Last weekend, I asked you to install password manager. This is a critical step in performing today’s task: today I will challenge you to
change your online account passwords begin changing your online account passwords. Don’t rush in and try to change them all at once – there’s a good chance you will get locked out of something. Instead, change your passwords during your normal logins. Time to check your email account? About to settle in for some Netflix? Getting ready to order that new book on Amazon? Take an extra couple of minutes and change those passwords, during your normal logins. Your bank account can wait until tomorrow when you will be logging in tomorrow, anyway. If you did last year’s Thirty Day Security Challenge, don’t rest on your laurels; this is a good time to begin cycling through some new passwords, too.
Active Time: 1-2 minutes per account
What it Protects You From: Account takeover
When changing your passwords you should definitely pay attention to the qualitative aspect of the new ones. All of your passwords should be:
Change Online Account Passwords
- Unique. Don’t use the same password on any two accounts. Each account gets its own password – this is critical to good online account security. This is much more important than even the quality of your passwords. No ifs, ands, or buts. This way if one account is hacked it won’t effect any of the others. Mat Honan is an excellent example of why using the same password on multiple accounts is a bad idea.
- Long. Use the maximum allowable length. Google accounts allow you to use up to a 99-character password. Your password manager does all the work and you’ll never enter it manually, so you have to expend the same amount of effort whether you have a 1-character password or a 500-character password. Max it out!
- Randomly generated. Human-designed passwords are terrible, in the vast, overwhelming majority of cases. We just have a hard time reliably generating truly complex strings of letters, numbers, and special characters (not to mention remembering them). Don’t try to make one up. Instead let the password manager do the work and generate one for you.
The password manager you last week is absolutely critical to this task. Without it you won’t be able to generate password meeting the above criteria…and if you do, you won’t be able to remember them. Add each one as a new entry to your password manager when you change it.
A Little Bit at a Time
This will be a carry-over task that won’t be finished in a day (unless you really work at it, and I don’t really recommend it). If you only change your passwords at your normal logins the process will be slower but it will also be more manageable. By this time next week the majority of your accounts’ passwords will have been changed, and by the end of this month all of your online accounts should have new passwords.