A malicious hacker gaining access to any of your important accounts can be a nightmare. Banking and financial accounts are the obvious ones, but even something small like spam sent from your hacked email account can be embarrassing in its own.
This is your quick handbook to completely protecting your passwords from hackers in 2015 — follow all four of these guidelines and you will be safe to everything aside from a company’s database being hacked. And we’ll even give you ways to minimize damage when that happens. Read on!
How to stay protected from password hackers
Method #1: Use random generators
Hackers start by trying every word in the dictionary to get into your account. One common password is dinosaur.
Everyone knows passwords should be more complicated than this, and some websites don’t let you use dictionary words in the first place. If you’re using a password like dinosaur, you need to change it immediately. (Looking at you, 8-year-old Jimmy who just got his first iPad for Christmas.)
To get around common words, some users will try to add numbers or symbols to a word and make the password unique.
Dinosaur would become…
And this is where most people stop.
The problem is that in 2015, password cracking software has come a long way, and every variation of every dictionary word — plus numbers, plus symbols, plus extra letters, plus whatever you can think of — will automatically be tried by someone trying to access your account.
The only way to guarantee someone won’t accidentally brute-force your password is by using a random password generator and making each password 16+ characters in length.
But that alone that isn’t enough…
Method #2: Never download sketchy files
A keylogger is a program that records every keystroke and copy/paste command you make.
Hackers will often try to get keyloggers installed on your computer so that when you log into sensitive accounts, the keylogger will record the URL, your username, and your password. The hacker can then use the information as he pleases, either selling it or logging into the account himself.
Keyloggers usually come in the form of .exe files, so if you go to download something that isn’t a program and a .exe file starts downloading, do not open the file. (All you have to do is open it and the keylogger will start running in the background right away.)
Other uncommon file formats can also carry keyloggers, and something as simple as a protected PDF can, too. The best route to take is downloading only software you know can be trusted. Always look at the URL bar, and if you’re doing something illicit — maybe getting a .pdf of a textbook — always make sure you trust the source.
Method #3: Use a unique password for every website
You would think that popular websites would take the necessary password security precautions, right?
Unfortunately, many don’t. In 2014, Home Depot, UPS, and even Goodwill all reported data breaches where debit and credit cards were leaked, along with passwords, personal identifying information and more.
You can’t do anything to prevent against a hack like this, aside from being cautious with who you give your sensitive information to. But you can control the damage. Always be sure to use a different password for every site you use, so even if a site gets compromised and the hacker tries your email and password combination on similar sites, you aren’t compromised.
Method #4: Use random security question answers
The above tips deal mostly with large-scale hacking where you’re caught in the fray. But often times, our “hackers” are those close to us who just want to get access to our accounts. In a fun way, this could be a friend trying to get on your Facebook. In a serious way, this could be someone overhearing you bragging about a business deal at a party and trying to get into your online banking.
Here’s how they do it: If you say you’re an owner of an account and claim to have lost your password, you will be asked to check your email. But if you say you can’t check your email, either, you’ll be asked your security questions, and if you get the questions right, you’ll get immediate access to your account.
See where this is going? Others can claim to be you, say the password is lost and the email can’t be accessed, then get a direct line to your account if the answers to your security questions are obvious.
Don’t take any risks — use random strings of letters and numbers for passwords and your security questions to make sure you’re fully protected.
Password managers can help you keep track of everything
Short of keeping your extremely complicated passwords written on a piece of paper, your most secure (and convenient) way of staying protected is with a password manager on your web browser. Many will allow you to create 16-digit passwords right from the interface, and all of them offer the “Save Password” feature when you visit websites.
Some will argue password managers are insecure. We disagree. The reliable ones won’t store anything themselves — they just give you the capability to store passwords in a secure, convenient way on your machine.
LastPass is our favorite password manager, though there are others out there.
- Free. All the functions of a paid password manager without the cost.
- Reliable. Tens of millions of users.
- Every browser. Even the obscure ones like Opera.
- Every device. Laptops, tablets, phones. Again, even the obscure ones.
- Perfect UI. When you are managing your passwords, it’s easy.
Conclusion: How to Protect Your Password in 2015
- Stop thinking you’re smarter than the hackers’ software — you’re not
- Instead, use a different random 16-digit password for every site
- Keep your machine secure by staying away from sketchy downloads
- Randomize your security questions like you do your passwords
Hackers are smart — but you can outsmart them. Follow every guideline above and you’re doing everything you can to stay protected. Good luck and stay safe!