How to Get Your Passwords in Order, and Keep It That Way [Part 1 of 5]

We’re doing something a little different this time around. Normally, we try to keep the focus on business technology, but this article is geared towards the typical low-tech home user.

These days, nearly all human beings are wrapped up in a little technology, and there isn’t a huge divide between protecting yourself as an employee at a company versus protecting yourself as an individual—at least as far as cybersecurity habits go. Even if you feel like you are pretty low-tech, you still have to worry about protecting your identity, financial information, and personally identifiable information online.

We encourage you to share this article around with everyone you can, from students to those enjoying their retirement. We all have family or friends who have a loose ream of paper they scrawl their passwords onto, or might even have worse habits that they think are perfectly healthy that are putting them at risk. This article might help them reduce the risk of expensive, frustrating problems.

If you were sent this article, hello! There is someone who cares about your safety online and wants to try to make your digital life a little easier. We hope you find this guide useful, and we’d love to get feedback from you if you have any!

Why Strong Passwords and Strong Cybersecurity are Important

We promise, this will be the only section of the guide where we get preachy.

Protecting your personal information is extremely important. It doesn’t matter how little or how much you use a computer, tablet, or smartphone; if you use the Internet at all, you need to protect yourself.

We’re not using this guide to sell you anything (although we will mention tools and services that have paid tiers). Our goal for this guide is to spread awareness and help people in and around our community build stronger defenses against the growing number of online threats.

We talk a lot about cybersecurity throughout the rest of our blog; if you find this guide helpful, you can certainly check out more articles.

Why does all of this matter?

The Internet was built to be a network of ideas, information, and commerce. Over the last several decades, individuals, organizations, and businesses have come up with a lot of really amazing ways to make the Internet more useful, more profitable, and more critical to our daily lives. Things that used to be reserved for only some of the most technologically-abled users are now normal things that the average person doesn’t think about.

For instance, storing photos on the Internet.

Back in the early days, before social media and other services existed to let you upload thousands of family photos to store and share, it was relatively complex to roll out hosting and display images for others to see. Today, it’s likely your smartphone is simply doing that for you without you even realizing it. If you use Apple’s iCloud service or Google’s Photos, there’s a chance that photos you take with your smartphone simply get backed up to an online account. In some cases, it’s the default setting on your device. Every picture you take gets uploaded to the cloud. It’s hidden behind a login that you control, but still—that’s a big paradigm shift over the last few decades that we all just need to understand.

If you shook your head while reading the above paragraph and said, “Well, I don’t use those services,” you might want to double-check, because iCloud is built into every iPhone and Google Photos is preinstalled on most Android devices.

It’s not just photos, either. 

Most businesses that you work with store information online. Your dentist might allow you to log in to see your dental history or pay your invoices, your trash collector has an account for you to make payments, and your Amazon account knows what types of products you look at, as well as the music and movies you like to watch.

We’re oversimplifying it, but the modern world runs on information, and that information is valuable, especially in bulk. 

Let’s use Netflix as an example. What does Netflix know about you?

They likely have your name and contact information, your credit card information, your email address, as well as the types of devices you use Netflix on. They also keep track of the movies and shows you watch so they can better serve you and make decisions about how to adjust their services.

It’s easy to dismiss this as the cost of doing business. Sure, Netflix needs to know who I am to bill me, and obviously they can track the shows I watch. 

But what if someone else were to get that information?

Well, your contact information is one thing. If the wrong entities get hold of that, you could start getting a lot more spam. They know you are a Netflix user, so they could pretend to be Netflix or pretend to be affiliated with Netflix to try to trick you into something. It’s pretty easy to look through the list of devices that someone watches Netflix on to determine their tax bracket, and look at the content they watch to determine their gender, cultural values, marital status, and even get an idea of when they are home or not. On top of that, there’s credit card information!

That’s a lot of information, and that’s just Netflix! Email providers, cellphone carriers, Internet service providers, banks, and social media sites store even more information about you.

You aren’t going to change this paradigm. You are a part of this digitized future, and it’s important that you acknowledge it and follow the steps in this guide to protect your information.

What’s the Big Deal? Why Would Someone Want MY Data?

This is a pretty common question. In fact, almost every single time we help someone who has been targeted by cybercriminals, this question comes up.

It’s rarely personal. It’s rarely because you were some kind of target that stood out.

Cybercriminals don’t care about you as an individual; it’s a numbers game. It’s like any sort of marketing or advertising campaign—they target thousands or millions of people with the expectation that they will get a certain return on their efforts.

If a criminal were to create malware that infects one million PCs, with the purpose of stealing bank account information, they might know that it would only steal bank account information for a small percentage of those users. If they instead try to infect 100 million PCs, there’s a better chance they will steal more bank account information.

But they don’t even need bank account information to consider the heist a success.

Remember our Netflix example above? If they were to break into Netflix’s network and steal that information from a million accounts, each one of those accounts would be worth a little money on the black market. This happens all the time, as big organizations suffer from data breaches and all of that information gets dumped on the dark web for other criminals to peruse, steal, and sell. 

Maybe Netflix data isn’t the gold mine, but cybercriminals do know that most users have one particularly bad habit that makes them especially vulnerable…

Some of those passwords stolen from Netflix are likely going to work on other accounts for that user, because most people are notoriously bad at using unique passwords between accounts.

For a large percentage of users, if I have your Netflix password (or some other password from a different account), I can likely get into your email, bank, or some other much more valuable account.

These big organizations get breached all the time, and often take months before they even realize it or tell their subscribers about it. 

Want to see how many times your email address has been found in massive data breaches? There’s a great site for checking: https://haveibeenpwned.com/

Fortunately, what we go over today throughout the rest of this guide is going to protect you from this. Thanks for listening to us so far—cybersecurity is something we are passionate about and we just want to help you understand why it’s so important. Let’s get on to the guide so you can protect yourself online!

How to Get Your Passwords In Order, Once and For All

In this guide, we’re going to cover several steps in order to gain control over your passwords. We’re going to discuss a few ways to make strong passwords that are easier to remember, but ultimately, you are going to rely on a secure password manager to remember most of your passwords for you.

This process is going to take you time, but once it’s done, it takes very little effort to maintain.

We’re going to start with making strong passwords, but there is going to be a little housekeeping for you to do as well—but let’s start with the very basics.

Here are the steps we’re going to take:

1. Create a few strong master passwords
2. Choose a primary email for your accounts
3. Secure that email with a new, strong password
4. Choose a Multi-factor authentication app
5. Set up Multi-factor authentication on your primary email
6. Select and set up a password manager
7. Update every account, secure it, and log it in the password manager
8. Delete old passwords stored in your browser (or in word documents, spreadsheets, sticky notes, or anywhere else)
9. Maintain the course!

Step One: How to Make a Strong Password

A strong password includes the following: capital letters, lowercase letters, numbers, and symbols. 

The length of the password is also important, as shorter passwords are easier for hackers to crack. With the right tools, a criminal can crack an 8-character password in just a few minutes. A good goal is 16-24 characters (although some sites or accounts might limit you to 12-16 characters, so always try to use the maximum possible).

You might say, “Wow, that’s a long password,” and you are absolutely right! It’s hard to memorize and recite a complex password like that, but the good news is that you’ll only need to memorize one or two of them (we’ll get there in a moment).

Ultimately, we are building a master password, and you’ll need to recall this password in order to bring up all of your other passwords.

The easiest way to make a password that is both easy to remember and secure is to use passphrases. A passphrase is a string of random words that wouldn’t normally go together, and don’t really have anything to do with you personally. Avoid pet names, family members, phone numbers, zipcodes, birthdates, and other personally identifiable information.

Here’s an example:

Hawkeye Doctor Osterich Hotdog Hershey

These five words contain 34 characters if we string them together. If we adjust the capitalization to make it a little more complex, add a few numbers and symbols, we get an extremely secure password that is relatively easy to memorize:

Hawk3y3!DOCTOROsterichH@TD@GH3rsh3y

Obviously you can’t use this one, as it’s posted on the Internet, which immediately makes it easy for criminals to crack.

If you aren’t feeling particularly creative, you can use this random word generator to spit out some ideas for you.

Be Sure to Check Out The Rest of the Posts in This Series

This is a five-part guide! Head on back to our blog to see the rest of these articles (we’ll be posting each one every other weekday). You can also click on #Password Guide below to see all of the parts that are currently published.