September 23, 2020

Privacy: Why we ignore Password Best Practices

Nowadays, passwords are an easy target for hackers. There’s a precise collision between what are the best practices of password management and reality. If we count all the services where we have information, we have a massive chunk of our life, some of it very private, online protected by a simple combination of username and password. Think bank information, health, location, and legal information, to name a few.

 

Theory VS Practice

The contradiction is that we have:

  1. Hundreds of services/apps/ accounts created each demanding a username/email and password
  2. Lack of imagination coming up with passwords
  3. Access the internet where we can find it (Starbucks for example)
  4. Freely share passwords with our co-workers/spouses for the sake of simplicity
  5. Write down passwords because they may be too hard to remember.

 

What are the password best practices:

  1. Make them unique per service
  2. Enable 2-factor authentication
  3. Don’t log in to websites from public computers since they may be compromised
  4. Use a VPN in untrusted internet connection
  5. Don’t share any information with anyone or write it down

 

Why we don’t follow the password best practices

It’s hard to keep track of all these passwords and follow all the security rules. People think that they need to remember passwords for all those services, so that’s why they keep the same everywhere. I was guilty of this in the past, and it’s hard to search for solutions.

Another dangerous habit that people have is to use public wi-fi like Starbucks, for example. It’s fantastic to have free internet, but don’t forget that your information goes wirelessly to the router so other people in the room can catch it. And if you’re not using proper security measures, then your data can be stolen.

 

What can we do?

The software came a long way, and there are cheap and easy to use services that you can use to protect yourself. I’ll mention two types that can go a long way in protecting you against attacks and keep up with the recommended best practices from experts:

  1. VPN
  2. Password Managers

 

VPN

VPNs are services that create a secure connection to a server where your data can flow safely. Since the data is protected right on your computer, even if you’re in a public wi-fi, the data will look like gibberish since it’s protected. There are a lot, but I recommend NordVPN. It’s the one I use, and it’s straightforward to use and not that expensive. You can find a detailed review of other alternatives here.

 

Password Managers

Password Managers keep all passwords safe in a “vault.” When you create a new account, the password manager, proposed a randomly generated password for that service and, when you reaccess the service, the password manager inputs the password automatically. It has the advantage of keeping your passwords unique and filling them automatically for you, so no need to write them. You can store other types of information like credit card information, recovery data, and additional sensitive information that you want to keep protected. For this I recommend 1password. I’ve been using it for a while, and it has the added value of saving, not only my passwords but also my two-factor authentication tokens. You can find a detailed review of other alternatives here.

 

Final Thoughts

These are just two quick steps that you can take to be more secure online. Both applications proposed are used by my daily, both incredibly simple to use and look good, so you can try them and see if you can get used to them. It will go a long way in getting you safe online and keep all information secure.

 

Have a suggestion of your own or disagree with something I said? Leave a comment or interact on Twitter and be sure to check out other privacy-related articles here.

Featured Image by CMDR Shane on Unsplash

Manuel Gomes

I'm a Project Manager with experience in large projects and companies. I've worked in the past for companies like Bayer, Sybase (now SAP) and I'm currently working for Pestana Hotel Group.

View all posts by Manuel Gomes →

Leave a Reply

%d bloggers like this: