It’s World Password Day, a marketing gimmick dreamed up by chipmaker Intel and supported by many organizations, including Amazon and Dell, designed to get you to beef up your online security.
Don’t let the hype get in the way of a good message — hackers have never been busier — as witnessed by the big Google Docs hack attempt this week. So today is as good as any to stop, take a minute and update your online security.
The most common password used, even to this day, is “password” and 123456. Security experts recommend a strong mix of letters, numbers and symbols, preferably ones that make no sense, says Emmanual Schalit, the founder of Dashlane, a popular password manager, which automatically generates tough ones. (Dashlane is free on one device, or $39.99 yearly on multiple devices.)
Having the same password on multiple sites is like “giving the keys to your home to everyone who delivers a package,” he says. “If you share the same password to multiple sites, when one becomes breached, the hacker will use the same password to all your websites.”
Schalit joined us on the #TalkingTech podcast to talk all things passwords, and how in a perfect world, he’d like to see them changed every five minutes or so. (Relax — he actually changes his every three months, using an automated feature of the Dashlane app to create hard to crack passwords.)
Password managers remember your passwords so you won’t have to — you sign in with one master password, which you have to remember. The apps don’t store it for you, they say, to keep them away from hackers.
A big question many folks have about password managers like Dashlane, Lastpass, Zoho Vault and others. What if the hacker gets to your master password?
The managers send out e-mails when you log in from a new device requesting authentication, and the hacker would have to know both your e-mail and master password. It’s for situations like this why Schalit recommends two-factor authentication on all your accounts. This requires you to sign in with your password, and then sign in again, usually with a code sent via text message. This makes it harder for hackers to get to you — so they move onto to the easier targets.
Schalit admits that few people use two-factor. “It’s in the low single digits because it’s too complicated for people,” he says. “One thing you’ll see change in the next two years, you’ll see a move to make two factor more accessible to people.”
He doesn’t like getting two-factor texts, because texts are easy to hack — he prefers using an app, like Google’s Authenticator or Authy.