Changing twelve years' worth of passwords wasn't as bad as we thought. Have you had the same password — for everything — for over a decade?You might wonder how you have survived this long without your identity being stolen!
Are you too scared to log out of Facebook for fear you might never get back in? Have recent data breaches got you thinking about security and identity online? Is it now time to get yourself together? Here's what sorting out 12 years of passwords might look like.
Change #Passwords for the better
Start by reading up on password management. Yep, a snooze fest.
The key takeaways were that you shouldn't have the same passwords for everything (fail), that they shouldn't be related to anything personal (fail again), and that you should try passphrases, not words.
A passphrase is like it sounds — instead of using password123, you could use 'Tubbylikesbeans'. Or something slightly more complex.Troy Hunt, the online security expert, suggests using a password manager to store all the different passwords for all your accounts and create a strong passphrase. To get set up read through a good password manager buying guide, and ask a few tech-head friends what they do. Decide whether to go for a paid service or one of the free options. Then narrow choices down to two managers.
Don't get lost in the "special features" of each. Try one brand for an hour and if its functionality drives you insane, quit. Switch to the other (migrating between managers is straightforward).
Time spent: Around an hour and 30 minutes, including my software change.
Sorting out my passwords is not logging on to every single website I use, changing my password to something more complex, and then writing that new password in my manager. Passwords all over the place! And in most cases, those lists of auto-fill passwords are exported to a spreadsheet. Then import them back into your new password manager.
117 logins saved on your internet browser, 55 on your phone, 18 in my work password manager and 7 in my Google account. Not as bad as expected! Auto-importing all of those logins only took 10 minutes.
Time spent: 10–15 minutes.
Most of us can barely remember bin day, let alone all our passwords. Which is why we cheat passwords.
If you are a genius, you will
Of the 197 logins you may import (many of which were copies anyway), the password manager's security feature will probably say at least 160 of them were 'At-Risk,';
1. Too simple
So they got changed. The password manager helped generate secure new passwords — something catchy, like fseh908uio4hf. When changed, it would automatically save the new password. While you'll never remember a bunch of gibberish passwords, the password manager syncs across all my devices — so I only need to remember my master passphrase. Then find or auto-fill any convoluted password you want.
Time spent: Changing hundreds of passwords — hours!
Out of your mountain of at-risk logins, you probably only use between 10 and 20 websites regularly.
From passwords to phishing, hackers can catch you on social media. Here's what you can do to minimise the risks.
The logins included online shopping brands and streaming services that had personal debit cards saved. Medical websites I used to book appointments with my doctor and dentist. People tend to use the same login details for these sites as for random websites you have no memory of signing up for. People usually only find these accounts, as they were part of the 'at-risk' login list.
Logging on to these sites during the clear-out. People discover they not only have your password but your date of birth and your address. Going through and working out how to delete these accounts took a lot longer than the password resets but felt even more essential. And these are just the sites that were auto-saved — how many more out there have my details?
Time spent: Days! Often there was no 'delete' button, and emails sent and confirmed back.
While some parts of this task have been easier than I expected, overall, it's been quite exhausting.
It's taken hours to sort through everything. It's been fiddly and would hurt any non-tech brain.
But! It felt worthwhile, a task that needed doing.
No more worrying about being hacked. No more stupid, dangerously easy passwords which you have to remember. No more thinking up new ways to spell the dog's name with special characters.
Articles, links and connections from the BeSecureOnline site you might find interesting.
What is a VPN?
8 good reasons to use a proper password manager
Ransomware - To pay or not to pay - Ransomware
German Insurer Allianz says - Businesses fear a catastrophic IT failure the most
Cybersecurity Essentials for Business
Get the latest updates in your email box automatically.