letters, numbers, symbols and upper case letters to ensure that it’s as difficult as possible to guess.

Two-factor authentication

Don’t just rely on a username and password to log in. If your email or favourite social media service offers two-factor authentication, then enable it. Most will send a code to your email or phone that you will need to log in, in addition to your username and password. Just don’t lose your phone.

Password managers

It seems counterintuitive that you would keep all your passwords in one place. After all, if a thief managed to get your login details for that account, you would be open to having every swiped in one go.

But still security experts recommend password managers such as 1Password, Dashlane and LastPass to keep all your log in details safe. These services are like a big encrypted vault that store all your important details for you.

There are a few reasons for this. First of all, it’s easier to think of one strong master password and remember it than have different passwords for every single account. Some services will even suggest randomised passwords and save them to your account so the chances of thief guessing your login credentials are minuscule.

Secondly, reusing passwords is still considered less secure, with the likelihood that one of those services will be compromised far higher than a breach on a password manager app.

What if the service itself gets hacked though? It’s not beyond the realm of possibility that may happen. Last year, LastPass warned users not to use its browser plugin while it fixed a vulnerability found by Google researchers. It hasn’t been the only one, with bugs found in Dashlane and 1Password over the years too. On balance though, they’re still more secure than using easy to guess passwords over and over.

You can enable two-factor authentication on some password managers too, which asks for a code either via SMS or an authenticator app, before you can gain access to your information.

Saving passwords to browsers

Do you really want to risk saving all your passwords to your browser? If you are sure that only you have access to your device, and the passwords are encrypted, you could save selected ones to Chrome or Safari as you go. The problem occurs when someone other than you gets access to your smartphone or laptop.

As an aside, if you are saving passwords to your smartphone, you should protect it as much as possible. That means you should be using a strong passcode - not four digits, or 666666 - using a mixture of letters or numbers, or use biometric authentication such as FaceID or a a fingerprint. If your passwords are stored on your device - iPhone users, go to Settings>Accounts & Passwords> App & Website Passwords - you’ll want to make sure your phone is as locked down as possible.