Last Word on Passwords

Lately, it’s hard to go a week or month it seems without hearing about some site being hacked, logins and passwords stolen or compromised, etc. Suddenly we have to be aware of scary-sounding things like Heartbleed and OpenSSL vulnerabilities or the Shellshock Bash Bug, to innocent sweet-sounding names like POODLE. Short of completely unplugging from the grid, there isn’t a 100% way of preventing these issues, but there are some key things that you can do to decrease the chances and limit the damage.

Working in online fields for over a decade now and working within digital agencies, Jill and I know about the challenges of maintaining logins. Not only do we have a large number of logins to various sites for our own personal and business needs, but we are also often entrusted with logins of client accounts as well. In fact, we might have multiple logins for a single site! Keeping this all straight in our heads is not an option, nor is using the same login, not that we’d want to or recommend, across multiple sites an option either.

The issue of user accounts, logins, and passwords is so critically important that I want to take a moment to share our approach and tell you how you can probably dramatically increase your own security at zero cost. Before I cover that, let’s address a couple of key issues.

No One Will Ever Guess

Whenever the topic of online security comes up, invariably someone will utter the “no one will ever guess my login/password” phrase. For the most part, I agree nearly 100%. If you envision some unshaven, grungy-looking guy, hunched over a keyboard sitting in a dark basement, typing away trying to hack into your account, then it’s time to wake up.

First, while there may be some of those characters out and about, they aren’t necessarily the norm or even the ones to be worried about. Instead, they are business people who look just like you and me.

While you and I may consider this to be a despicable, sleazy business doesn’t matter. Understand though that for them, this is a business. This is an important concept because it helps in understanding that, like all businesses, their goal is to be as efficient and profitable as possible.

Obviously then, having one or even hundreds of people trying to manually hack into accounts is neither efficient nor profitable. Thanks to the power of technology and programming, this is all automated. Not only is this automated from the standpoint of attempting combinations of words or phrases (dictionary attack), but from analyzing the most likely words and phrases based on popularity, keystrokes, combinations of characters, etc.

And once a successful combination is found, it can be added to a database so that it is always checked, logged how frequently it is successful, likely derivations from it, and no doubt a whole list of other characteristics.

But It’s Such a Hassle

I absolutely agree that it can be a huge hassle if you are trying to keep track of a growing list of logins in your head. But other hassles related to this have mostly gone away. I remember “in the old days” when most sites didn’t have a “forgot your” password or username link.

There might not have even been an easy way to even contact someone at some sites to help you get or reset this information. Fortunately, for the most part, this is not much of an issue anymore.

So the biggest hassle now is keeping track of everything, and in a lot of cases, you might be able to login to a lot of sites now with other credentials like your Facebook, Twitter, or Google account. This is both a great convenience but also a huge risk because it once again exposes access to a large pool of sites via a single login.

Fortunately, most critical sites like banks and credit card sites require you to have a separate account and login credentials for their site…though that still doesn’t prohibit you from using the same credentials you use on every other site.

The best, most secure logins are unique, complex, and random. Period.

McHenry Life Experiences Newsletter

Want to be in the know, alerted about giveaways, and more?

Be sure to sign up for our Experiences email newsletter.

It’s free and we won’t blast you with emails!!!

The best, most secure logins are unique, complex, and random.

Period.

Recommendation: Use Only One Login & Password

That’s right. After everything I said above, I’m recommending memorizing a single login and password. But…

Come on, you knew there was a “but” in there. In addition to your one login, I recommend using a password manager. These tools can often work across browsers and platforms. The best ones cannot only help you generate secure, random passwords, but may also notify you when your existing logins may have been compromised by a data breach at a site you use.

President and Founder of Identity Developments, LLC, the parent company of the McHenry Life website. My hope for McHenry Life is to create a resource and destination for the residents and businesses of McHenry County alike. A place where residents can discover new places to explore, fun events and ways to spend time, and then share those experiences with others. A place where businesses can connect with existing and potential customers, and not simply market their businesses, but share their own unique stories.

Leave a Comment