Do you know anyone who’s had their credit card number stolen? Or, maybe you’ve had yours stolen.
It happens all the time, and there’s a two-headed monster to blame – the businesses who can’t seem to keep us safe, and the hackers who get smarter and stealthier every day.
The problem is so bad, 47% of all Americans have had their personal data exposed this year alone! A scammy waiter might be to blame, or a rigged ATM, or a guy in his mom’s basement. The possibilities are endless.
It’s 2015, ladies and gentlemen. Isn’t it a fantastic time to be alive?
And credit cards aren’t the only thing being hacked – your online passwords are also at risk. In fact, a whopping 90% of passwords are vulnerable to hacking. So, even if you think you’re safe…surprise! You’re not.
The only want to defeat this monster is to tackle it head on. Here are 14 tips you can do right now to make your passwords (and yourself) more secure…including 3 that you should do in the next 30 minutes.
(Don’t be intimidated by this list. It might seem like a lot of effort to combat some mysterious, invisible, evil hacker…but trust us, it’s WAY more effort to clean up your life after your accounts have been compromised. Do a little bit of work now, and it will save you from disaster in the future.)
Expert Advice to Keep Your Passwords Safe
- DO THIS NOW: Lock your computer with a password. This might sound crazy, but there are still folks in this day and age who don’t protect their their desktop or laptop accounts. If you’re one of these people, stop everything and set a password right now. Here’s how to do it for Mac and PC. You should do this whether your computer is for work or personal use, or both. If it gets stolen or lost, everything on there is accessible. Don’t let it happen!
- DO THIS NOW: set a password for your wireless router. If you’re still using the factory set password, change it. If you haven’t changed it in a year or two, change it. If you don’t have a wireless router, wow, how are you even reading this?
- DO THIS NOW: Is your password taped to the screen of your computer? Take it down right now, rip it up, burn it, throw it out, get rid of it forever. Tape up a photo of your kids, or your favorite motivational quote, but please, oh please, not your password.
- Use a passphrase instead of a password, especially if you need something that’s easy to remember, or if you’re typing it in by hand. Take a look at the comic below (hat tip to www.xkcd.com) to understand why. For an easy to remember, but hard to hack passphrase, use http://correcthorsebatterystaple.net/
- Passphrases are great if you need to remember your password, but are not as secure as a really long, crazy password. If you use a password manager (see #11), or you do a lot of copy/pasting or auto-completing, your password should look crazy, like this: T!11xgVRqn5h;QVG,#wZMtn?!3St0SJ- (That’s 188 bits of entropy.)Need something even more secure? How’s this: PovAd*A6`dDA/MULV0At^@BIf-6xKt1;8qBAdYvX$EpzvroIQ-j2tEym-=MmrKO=
That’s 296 bits of entropy, baby!
- Play around with a website like https://howsecureismypassword.net/ to see how strong or weak certain passwords are. We don’t recommend putting your actual passwords in here, or anywhere, for that matter. But it’s fun to come up with random combinations of letters, numbers and symbols to get a sense of what’s secure and what isn’t.
- Whatever you do, don’t use anything remotely resembling the 25 most-used passwords. If you use “12345” or “password” or “qwerty,” consider yourself 100% likely to get hacked. In fact, someone’s probably hacking you right now. (It’s not us, we swear!)
- Never use anything personal to you, like your name, kid’s name, your dog’s name, your birthday, your zip code, your zodiac sign, your phone number, your social security number, your favorite ice cream flavor, your favorite Taylor Swift song, etc.
- Seriously, we can’t say it enough – be careful what words you choose. Human beings are really bad at choosing passwords, because we tend to rely on a small number of sample worlds – only about 2,000. In fact, Germany’s Enigma code from World War II was cracked because of common words were encoded in their messages – specifically the morning weather report.
- Don’t keep your passwords in a spreadsheet, Word document, or in your email. And don’t keep them in a file labeled “Passwords.” You’re practically begging someone to find them.
- Instead, keep track of your bazillion passwords with a secure password manager like 1Password. All you need to remember is one master password, and 1Password remembers the rest. Other options include Dashlane, Roboform, PasswordBox and KeePass. It’s important to note that even though these are secure solutions, anything and everything has the potential to get hacked. Nothing is 100% secure. But these options are 99% safer than trying to remember your passwords in your head, storing them somewhere in your phone or computer…or telling them to your dentist.
- Use two factor authentication whenever it’s available. This means you have to have two things in order to log in, like your password and a pincode, or your fingerprint and an iris scan (like in every spy movie ever). Platforms like Twitter will text you a random number that you have to enter along with your password. A hacker would have to have access to both your password AND your cell phone to get into your Twitter account, which keeps you extra protected. Unless the hacker is also your roommate, in which case…watch out.
- Don’t share your passwords with anyone! If you run a business where shared passwords are a necessity, make sure you keep track of who knows what, and be ready to change all of your passwords at a moment’s notice if someone is fired or leaves the company. Assume that if more than one person knows a password, EVERYONE knows it. Better safe than sorry.
- There’s some controversy about whether it’s worth it to change your passwords frequently. Our stance is that you should change your passwords every so often, unless your security is compromised in any way…then, change everything immediately. But you definitely don’t need to change it up every week or month, unless you want to go crazy.
Now that you know how to keep yourself safe, it’s time to keep your students and customers are safe, too.
As a course instructor, it’s up to you to make sure they have a secure experience when they’re using your product. The last thing you want is for their passwords to get hacked, their identity to get stolen, or some other horrible thing to happen…that gets traced back to you.
Keep Your Students Safe in Four Easy Steps
- Don’t use a membership site with bad password etiquette! You know when you forget a password, and you click the link that says “forgot your password?” Some sites email you your forgotten password. That’s a big, big problem. That means your password is sitting in a database somewhere, exposed, and now it’s sitting in your inbox, exposed again. If your membership site does this, your students’ data is at risk. Some WordPress plugins and sites like iMember360 do this. Not cool, guys! If you aren’t sure how your site’s password reset works, log in as a test student, “forget” your password, and see what happens.
- We recommend you use a membership site or course delivery platform with a smart password reset system. When your students click “forgot your password?” they should get a reset link in their email instead of their old password. That way, they can create a new, secure password that only they know. Summit Evergreen is proud to have this feature. “Summit Evergreen: Keeping Your Passwords Safe Since…Forever™.”
- Next, tell your students how to create a strong password. Send them a link to this article, or copy and paste the 17 tips above into your students’ welcome email. Go ahead and steal this info and share it – we don’t mind! That’s what it’s here for.
- Put your students’ security at the top of your to-do list every day, right after “snooze button” and “coffee.” Stay on top of the news so you know when big security breaches happen, and you can reassure your students that their data is safe. Stay on the cutting edge of Internet safety, and put new plans into action as the security landscape changes. Check in with your students every now and then to let them know that you take their privacy seriously. And read the Summit Evergreen blog from time to time for great advice on the topic. (Like this!)
One more thing.
We know password security is a pain in the butt. You know you should do it…but are you really going to? C’mon, be honest. You’re probably imagining a hundred and one ways to avoid this right now. “Update passwords” is about as fun as “get teeth pulled.”
But you really, really, really should take care of it sooner rather than later.
Think of this like a cancer screening. No one wants to do it, but you’ll feel so much better if you do. If there’s something wrong, at least you caught it early. And if there’s nothing wrong, at least you know you’re safe.
The last thing you want is to clean up the mess of a hacked Facebook account, a stolen credit card number, or even (eek!) a stolen identity. So bite the bullet, and schedule yourself an hour or two in the next week to get yourself on track.
And while you’re at it, why don’t you delete all of that embarrassing stuff in your browser history?
(Yeah, you know what we’re talking about.)
Keep your stuff safe. Trust us…it’s worth it 🙂