Update all your passwords and try long 'pass phrases'

This article was originally published in the Honolulu Star-Advertiser on April 22, 2014

With the recent Heartbleed vulnerability blowing up in the news, it's a good time to remind everyone that good passwords, and good password hygiene, are critical for the long-term protection of you and your online accounts. Site operators have a huge role to play in keeping their systems secure from hackers, but if you use weak passwords or don't change them often, you can weaken the site's security.

Here are some key tips for making sure you are doing your part in keeping your accounts secure:

» Use whole phrases, not single words, to create a password that is hard to crack but easy to remember: Too many of us use a single word, with perhaps a number at the end, as our passwords. I prefer the concept of "pass phrases," meaning you use an entire sentence for your password. Most sites now support the use of long sentences for passwords, including spaces and other special characters. For example, your password on your Yahoo email account could be "My 1st really long Yahoo password!"

» Don't reuse passwords on multiple sites: Many industries, such as banks, go to great lengths to protect your online accounts. But if you use the same credentials on a social media site (for instance), a breach of that site gives the hacker the codes to get into your bank account, as well. In the pass phrase example above, you can see how it's easy to create easy-to-remember passwords that also vary from one site to another.

» Enable two-factor authentication (2fa) on sites that offer it. All of the major email providers and many other sites (like Facebook) offer a two-factor mechanism for accessing your online accounts. This generally means that the first time you log into the site with your username and password, from a new computer, the system will send you a text message to your registered phone to verify that you authorize that computer to access your account. Because a hacker will not have your phone, they will not be able to see the code the system sends you to verify the login. It's not foolproof, but it definitely raises the bar for hackers. To see a frequently updated list of sites that support two-factor authentication (and some big ones that don't), point your browser to twofactorauth.org. For smaller providers, you may have to contact them directly to ask.

» Change your passwords frequently: I recommend password changes at least on an annual basis, but really quarterly would be ideal, especially on sites that do not offer two-factor authentication. With most Internet users having dozens of online accounts, this can be a laborious proposition. That's why my final tip is critical:

» Use a password manager: Password managers, like LastPass, 1Password and KeePass, are your best friend. They remember your passwords so you don't have to. They can hook into your browser and create truly unique passwords for you when you create online accounts. And because you don't have to remember them, the passwords they create can be infinitely complex and nigh impossible to crack.

With these simple tips, you can improve the security of your online accounts and reduce the impact of security flaws like Heartbleed to your online life.

Copyright (c) Honolulu Star-Advertiser