I’ve talked about online security in the past, and thought that, following recent headlines, I’d do a follow up.
It seems that, on the whole, we’re not learning lessons and we are exposed in ways we simply can’t imagine. It seems to be a case of ‘it won’t happen to me’ attitude.
It’s strange, because you look after your house keys and the keys to your car/bike/van etc. You’ll lock belongings away safely; but it appears that, generally, we’re care-free when it comes to passwords.
National Cyber Security Centre
A study by the UK National Cyber Security Centre found that the most common password found on accounts that had been breached was 123456.
It was found 23 million times. Second most popular was 123456789, then “qwerty”, “password” and 11111111.
The NCSC study also asked people about their security habits and fears.
It found that 42% expected to lose money to online fraud and only 15% said they felt confident that they knew enough to protect themselves online.
It found that less than half of those questioned used a separate, hard-to-guess password for their main email account.
This last point is very worrying, as your email is the one place a hacker could get access to everything! They could use it to find out all about you, then target scams specifically at you.
Take this real life example where a scammer convinced someone to part with thousands of pounds.
Because they had the password to the users email account, they discovered they're in touch with a builder about some work.
The scammer then emailed him, pretending to be the builder, asking for money.
The banks take the stance, currently, that because you authorised the transaction; known as an Authorised Push Payment, then you’re liable and they don’t have to refund you.
It’s harsh, and steps are being taken to address this; but through taking care with your online security reduces the risk of this happening. The onus must be on us to take care with our money.
Another issue is that, apart from being easy to crack, it’s a fair bet that these password are being used for multiple accounts. So, if one of your accounts had been compromised, then the hacker can just use your username and password against other sites to see if they get a hit!
So. How can you protect yourself online?
The first step is to use a different password for each online account you have.
This might seem onerous, but your online life is on the line and you need to protect it.
This will reduce the impact of a hacker accessing your accounts. Where possible, use different usernames too.
You need to make it as hard as possible for the fraudster to get access to your information.
Using a different password is good. But, if it’s easy to guess; like a surname, maiden name, dogs name etc; then this will be easily found out by the fraudster and… BINGO!!
The passwords need to be hard to guess and there are a couple of ways to do this.
The simplest method is to come up with a phrase and create a password using the first letter of each word.
So, you might use the phrase “My favourite place in the world is at home with my family”. Your password would then be ‘MFPITWIAHWMF’
That’s a great password. Now, mix it up with some upper and lower cases. You could replace certain letters with numbers; for example replace the ‘I’ with a ‘1’ and replace the ‘A’ with a ‘4’.
Now you have ‘MFP1TW14HWMF’ (or ‘Mfp1tw14HwmF’) Maybe you can introduce some special characters - ‘Mfp1tw1&HwmF’.
You still need to create separate passwords for all your accounts, but if you make them memorable, then the difficulty in remembering them is reduced.
However, you probably have lots of online accounts.
There’s all your online shopping accounts. Financial accounts. Your email account (or accounts). Your Netflix or other streaming service login. Your social media accounts too.
I’ve checked, and I have over 350 passwords. Not all of them are used regularly; but they are all accounts stored somewhere online.
Of these, only 6 of them have the same password. I really should take a look at those!!
How do I do it?
I use a password manager, called LastPass. There are others on the market, such as Dashlane and 1Password; but I’ve been using LastPass for years and have been very happy with them.
LastPass is cross-platform, so I can use it on my MacBook, iPhone, or anywhere else I access the web.
When you create an account, you set up an access password - this should be a hard-to-guess password, as it’s the only one you’ll need in the future. It’s so important (and secure, not even the guys at LastPass can retrieve it) that if you lose it, then you’ll lose access to all your passwords.
The next time you create a new online account, LastPass will ask you if you want to store this in your vault. If you say ‘Yes’, the username and password will be stored securely.
You can also use LastPass to generate the password for you. I won't take you through all the steps, but at the end, your new account will be stored in the vault, and all is safe.
The next you go to the login page, LastPass will recognise the site, and will prompt you to select the details from the vault. Simply select the details, click login and you’re done.
LastPass also gives you the space to store images; so you can create Secure Notes, with passport information, driving licence information etc, and store images of your important documents. All protected and safe.
In an emergency, (for example, if your passport has been stolen) you can access these easily, wherever you are.
Another great feature of LastPass is the ability to store credit and debit card information; along with your address details.
The next time you shop online and need to get your card (which is in your wallet, in the kitchen, and you really can’t be bothered to get up) then use the Form Fill functionality to retrieve the necessary information and your purchase is complete.
You can set additional security against these; so that you have to enter your LastPass password to access them - adding an extra layer of protection.
Housekeeping is a breeze and you can take a regular Security Challenge to test your password strength. You will be told how old your passwords are, and in some cases,
LastPass will automatically update them (for certain sites) with just one click. It’s a real timesaver.
I have literally scratched the surface of password security, and it will take a little effort to get your house in order. But, it must be worth it, to know your information is secure and away from the prying eyes of the fraudsters.
Two Factor Authentication
There is one further level you can go to secure your passwords; and that is 2FA - 2 Factor Authentication.
This is being offered by more sites now, and means that access to your accounts are only available when you have the password and a physical entity at the time of logging in. Your mobile phone is probably the key here; although it could be a token too.
When you log in, you’ll use LastPass as usual to pre-populate and send your login details, then you’ll be asked to enter another piece of identification, generated on a device you physically have with you.
This way; even if the hackers get your detail, they cannot access your account.
You still need to be vigilant. Password managers won’t save you from accessing ‘dodgy’ sites and entering your information.
Try Before You Buy
As I mentioned, this is a subject close to my heart. It seems the simplest thing to do; but it’s amazing the number of people who, at the very least, don’t use separate passwords.
You can sign up for a LastPass Premium account, which is free for 30 days, and after that it’s approximately £36 per year for a single premium account.
For £10 more, you can get a family account, which allows you to manage up to 6 people - of course, you can't see their passwords, and they can't see yours.
I think that’s very reasonable for peace of mind. True value.
Don’t become a statistic.
Take the first step to improve your online security.
Disclosure: I was compensated for this post. This post also contains affiliate links and I will be compensated if you make a purchase after clicking on my links. This does not affect the price you will pay.