I'm not paranoid so why am I convinced someone out there is trying to steal my electronic stuff? Every day I expend a great deal of time and energy trying to protect my electronic devices and data from an unknown stranger lurking in cyberspace, casing my house or eying my belongings. Every time I use my smartphone, iPad or computer I have to enter a passcode or password. When I visit web sites I have to enter more logins and passwords. I have to keep track of my nickname and Apple ID for my iPad. I also have to remember the PINs for my ATM and library cards. And that's just my stuff. Now my kids have their own logins, passwords, PINs and nicknames. My brain has a hard time remembering and organizing all this information. It's downright overwhelming.
There are real threats out there so we do need to make some effort to protect our devices and data from being stolen. I like the convenience of online banking but I don't want someone breaking into my bank account and stealing my money. I also don't want someone pilfering my smartphone or laptop and gaining access to my personal information. I hope my bank will work with me to recover any lost money and if my computer is stolen I can replace it but there is a certain amount of time, effort and energy involved in doing so. It just makes sense to take some basic precautions.
How do I determine what needs a passcode or password?
Think about what would happen if a stranger picked up your smartphone. Could they turn it on and immediately access your list of phone contacts? Could they get into your email? If so, you need to protect your smartphone with a passcode. Most smartphones have a screen lock. My Android phone offers a pattern (you draw with your finger), PIN (usually a 4 digit number) or password (4 or more letters or numbers) option to unlock the screen. While these may be cracked easily they are better than nothing and give you a little time to realize your phone was lost or stolen before an unauthorized person can gain access to your data. iPads and iPods have similar passcode locks. It's a bit of a pain to enter your passcode or password each time you want to use your smartphone or iPad but it offers the first line of defense in protecting your device.
What if someone stole your computer? If the thief started your computer would they have immediate access to all of your files? A good place to start is to have at least one user account for you and/or your family and possibly individual user accounts for each member of the family. I've set up three individual user accounts on Windows 7 for myself and each of the boys. We have to type our own password to log in to our personal user account. I didn't plan on being a system administrator but here I am.
There are real threats out there so we do need to make some effort to protect our devices and data from being stolen. I like the convenience of online banking but I don't want someone breaking into my bank account and stealing my money. I also don't want someone pilfering my smartphone or laptop and gaining access to my personal information. I hope my bank will work with me to recover any lost money and if my computer is stolen I can replace it but there is a certain amount of time, effort and energy involved in doing so. It just makes sense to take some basic precautions.
How do I determine what needs a passcode or password?
Think about what would happen if a stranger picked up your smartphone. Could they turn it on and immediately access your list of phone contacts? Could they get into your email? If so, you need to protect your smartphone with a passcode. Most smartphones have a screen lock. My Android phone offers a pattern (you draw with your finger), PIN (usually a 4 digit number) or password (4 or more letters or numbers) option to unlock the screen. While these may be cracked easily they are better than nothing and give you a little time to realize your phone was lost or stolen before an unauthorized person can gain access to your data. iPads and iPods have similar passcode locks. It's a bit of a pain to enter your passcode or password each time you want to use your smartphone or iPad but it offers the first line of defense in protecting your device.
What if someone stole your computer? If the thief started your computer would they have immediate access to all of your files? A good place to start is to have at least one user account for you and/or your family and possibly individual user accounts for each member of the family. I've set up three individual user accounts on Windows 7 for myself and each of the boys. We have to type our own password to log in to our personal user account. I didn't plan on being a system administrator but here I am.
What do you do if your device is lost or stolen? Some operating systems offer a remote method to locate your device or wipe your device clean. Wiping the device will clear all data including apps, photos, and personal information. It's also permanent so only do it if you have no chance of recovering the device. You'll also want to investigate the locating and wiping options in advance to you make sure you have remote access set up for your device. My Android smartphone offers Where's My Droid and Apple offers Find My iPhone, iPad and Mac, which also includes the iPod Touch. The trick is to make sure you have enabled the service before your device is lost or stolen.
How do I come up with a secure password?
When you go to a new website and register a login and password you will often be given guidelines such as, "Your password must have a minimum of 8 characters, not contain more than 3 consecutive identical characters, and include a number, an uppercase letter, and a lowercase letter." Obviously the more complicated the password the more secure it will be. But at the same time it has to be a password you don't mind typing over and over again. It also has to be something you can remember.
One fun way to test your password strength is to go to the web site https://howsecureismypassword.net/. If you enter "password" you'll see a desktop PC can crack your password almost instantly. On the other hand, "password123" will take a desktop PC about 1 year to crack. It would take about 412 years to crack "Password123" and 4 thousand years to crack Pa$$word123".
But who are we kidding? It drains your mental energy to try to generate unique passwords for each new login. You should use a unique password for every device and web site so that if someone cracks one of your passwords they won't gain access to all your information. And once you create the password you have to remember it.
How do I organize all the passcodes, logins, passwords and PINs?
1) Memorize them. If you never write down your password then no one can come across it and steal it. But if you make passwords that are hard to crack then you have a lot to remember. I have about 50 web site passwords and about a dozen additional passcodes and PINs so I have absolutely no chance of this method working for me.
2) Write down the information on a piece of paper. That's not a secure method because someone could find your piece of paper or you could lose it.
3) Type all of the information into a spreadsheet. You could then email the spreadsheet to yourself or store it in the cloud in a place like Dropbox, which is password protected. This method is safer than simply writing the information on a piece of paper unless someone breaks into your Dropbox.
4) Email the information to yourself. This is a method I've employed until recently. Every time I create a new web site account I email myself the login and password. I don't actually email myself the password but rather a hint to remember the password. I use Gmail and I never throw away email because they give me so much storage space. I can simply search my archived email for a company or web site and find the login and password hint. This method works quite well for me but in researching this blog topic I see there are better options.
5) Allow your browser to store your logins and passwords locally on your computer. When you enter the information into your browser (i.e., Firefox, Chrome, Internet Explorer, Safari) for a particular website you can click on the "Always Remember" option and each time you go back to the site the browser will auto-fill the information to log you in. This is an OK solution if your computer is password protected but your browser may be storing the password file in a place that is easily accessible if someone breaks into your computer. For example, you can find all the stored passwords in Firefox by going to the Options menu and clicking on the Security tab. If you have enabled the "Remember passwords for sites" option you can click on the "Saved passwords" button to see all your logins and passwords for each site you've visited on that browser. Seriously, all your secret information is right there for the world to see. Another problem with this method is the logins and passwords are only remembered on your computer so the information won't be auto-filled if you are trying to access a web site from your smartphone or iPad or another computer.
6) Create a master password for your browser. Creating a master password for your browser will store your logins and passwords locally on your computer but the information will be encrypted (i.e., saved using a secret code so it will be indecipherable by another person or computer). In Firefox this feature is available in the Options menu under the Security tab. Enable both the "Remember passwords for sites" and "Use a master password" options. Each time you launch your browser you will be asked to enter your master password to allow the browser to access your saved logins and passwords. This method is more secure than simply allowing your logins and passwords to be saved in an unencrypted file but has the same limitations as any method that stores the information locally.
7) Use a cloud-based password manager. There are several password managers (e.g., LastPass or SecureSafe) available that will store your information in the cloud. LastPass can retrieve any logins and passwords stored locally on your browser or it can keep track of the information each time you enter it on a new web site. LastPass encrypts the information when it stores it so if someone breaks into your LastPass account they will not be able to decipher your information. Each time you launch your browser you will be asked to log in to LastPass. LastPass can then decrypt the information on your local device and auto-fill the login and password information when you visit a web site. When you are done using your browser or if you're going to walk away from your computer you should log out of LastPass to protect your information. Password managers can also generate strong new passwords for you, taking the guesswork out of coming up with unique passwords for every web site you visit. Password generation is also useful for web sites that demand you change your password at various time intervals. Another bonus feature is that since your LastPass information is stored in the cloud you can access your LastPass Vault from your other devices, such as your smartphone or your mother-in-law's computer. A downside to LastPass is that you are out of luck if you forget your LastPass password. LastPass cannot help you retrieve the password because it is encrypted. Also, LastPass can't auto-fill your computer-level user login or device passcodes.
8) Use two-step verification when available. My Google account, which includes my Gmail, Google documents and blog editor, offers this extra level of protection. Here's how it works: The first time I use a new device to access my Google account I will be asked for my password and a unique, one-time use verification code. I can then tell Google if it should remember that device in the future. I set up my Google account so the verification code is sent to my smartphone. If I use a computer in a public library, or any device I haven't used previously to sign into my Google account, I will need to enter both the password and the verification code. Or if a computer hacker cracks my password and tries to log in to my Google account on their device they will also be asked for the verification code. Unless the hacker also stole my smartphone and cracked my passcode they would be denied access to my account. My online banking software also uses two-step verification. If I try to log in to my account from a new device I will be asked to enter an Identification Code sent to my smartphone or my email account. LastPass, Facebook, Dropbox and Apple ID offer two-step verification as well. One disadvantage of this method is to consider what happens if your computer and cell phone are stolen. You won't be able to get into your protected account if you try to use a new device. Some services allow you to register a backup device (a friend's cell phone) where they can send your verification code.
John's take on Passcodes, Logins, Passwords and PINs
(Johnny dictated his comments to me because it's the first weekend of summer break and there's no way he's going to write anything.)
1) Now that we have individual user accounts on our home computer it takes a lot longer to bring up his home page and start playing Minecraft.
2) Once his passwords are in his LastPass vault it's easy to keep the passwords organized.
3) It's confusing to figure out how the passwords entered into the Chrome browser are remembered by LastPass. Sometimes you get a prompt asking if you want LastPass to remember a new login and password and sometimes you don't. It might take a little practice to completely understand it.
No comments:
Post a Comment