It's time for everyone to take passwords seriously
I’m going to take a break from answering questions this week to talk about an issue that affects every single one of us, and that’s passwords.
Industry studies, as well as my own personal experience show that most people simply do not take seriously the issue of securing themselves with strong, hard to guess, frequently changed passwords that are unique to each site, web service, or application that you use. It’s worth going over related information to make sure you understand the why’s of good password practices.
Study after study shows that, despite the dire warnings constantly circulated in the press, a startling number computer users still use strings like “Qwerty,” “123456,” “LetMeIn” or even “password” as their password. Others think they’re clever using the name of their pet, or their anniversary, or some other piece of information they can remember easily.
Unfortunately, password-cracking software can guess such passwords in mere seconds.
Worse yet, in order to avoid having to remember passwords for the dozens of sites they use, people often use the same password everywhere. Yes, hackers are well aware of this.
Still feel clever?
There is a ridiculously easy way to fix this problem, and that is to use an automated password manager.
There are multiple good ones on the market. Hit Google and do a bit of research to find the one that’s right for you.
What these packages do is take all the drudgery out of all aspects of password management. This includes making up passwords, trying to remember them, and even changing them at regular intervals. Good password managers will do all of that for you, and work on every device you have, including computers (Windows, Mac, and Linux), tablet devices, and smart phones.
They detect when you’re signing into a site that requires a password, and automatically fill it in for you. And these managers generate passwords that don’t contain a single piece of traceable information, and are, in fact, complete gibberish to human eyes. And that’s OK, because you never have to type-in or even see the passwords. All you need is the password that secures your account with the password manager – and you’d better not choose password!
I wanted to mention a recent tool that’s become available to many users that can really help you to know if your passwords have been compromised.
As you probably know, many browsers, including Microsoft’s Edge, have the ability to store your username and password for most sites you visit. Microsoft recently added a feature to Edge that allows it to check your stored information against lists of known compromised user accounts. It then displays a warning list to you of which (if any) accounts have been exposed.
If your system displays a lot of them, and which use a lot of the same password, that should be a giant wake-up call to you that your online personal security needs some work.
To access this feature, run Edge, and in the address bar, type: edge://settings/passwords/passwordMonitor. In case that broke across lines in your local newspaper, there are no spaces or hyphens in that URL.
The tool will tell you about any leaked passwords and even provides a convenient link to click to go to the site and update your password.
If the scan shows that you have some in there, don’t feel bad – even I had a few that needed taking care of. The point is, I didn’t even know about them until I used this tool. This is a genuine, non-sarcastic “Thanks, Bill!” feature that everybody should be using to help combat cyber criminals.
To view additional content, comment on articles, or submit a question of your own, visit my website at ItsGeekToMe.co (not .com!)