Just think of all the critical passwords and change them now. It takes 15 minutes to do so. But it is absolutely worth it. All of us are very lazy about protecting our passwords and hackers are extremely talented and smart.
The combination is a guaranteed disaster.
50% of IT security breaches happen in-house. Remember that!
Security is not convenient. It is a bitter pill we have to swallow so that we can PREVENT the disease!
Remember… Safety = Efficiency
There is nothing like 100% security.
Use these guidelines as a starting point and refine them as required.
Use Two Factor Authentication whenever possible
Go to all sites where you have created logins. Check if they have Two Factor Authentication. If yes – configure it. That is an absolute must.
PC Tools: PC Tools Password Generator by Symantec
Random.org: http://www.random.org/passwords/?mode=advanced creates multiple passwords. But the connection is not encrypted.
Check out mobile apps from these vendors as well.
Automatically generated passwords are impossible to remember. So you need a password manager. The top password managers at the time of writing this article are reviewed in these articles. Have a look and decide for yourself. Most premium versions are paid. But it is absolutely worth! DO NOT cut corners on security.
Simple truth about security questions
Answers to common security questions can be answered easily by people who know you or those who can dig some information about you. So here is the best practice.
Never provide right answers for security questions!
Yes, I mean it. For example, if the security question is – mother’s maiden name – DO NOT provide the real name. Provide a fictitious name. Of course you have to remember all these answers. But so is the case for passwords.
Remember that these security questions are for added security – it is not a lie detector test!
Social networks are dangerous
You can safely lie there. Unless it is a statutory requirement – for example while opening a bank account or while applying for your passport, DO NOT provide correct information about your birthdate, address, city, phone number etc. Yes, you should have the email id correct because that is often used for support and password recovery.
Things like ad-hoc registrations for low priority, non-statutory sites DO NOT require the truth. They don’t need to know. Social networking sites, movie booking sites, restaurant / hotel review sites, etc. do not really want to check your real identity. They just want their mandatory fields to be filled.
The world has reached a stage where you have to lie to protect your identity. Of course you have to take a call. I am just suggesting this as a security measure. I am not encouraging treason. While doing so, check that you are not violating any legal agreements which we often blindly accept!
What if IT restrictions do not allow you to use any tools on the work PC?
All the above methods will be useless if you don’t have administrator access. This is something which almost no user will be allowed to do in a controlled, corporate IT environment.
So here is a workaround. It is not the best option, but it is still an option.
Create a Word Document. Encrypt it twice.
Here is how…
- Actually, any Office tool will do. Word, Excel, PowerPoint etc.
- I prefer Word because you have more control over navigation in it when you are trying to find your passwords.
- Create a Word document
- For every new password – type the title and apply Heading 1 style
(Home tab – Styles – Heading 1)
- Why use styles? Because you can use Document Map (Navigation Pane) – in the View tab to quickly move to the desired location.
- In addition, if you have similar search condition, the Find function allows you to see multiple locations in the file easily. (Excel and PowerPoint don’t do a good job here)
- As soon as you put any password in this file, choose File – Info – Protect Document – Encrypt with Password
- This time you must really create a long and complex password. It is like the master password used by the professional password manager tools
- It must be at least 12 characters long with no repetitions, must have alphabets as well as numbers and two special characters. You can use some special tools (like those mentioned above) to generate this one.
- Now save the Word document with this long, complex password
- To add one more layer of security, ZIP the document using a free compression tool like 7-zip which allows you to put a password for the zip file as well. Again create a complex password and use it for protecting the zip.
- Delete the original Word file. Only keep the zip. If required you can also put it up on various places like your cloud storage (OneDrive, SharePoint, Google Drive, DropBox, etc.)
- Whenever you need a password, unzip the file using the password, then open the Word file – using the password, search for the password and after you finish, delete the Word file and retain the zip.
- Whenever you need to remember a new password – use similar process. Unzip the zip file. Open the Word file, add a new password with Heading 1. Close Word. Refresh the zip file. Delete the Word file and update all your cloud storages with the updated one.
I know this is too cumbersome and tedious… but unfortunately, security and convenience don’t go hand in hand!
Don’t just live with it. Thrive with it!