It’s easy to think you know all the ins and outs of password safety. After all, you would never share your password with anyone else. You wouldn’t dream of using your birthday as a password for any account — not even for something silly like the game Words With Friends. And you know better than to leave your passwords exposed on your computer; they’re all written down on a handy-dandy Post-it note, in your secret safe spot at home. That’s all fine and good — but truly safe password protection is a little more complicated than that.
Of course, we hear all the time that experts want us to keep our passwords “strong,” but what does that mean, beyond not listing a simple string of letters in alphabetical order or writing out numbers consecutively? How do we navigate new tools that may leave passwords more vulnerable? And in a world full of scams, viruses, and spyware, how can we be confident that our passwords aren’t falling into the wrong hands? Luckily for us, there are lots of tech safety experts out there who have some savvy tips to keep all our passwords safe and sound. We rounded up some of the best password safety tips to make sure they all stay where they belong — out of the hands of anyone but you.
1. Avoid saving passwords through autofill.
We know what you’re thinking: Groan. In theory, autofill is supposed to make our lives easier. After all, it takes less effort to let your password automatically save and pop up for login than it does for you to try to remember it on your own (or to refer to the Post-it!). But using this so-called time-saving trick might actually hurt you in the long run, according to new research from Princeton. Ad networks are now abusing tracking scripts on login pages to steal people’s email addresses. Scarily enough, these networks could also use this same technology to take people’s passwords, too. It gets even worse if you use the same password for multiple logins; they could potentially gain access to other accounts of yours as well. Yikes! We’ll definitely take a few extra seconds logging in over that mess.
2. Get creative with your passwords.
This sounds a whole lot more fun than making your passwords “strong,” doesn’t it? Well, tech safety experts say that using creativity when it comes to password can actually help make them stronger. The Federal Trade Commission (FTC) suggests thinking of a special phrase and then using the first letter of each word of that phrase for that password. To up the ante, they also recommend subbing some numbers for letters. The example phrase that FTC gave was “I want to see the Pacific Ocean,” which could then become the password 1W2CtPo. (We’re sure we don’t have to tell you not to use that specific password now.) Try to be unpredictable with the letters, symbols, and numbers you pick. No matter how wonderful your password is, don’t use the same password for every account; if thieves crack your one creative code, they’ll be able to hack into your other accounts, too.
3. Sign up for two-factor authentication.
OK, not every password login offers this helpful option, but for the ones that do – like Gmail — it’s worth your time to add that extra step to your login strategy, according to the Internal Revenue Service (IRS). For those unfamiliar with the idea, a two-factor authentication requires you to use your password as well as an extra piece of info, which could be something like a code sent to your phone in a text message. It might be annoying at first to add another step to your list before you’re able to log in, but won’t you feel grateful if your password does end up getting compromised? Then, it’ll be the hacker who’s having all the trouble.
4. Be wary of public computers and wireless connections.
We know that publicly available computers and other devices can come in handy in a pinch, but exercise extreme caution when using an unfamiliar device or connection. The U.S. Securities and Exchange Commission says this is especially true when it comes to logging into social media accounts; try to avoid it if you can. But if you absolutely have to do it and have no other option, be sure to double-check that you log out completely to end your online session before you go. Do not leave that room without clicking the little “log out” button, particularly on a social media website.
5. Keep an eye on that darned Post-it.
The good news is that you don’t need to stop using a Post-it — or any other preferred paper — to store your passwords. But the Department of Homeland Security (DHS) says you do need to be a lot more careful with it — especially if you work in an office. Leaving it taped on your desk, near your computer, or on your computer leaves you vulnerable to anyone who has access to your office. Even in your house, it’s a good idea to store your passwords in a secure place — like in a locked desk drawer, as the US Computer Emergency Readiness Team suggests. Just keep it far away from that monitor, and you should be in the clear.