Tech Made Simple

Hot Topics: Holiday Gift Ideas | How to Fix Bluetooth Pairing Problems | How to Block Spam Calls | Snapchat Symbol Meaning

We may earn commissions when you buy from links on our site. Why you can trust us.

author photo

How to Minimize Your Risk of Password Theft

by Suzanne Kantra on January 06, 2014

stealing a passwordWhen it came to protecting your private information, security professionals used to focus on the complexity of your password. Make a password harder to guess and for hacking programs to break, and you would be safe.

That advice is still valid. But with the massive security breaches at tech companies like Adobe and LinkedIn exposing hundreds of millions of user names and passwords (and who knows how many breaches we haven't even heard about), simply creating a complex password isn't enough. The only way to minimize the impact of stolen log-in credentials is to use a different password for every site.

For most of us that's a daunting challenge. Who can remember 50 different passwords? The answer is a password manager that lets you create as many complex passwords as you need and store them all in an encrypted database under one master password for easy reference and auto-filling. Once you have your password manager running, it fills in your user ID and password for you whenever you visit a website.

When creating your strong passwords, go for at least 8 characters (the longer the better), with a mixture of upper and lower-case letters, numbers and, if the site or service allows, special characters, such as “!,” “#” and “?.” It should be something you can remember easily. A long sentence works well when you take the first letter of each word and then substitute the vowels for numbers or symbols.

For example: The quick brown fox jumped inside the orange box and slept = Tqbfj1t0b&s

However, it's also been proven that really long passwords work just as well. Numbers, capitalization and special characters are all bonuses, but a short password that uses all of these tricks may still be easier to crack than a long password with real words, such as "iliketobakecookies"

All of the major browsers have password managers built-in. Sometimes you'll find it under "auto-fill," since the browser automatically fills in your password. Only the free Mozilla Firefox Web browser for PCs and Macs has lets you protect your password list with a master password. Google’s Chrome browser requires you to log in to save or use saved password, so logging out will protect you. Apple’s Safari browser on Macs stores your password in the iCloud Keychain, which means your passwords will auto-fill if you're logged in. However you'll need your iCloud Keychain passcode to view the stored passwords. Internet Explorer will auto-fill any passwords stored and show you the passwords.

Fortunately, all browsers will only auto-fill if you’re logged in to your computer profile, so remember to log out when you’re done. And set your computer to sleep after a few minutes of inactivity and require your password to come out of sleep so no one can use your computer when you step away.

  • On Windows PCs, you’ll find this under “Control Panel” then “Appearance and Personalization” and then in the “Personalization” section you’ll find “Change screen saver.”
  • On Macs, go to “System Preferences” then “Security and Privacy” and you’ll find it under the “General” tab.

RoboformA better option is to use a stand-alone password manager. The best let you sync your passwords across Windows PCs and Macs, as well as Android and iOS devices, plus help you generate unique strong passwords for sites and securely store your credit card info. Two of my favorites are RoboForm (free for 10 logins, premium with unlimited logins $9.95 the first year, $19.95 thereafter at roboform.com) and LastPass (free for desktop app, or $12 per year for a premium account with access to mobile apps on lastpass.com).

For a free option, I like Norton Identity Safe, which works on Windows PCs, Macs, iOS and Android devices and stores credit card info. It doesn’t have the password generator, but it works.

 

 


Topics

Computers and Software, Computer Safety & Support, Tips & How-Tos


Discussion loading

gravatar

From Ernesto Colina on January 06, 2014 :: 12:03 pm


Besides any password manager, if possible, use symbols that cannot be “typed” such as Japanese Emoticons or Upside Down Letters or many other tricks you can do with text. You can see those neat trick at : http://fsymbols.com/

Even simple words, converted to upside down letters, add an emoticon and not even the NSA can hack it.
For Example : pɹoʍssɐԀƃuoɹʇSʎɹǝΛᕙ(`▽´)ᕗ

BTW, and test your pasword here : http://howsecureismypassword.net/

Reply

gravatar

From Trudy on January 08, 2014 :: 9:32 am


thought you might be interested in a new product, actually just patented by an old high school friend and IT professional.  The product is called Sim2Com and here is the site for a free trial download:
http://www.sim2com.com/eng/download/download.php

I’d be interested in your opinion.

Reply

gravatar

From Roi Igarashi on January 08, 2014 :: 9:35 am


It may be very relevant to the topic of this article.

I have written a Windows based password cruncher and launched it in the market 3 days ago. It’s called Sim2Com.  It’s basically a “simple-to-complex password converter” that does its work on the fly without storing any credentials anywhere—not the cloud, not a server, not even in the local PC. The user’s brain is the database. No network or Internet necessary.

Free trial download is available at:

http://www.sim2com.com/eng/download/download.php

The con is it works only in Windows. This is because it was designed primarily for IT infrastructure professionals who babysit corporate networks and desktop and corporate users but it is still useful to Windows consumer users.

Reply

gravatar

From Roi Igarashi on January 12, 2014 :: 10:43 am


I think it might be better to first see the How-To Video for Sim2Com before attempting to download it. Please see this YouTube video:

http://www.youtube.com/watch?v=ynJl06wKXeU&noredirect=1

Thank you.

Reply

gravatar

From Tony on January 31, 2015 :: 8:51 am


I use a different password for every site but it becomes increasingly difficult to remember especially if it becomes necessary to change some of those passwords.

LastPass is the resource I finally turned to for automatically remembering and entering passwords for all my sites. You simply need one long complex Master Password for security, and the rest is easy.

Reply

gravatar

From Jennifer Wood Montalbano on February 19, 2015 :: 11:21 am


Do you recommend KeePass?

Reply

gravatar

From Elizabeth on February 19, 2015 :: 12:57 pm


I want to know your views of Keypass as well. Thanks!

Reply

gravatar

From Ernesto Colina on February 19, 2015 :: 2:28 pm


I use KeePass in many environments, including it’s usage at work. I has many features just like the “Pro” versions of many paid password managers and it even supports the usage of Japanese emoticons, which can be used to build a super secure password. And the best of all is that it is free.
http://keepass.info/

Reply

gravatar

From Ernesto Colina on February 19, 2015 :: 2:38 pm


One thing I forgot to tell you, and it is about the usage of “Key Files” instead of a Master Password.
My advice is : AVOID THEM. On that particular issue, KeePass does not play well, specially if you plan to copy your password database to another machine. But as long as you use a good Master Password, everything is fine.
BTW, I also use KeePass for a lot of things where “LastPass” cannot be used. i.e. Unix or Mainframe environments where the internet practically does not exist.

Reply

gravatar

From Elizabeth on February 19, 2015 :: 2:59 pm


I appreciate your response. I like KeyPass a lot, but recently tried to share my database with my husband’s computer and I get an error when I enter my master password & can’t seem to get around it. I was thinking perhaps I need to move to another, more portable manager.

Reply

gravatar

From Ernesto Colina on February 19, 2015 :: 3:13 pm


It has happened to me too, and I think it is because the password database got corrupted. I have solved this by getting a fresh copy of the original password database (*.kdbx) or by exporting the original database to an XML listing and importing it in the other machine.
And then again there is this page to repair it :
http://keepass.info/help/base/repair.html

Reply

gravatar

From Elizabeth on March 08, 2015 :: 2:13 pm


Thank you for your advice. I deleted the file for Keepass & reinstalled it and it seems to be working now. (Whew!) Thank you for offering some advice on how to address the problem if the cause was a corrupted file. I really like Keepass & didn’t want to have to move to another system, now I won’t.

gravatar

From Jennifer Wood Montalbano on February 19, 2015 :: 3:28 pm


I was told that it is NEVER safe to save your PW in your browser - how do Mozilla, et all keep password information secure?

Reply

gravatar

From Josh Kirschner on February 19, 2015 :: 10:31 pm


The problem with saving passwords in your browser is that anyone who gets access to your computer when you’re logged in can access sites using passwords stored in your browser. This may not be an issue for your home computer (unless you’re worried about your kids or spouse), but could be a real issue at work, for example. And some browsers (e.g., Chrome) will display all your stored logins and passwords to anyone who knows your Windows password.

But all of this is primarily an issue for local hacking, not remote hacking. I use Chrome to store passwords on my home desktop (not my banking passwords, which I always type manually), and I’m not worried about it. I’m pretty sure my wife isn’t out to get me…yet.

Reply

gravatar

From Jennifer Wood Montalbano on February 20, 2015 :: 9:25 am


.. If someone remotely hacks my home PC and takes control, they can still access anything that I have my stored credentials in.

Reply

gravatar

From Josh Kirschner on February 20, 2015 :: 11:17 am


To be able to access the encrypted files containing your password data, they would need the ability to take control of your computer when you’re already logged in. There is malware out there that could, potentially, allow someone to do that, though any decent antimalware program and computer running updated software should prevent it from installing. And actually taking advantage of the hack would require manual action from the person on the other side, making this much more labor intensive than your typical mass hacks.

If you weigh the likelihood of that happening (very, very small) against the (high) risk of using weak passwords because you’re afraid of password managers, it still makes sense to go with the password manager. Plus, not using a password manager exposes you to the same keylogger risks as above when you type in your password manually (still very low unless you think someone close to you may be spying on you).

That said, I’m very careful with my most important passwords (bank, brokerage, email) and never store them anywhere except in my head. The rest, I’m not so worried about.

Reply

Home | About | Meet the Team | Contact Us
Media Kit | Newsletter Sponsorships | Licensing & Permissions
Accessibility Statement
Terms of Use | Privacy & Cookie Policy

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.

© Techlicious LLC.