I’ve talked about online security in the past, and thought that, following recent headlines, I’d do a follow up.
It seems that, on the whole, we’re not learning lessons and we are exposed in ways we simply can’t imagine. It seems to be a case of ‘it won’t happen to me’ attitude.
It’s strange, because you look after your house keys and the keys to your car/bike/van etc. You’ll lock belongings away safely; but it appears that, generally, we’re care-free when it comes to passwords.
National Cyber Security Centre
A recent study by the UK National Cyber Security Centre found that the most common password found on accounts that had been breached was 123456.
It was found 23 million times. Second most popular was 123456789, then “qwerty”, “password” and 11111111.
The NCSC study also asked people about their security habits and fears.
It found that 42% expected to lose money to online fraud and only 15% said they felt confident that they knew enough to protect themselves online.
It found that less than half of those questioned used a separate, hard-to-guess password for their main email account.
This last point is very worrying as your email is the one place a hacker could get access to everything! They could use it to find out all about you, then target scams specifically at you.
Take this real life example where a scammer convinced someone to part with thousands of pounds.
Because they had the password to the users email account, they discovered they're in touch with a builder about some work.
The scammer then emails you, pretending to be the builder, asking for money.
You pay. That’s it.
The banks take the stance, currently, that because you authorised the transaction; known as an Authorised Push Payment, then you’re liable and they don’t have to refund you.
It’s harsh, and steps are being taken to address this; but through taking care with your online security reduces the risk of this happening. The onus must be on us to take care with our money.
Another issue is that, apart from being easy to crack, it’s a fair bet that these password are being used for multiple accounts. So, if one of your accounts had been compromised, then the hacker can just use your username and password against other sites to see if they get a hit!
How?
So. How can you protect yourself online?
The first step is to use a different password for each online account you have.
This might seem onerous, but your online life is on the line and you need to protect it.
This will reduce the impact of a hacker accessing your accounts. Where possible, use different usernames too. You need to make it as hard as possible for the fraudster to get access to your information.
Password Strength
Using a different password is good. But, if it’s easy to guess; like a surname, maiden name, dogs name etc; then this will be easily found out by the fraudster and… BINGO!!
The passwords need to be hard to guess and there are a couple of ways to do this.
The simplest method is to come up with a phrase and create a password using the first letter of each word.
So, you might use the phrase “My favourite place in the world is at home with my family”. Your password would then be ‘MFPITWIAHWMF’
That’s a great password. Now, mix it up with some upper and lower cases. You could replace certain letters with numbers; for example replace the ‘I’ with a ‘1’ and replace the ‘A’ with a ‘4’.
Now you have ‘MFP1TW14HWMF’ (or ‘Mfp1tw14HwmF’) Maybe you can introduce some special characters - ‘Mfp1tw1&HwmF’.
You still need to create separate passwords for all your accounts, but if you make them memorable, then the difficulty in remembering them is reduced.
This is quite difficult to articulate on a podcast, so don’t forget to read the transcribe on my blog; details in the show notes.
However, you probably have lots of online accounts. There’s all your online shopping accounts. Financial accounts. Your email account (or accounts). Your Netflix or other streaming service login. Your social media accounts too.
I’ve checked, and I have 286 different accounts. Not all of them are used regularly; but they are all accounts stored somewhere online.
Of these, only 6 of them have the same password. I really should take a look at those!!
How do I do it?
I use a password manager, called LastPass. There are others on the market, such as Dashlane and 1Password; but I’ve been using LastPass for years and have been very happy with them.
LastPass is cross-platform, so I can use it on my MacBook, iPhone, or anywhere else I access the web.
When you create an account, you set up an access password - this should be a hard-to-guess password, as it’s the only one you’ll need in the future. It’s so important (and secure, not even the guys at LastPass can retrieve it) that if you lose it, then you’ll lose access to all your passwords.
The next time you log in to one of your online account, LastPass will ask you if you want to store this in your vault. If you say ‘Yes’, the username and password will be stored securely.
The next you go to the login page, LastPass will recognise the site, and will prompt you to select the details from the vault. Simply select the details, click login and you’re done.
Now, you’re going to set up a brand new account and you reach the field that says ‘Enter password’. Instead of using your usual string of letters, you can now ask LastPass to generate the password for you. I’m not going to talk through all the steps, but at the end, your new account will be stored in the vault, and all is safe.
LastPass also gives you the space to store images; so you can create Secure Notes, with passport information, driving licence information etc, and store images of your current documents. All safe.
In an emergency, (if your passport has been stolen) you can access these easily, wherever you are.
LastPass also gives you the space to store images; so you can create Secure Notes, with passport information, driving licence information etc, and store images of your current documents. All safe.
In an emergency, (if your passport has been stolen) you can access these easily, wherever you are.
Another great feature of LastPass is the ability to store credit and debit card information; along with your address details. The next time you shop online and need to get your card (which is in your wallet, in the kitchen, and you really can’t be bothered to get up) then use the Form Fill functionality to retrieve the necessary information and your purchase is complete. You can set additional security against these; so that you have to enter your LastPass password to access them - adding an extra layer of protection.
Housekeeping is a breeze and you can take regular Security Challenge to test your password strength. You will be told how old your passwords are, and in some cases, LastPass will automatically update them (for certain sites) with just one click. It’s a real timesaver.
It’s definitely worth looking into, and there’s a link in the programme notes to get you started.
I have literally scratched the surface of password security, and it will take a little effort to get your house in order. But, it must be worth it, to know your information is secure and away from the prying eyes of the fraudsters.
Two Factor Authentication
There is one further level you can go to secure your passwords; and that is 2FA - 2 Factor Authentication.
This is being offered by more sites now, and means that access to your accounts are only available when you have the password and a physical entity at the time of logging in. Your mobile phone is probably the key here; although it could be a token too.
When you log in, you’ll use LastPass as usual to pre-populate and send your login details, then you’ll be asked to enter another piece of identification, generated on a device you physically have with you. This way; even if the hackers get your detail, they cannot access your account.
You still need to be vigilant. Password managers won’t save you from accessing ‘dodgy’ sites and entering your information.
Try Before You Buy
As I mentioned, this is a subject close to my heart. It seems the simplest thing to do; but it’s amazing the number of people who, at the very least, don’t use separate passwords.
Click here to try LastPass free for 30 days, and after that it’s approximately £30 per year. I think that’s very reasonable for peace of mind. You can even take advantage of their family plan, for up to 6 people, for about £36 per year. True value.
Don’t become a statistic. Don’t be one of the 15% who aren’t confident in online security.
Take the first step and see how LastPass can help you.
Thank You
I hope you’ve found this episode interesting.
If you have any questions about online security or anything else, then please get in touch via Twitter @prodmatters
Don’t forget to follow me where you normally listen to your podcasts.
Thank you very much for listening and until next time, remember, Productivity Matters.
Equipment I use to make my podcasts:
Blue Yeti Microphone - https://amzn.to/2R2am1N
Pop Filter - https://amzn.to/2OVMbQP
Professional Microphone Boom Arm - https://amzn.to/2P4EIio
Try LastPass free for 30 days - LastPass
If you purchase from these links then I may receive a commission. This does not affect the price you will pay. Thank you.
Try LastPass free for 30 days - LastPass
If you purchase from these links then I may receive a commission. This does not affect the price you will pay. Thank you.
