The importance of securing our online accounts in our digital world should be high on our priority list. From personal email to online banking and social media, we now have an increasing number of online accounts containing sensitive information that we need to protect from prying eyes and cyber threats.
Passwords
Passwords have long been the staple method of protecting our online accounts and even though we’d like them to, I don’t believe they are completely going away any time soon. So here are some golden rules when creating a password.
Make them strong. Strong passwords or passphrases are typically long, random strings of characters that are virtually impossible for hackers to crack using traditional methods such as brute-force or dictionary attacks.
Make them unique. Having unique passwords for each account significantly reduces the risk of a breach across multiple platforms in the event one is compromised.
Keep them secure. Use a password manager (please!). It’s going to be super hard to remember all those strong, unique passwords and you shouldn’t be writing them down in a little black book or on post-it notes stored around your computer desk as they could be easily stolen from there. Store all your passwords and account details in a reputable password manager – that way you only need to remember one secure password instead of many.
Let’s not stop with just using a strong password though…
Multifactor Authentication
Wherever possible, enable the use of Multifactor Authentication (MFA) on your accounts. MFA requires you to use two or more authentication factors when logging into your account. The three common factors are:
Something you know (password, passphrase or PIN)
Something you have (email, phone [SMS] or an authenticator app)
Something you are (biometrics – fingerprint or face)
The benefit of using MFA on our account is that if our password is compromised, it is less likely that an attacker will gain access to our account without the second method of authentication. For example, I have a friend who recently had her Facebook password compromised (how is another story). The attacker was able to log into her Facebook account straight away and start using her Messenger to ask friends for money, pretending to be her. Had she enabled MFA on her Facebook account, the attacker would not have gained access with just her password and her day would have been a whole lot better.
Passkeys
The future of authentication is coming and it’s looking to get rid of passwords for good. Passkeys allow you to prove who you are without using a password. This is great because if we take away passwords from attackers, we'll be putting a stop to their most used method to gain access to our online accounts.
Passkeys work by using what’s called public key cryptography. Basically, your mobile device (or a password manager that supports passkeys) stores a private key and your online account servers store a corresponding public key. The pair of these keys are what makes the first authentication method in the process. You are still required to use another form of authentication, which is usually your devices built in biometrics like your fingerprint or face. So multifactor authentication without the password!
Passkeys are relatively new, so they aren’t as readily available on online accounts as passwords and MFA are. I’m sure there will also be some learning curves along the way as they are more widely adopted.
Moving forward let’s look to use Passkeys where we can, then passwords and MFA where we can’t. And to make things a lot safer and easier for yourself, get a reputable password manager to store your passwords and passkeys such as 1Password or Dashlane. It really does simplify your digital life.
PS. If you decide on Dashlane as a password manager, why not use my referral link which will get you 6 months of free Dashlane Premium (must be a new Dashlane customer). https://www.dashlane.com/cs/fazUiYqninw3