Stay safe, re­duce re­liance on pass­words

The China Post - - LIFE - BY ANICK JES­DA­NUN

Mix up­per and lower case letters in your pass­word? Sub­sti­tute the nu­meral 1 for the let­ter l? Throw in an ex­cla­ma­tion point and other spe­cial char­ac­ters? Who can re­mem­ber all that for dozens of web­sites and ser­vices?

No won­der it’s tempt­ing to turn to apps and ser­vices that prom­ise to keep track of your pass­words, ei­ther on your de­vice or online. All you need to re­mem­ber is your master pass­word.

But these pass­word man­agers are like trea­sure chests for hack­ers. If your master pass­word is com­pro­mised, all your ac­counts po­ten­tially go with it. Ser­vices that store pass­word data online are par­tic­u­larly trou­ble­some be­cause they are eas­ier for hack­ers to break.

Don’t do it, I’ve been say­ing for years. Now, I hate to say, “I told you so.”

LastPass, which of­fers a ser­vice that stores mul­ti­ple pass­words in en­crypted form, says it has de­tected “sus­pi­cious ac­tiv­ity.” Although it says it found no ev­i­dence that in­di­vid­ual pass­words or user ac­counts were breached, it’s ad­vis­ing users to change their LastPass master pass­word.

I ad­vise users to come up with a bet­ter sys­tem in­stead, one that re­lies less on just pass­words.

Here are some tips:

All Ac­counts Aren’t Equal

In­stead of hav­ing to re­mem­ber dozens of com­plex pass­words, maybe you need to re­mem­ber only a half-dozen.

Fo­cus on ac­counts that are re­ally im­por­tant: Bank ac­counts, of course. Shop­ping ser­vices with your credit card in­for­ma­tion stored. And don’t for­get email.

Who would want your mun­dane chat­ter? Well, email ac­counts are im­por­tant be­cause they are gate­ways for re­set­ting pass­words for other ser­vices, such as your Ama­zon ac­count to go on

a shop­ping spree.

What about Other Ac­counts?

Maybe you don’t need to worry about a pass­word for a dis­cus­sion fo­rum or a news site. Yes, there’s the em­bar­rass­ment of some­one post­ing on your be­half, but it’s not the same as steal­ing thou­sands of dol­lars. Yet if it’s a dis­cus­sion fo­rum you value, and you’ve es­tab­lished a rep­u­ta­tion un­der that iden­tity, you might want to pri­or­i­tize that, too. That think­ing ap­plies to so­cial-media ac­counts such as Face­book and Twit­ter.

For the rest of your ac­counts, it’s not as bad to turn to a pass­word man­ager, but it might not be nec­es­sary. Web browsers from Ap­ple and Google have built-in mech­a­nisms for stor­ing fre­quently used pass­words. You even have op­tions to sync those online if you use mul­ti­ple de­vices. Google’s new Smart Lock fea­ture ex­tends that to An­droid apps, too, so you’re not lim­ited to Web brows­ing. Many ser­vices also let you sign in with your Face­book or other ID in­stead of gen­er­at­ing new pass­words each time. Make sure the ID ser­vice of­fers two-step ver­i­fi­ca­tion, as I’ll ex­plain later. Turn that on.

Again, use these only for your lessim­por­tant ac­counts. For the highly sen­si­tive ones, choose a unique pass­word and re­mem­ber it. Write it down by hand and keep it in a safe place. If you must store it elec­tron­i­cally, use pass­word­pro­tected files kept on your de­vice — not online.

Phones and Fin­ger­prints

If you haven’t pro­tected your phone with a pass­code, tsk tsk! Some­one can easily swipe your phone and get to your email ac­count to un­lock all sorts of other ac­counts.

For­tu­nately, the latest iPhones and Sam­sung Gal­axy phones have fin­ger­print IDs that make it eas­ier to un­lock phones. In­stead of typ­ing in the four­digit pass­code each time, you can tap your fin­ger on the home but­ton.

Ap­ple now al­lows other app de­velop- ers to use that fin­ger­print ID, too. So you can un­lock bank­ing apps with just a tap of your fin­ger. In its up­com­ing An­droid up­date, called M, Google is also promis­ing to make it eas­ier for app mak­ers to in­cor­po­rate fin­ger­print ID. And Mi­crosoft plans sup­port for bio­met­rics — such as a fin­ger­print or iris scan — in the up­com­ing Win­dows 10 sys­tem.

Dou­ble Se­cu­rity

Ma­jor ser­vices in­clud­ing Ap­ple, Google, Face­book, Mi­crosoft and Drop­box of­fer a sec­ond layer of au­then­ti­ca­tion, typ­i­cally in the form of a nu­meric code sent as a text mes­sage. Af­ter you en­ter your reg­u­lar pass­word, you type in the code you re­ceive on your phone to ver­ify that it’s re­ally you. A hacker wouldn’t have ac­cess to your phone.

You need to go into the ac­count set­tings to turn it on this fea­ture, which goes by such names as two-fac­tor au­then­ti­ca­tion or two-step ver­i­fi­ca­tion.

It’s a has­sle, but it keeps your ac­counts safer. Just as­sume that your pass­word will get com­pro­mised at some point. This ex­tra layer will keep the hacker from do­ing any­thing with it.

Even Safer...

When given a choice, sign in with your mo­bile num­ber rather than your email ad­dress. It’s much eas­ier to hack into an email ac­count to re­set pass­words. Of course, you’ll have to trust the ser­vice not to use your mo­bile num­ber for mar­ket­ing. In many cases, I still use my email — with the two-step ver­i­fi­ca­tion.

Also be care­ful when cre­at­ing se­cu­rity ques­tions to re­set pass­words. Your dog’s name? Your first school? These are things some­one might find on your so­cial-media page or else­where online. I make up an­swers and make them as strong as my reg­u­lar pass­words.

I won’t re­peat my tips on cre­at­ing strong pass­words, but you can find them here: http:// bigstory. ap. org/ ar­ti­cle/ 7- wayscre­ate-bet­ter-stronger-pass­words

Newspapers in English

Newspapers from Taiwan

© PressReader. All rights reserved.