Last week we primarily worked on securing your local computer. Yesterday we focused on installing a local password manager. Today our view will expand outward. On this, the eighth day of the Thirty-Day Security Challenge I will challenge you to change your passwords on your online accounts. Don’t rush in and try to change them all at once though – that could be a recipe for disaster. Instead, try to change your passwords during your normal logins. Time to check your Gmail account? About to settle in for some Netflix? Getting ready to order that new book on Amazon? Take an extra couple of minutes and change those passwords. Your Dropbox account can wait until tomorrow when you will be logging into Dropbox, anyway.
When changing your passwords you should definitely pay attention to the qualitative aspect of the new ones. All of your passwords should be:
- Unique. Don’t use the same password on any two accounts. Each account gets its own password – this is critical to good online account security. This is much more important than even the quality of your passwords. No ifs, ands, or buts. This way if one account is hacked it won’t effect any of the others. Mat Honan is an excellent example of why using the same password on multiple accounts is a bad idea.
- Long. Use the maximum allowable length. Google accounts allow you to use up to a 99-character password. Your password manager does all the work and you’ll never enter it manually, so what do you care? Max it out!
- Randomly generated. Human-designed passwords are terrible, in the vast, overwhelming majority of cases. We just have a hard time reliably generating truly complex strings of letters, numbers, and special characters. Don’t try to make one up. Instead let the password manager do the work and generate one for you.
The password manager you installed yesterday will be fairly critical to this task. Without it you won’t be able to generate password meeting the above criteria…and if you do, you won’t be able to remember them. Add each one as a new entry to your password manager when you change it.
This will be a carry-over task that won’t be finished in a day (unless you really work at it). If you only change your passwords at your normal logins the process will be slower but it will also be more manageable. By this time next week I bet that the majority of your accounts have been changed, and by the end of this month all of your accounts should have new passwords.