Every week there’s a new digital scare. Target was hacked. Home Depot was hacked. LinkedIn was hacked. Cheating site Ashley Madison was hacked (which didn’t seem to garner much sympathy). All of these, and many more, put millions of emails, usernames, passwords, and credit card numbers in the hands of digital terrorists. Time to panic, right?
Let’s just relax for a second.
You don’t have to delete all your accounts and go completely offline to be safe. You just have to take some simple steps to make sure you’re not fully exposed to the tactics used by said digital terrorists trying to get your data.
The Obligatory List Of Things Everyone Says...But With Better Info
Every time a massive amount of data is compromised, here’s the list of tips every site offers. We present the upside and downside to each:
Make Better Passwords
Upside: This should be obvious. If you’re using “password” or “12345” you’re welcoming danger.
Downside: If you create too many outlandish passwords you probably need to store them in an unsecure place, like a document titled "Passwords" or on a piece of paper near your desk. According to an Intel study as reported by Digital Trends, “the average person has 27 different logins for various accounts spanning both personal and work use -- and 37 percent of respondents forget at least one of those passwords every week.” People polled said losing a password was as annoying as a papercut (the horror) and a few said they’d give up pizza if they’d never have to remember a password again (actual horror).
Tip: Not all sites are created equal. Bring out the big password guns for sites with your most vital info: Banking, email, benefits, etc… Basically, anything where money or highly personal information is at stake. Also, if you use one site to log into many sites -- example: you log into a news site using your Facebook account -- you can protect all those sites by having a solid FB password.
No Dupes Or Re-runs: Re-using a password even for non-critical accounts can always be risky. You never know when someone might be able to figure out how to use a non-critical account (like a throwaway email address) to impersonate you and gain access to a critical one (like your Gmail or Facebook account).
Use Two-Step Verification
What Is It? You have to do two things to gain access to that account. Example: You type in a password to receive a unique code via text message (or robocall), which you enter on the site to swing the doors wide open. [Here's how it works on our site.]
Upside: This appears to be the most secure method apart from fingerprints and retina scanners (which probably only exist in spy movies); for someone to hack your account they’d need to have your password and access to your phone; two-factor verification used to be a hassle but it’s gotten much easier over time so if you were scared off in the past try giving it another shot.
Downside: If you lose your phone you may be locked out until you replace it; it’s ideal if you only use one computer all the time, but many start to feel the pain when they want to access an account from a phone, tablet, or multiple computers. Still, if you’re paranoid about being hacked, or tend to use the same password across multiple accounts, it’s definitely worth the extra effort.
Use A Password Manager
What Is It? A program that manages all your passwords for all your accounts and creates new ones on the fly that are virtually impossible to crack. [For more on this, check out The Four Most Popular Password Managers]
Upside: Rather than remember hundreds of passwords, you only have to remember one to access everything; it’s easy to safely share accounts of your choosing with family, co-workers, and people you trust; most identify when you're re-using the same password for multiple sites and strongly advise you to change it.
Downside: If someone you don’t trust steals that password, they have access to everything; if you happen to forget your master password, you lose everything and are back where you started.
Tip For The Ultra-Secure: If you use a password manager and don’t want to share the password with anyone while you’re still alive, write it down and keep it with other vital documents (Will, Life Insurance Policy, POA, etc…).
Completely Relevant Everplans Plug: One method employed by a particular paranoid Everplans employee looks like this:
While the name of the password manager was removed for demonstration purposes, the “Notes & Instructions” clearly state what should be done upon death. This person then shared the Digital World section with a trusted Deputy and now has one less thing to worry about in life.
Very Important Note: Whenever the master password is updated, it’s vital to update the piece of paper stored with other important documents. Otherwise, you went through all this trouble for nothing since a Deputy can’t access your accounts with an outdated master password.
Don’t Share Passwords With Anyone
Most sites specifically forbid you from sharing your password with anyone or else you violate their terms and conditions. But you didn’t get to where you are today following the rules, did ya?
Upside: No one will ever be able to access any of your accounts ever; you also have more time to hunker down in your bunker and concentrate on conspiracy theories. (“What if cows are just stocky horses painted white and black to trick us. Prove that they’re not!”)
Downside: Some accounts are meant to be shared. If you have health insurance and your spouse needs access, sharing the login is the most logical way to do this. Same goes for sharing a Netflix account with the family. Or the master password for a password manager because you're tired of having to tell your spouse or kids the health insurance and Netflix password over and over again.
Why It Matters: Some of these accounts can become inaccessible after a death, which makes transferring or closing them very difficult. Digital Estate legislation is moving way too slow and people need a solution right now. Letting your family or friends know what you want done with your accounts and how to access them is the quickest and least painful way to do it. This story about sons who couldn’t access their late mother’s iPad, or this Canadian widow who couldn’t obtain her late husband’s Apple ID without a court order are perfect examples of how not sharing a password can become a bureaucratic nightmare.
Tip: Most password managers allow you to share account access with anyone in your life without revealing the password to them.
Never Do Anything Online Ever
Upside: You’re Amish? (If that’s the case, how are you reading this article?)
Downside: This is completely unrealistic. Even if you don’t personally use the Internet, you most likely call on the services of someone else to do it for you. It may not be the focal point of your life, or how you regularly communicate or organize, but it’s still something that affects you whether you want it to or not.
How To Create Better Passwords
If you’re not ready to use a password manager you have to, as the kids say, up your password game. (Note: Kids don’t say that. At least cool ones don’t.) So, here are some tips and tricks to secure your digital world.
Never use a regular word, name, or birthdate. Come up with phrases, song lyrics, mix in some capital letters, symbols, and numbers. Here’s some examples to get your mind working:
- My [NUMBER OF KIDS YOU HAVE] kids are so cute = My2kidsar3s0cut3
Turning the letters "o" into "0" and “e” into "3" is pretty easy to remember
- Billy Jean is not my lover + BillyJe@nIsN0tMyL0ver
Capitalize the first letter of each word; turn “a” into @
- Pound signs are neato! = #poundsignsareneat0!
Feel free to use a$ many $ymbols & ch@r^cters as you like (¯\_(ツ)_/¯)
- I get knocked down, but I get up again = Igetkn0ckd0wn!ButIgetup @gain!
That song is totally in your head right now
- Call Jenny at 867-5309 = CallJenny@8675309
Now this song is totally in your head
If you're still worried about getting hacked, you can take your "passphrases" -- which are longer and more secure passwords -- to the next level by mimicking security experts. Our Chief Technology Officer suggested this article from The Intercept, detailing a method of passphrase creation involving dice (yes, the kind that you roll) and this pdf with 1000s of seemingly random words.
Where Should You Keep Your Passwords?
Whether you keep them in a digital document, a note-taking app, or write them down on paper or Post-its, you should still take some precautions. But first, some benefits and drawbacks to keeping it low-fi.
Upside: It can’t be stolen by hackers unless they break into your house.
Downside: You can lose or misplace it; it can become outdated really fast, and become a mess when you have to scrawl new passwords over older ones; someone visiting your home can copy, steal, or accidentally throw out/spill coffee on the piece of paper.
You Might Want To: Create a document on your computer and name it something a little less obvious than “passwords” or “the keys to my entire life.” Instead try “Work Forms,” “Very Boring Invoices,” etc...
How To Make It Work For You: Instead of writing every username and password down verbatim, come up with a simple system and include useful hints and clues.
Example: Account name, username/email you use, password hint = facebook, yahoo, Kelly’s fave F0od!
This way you know the account (facebook), the email tied to that account (yahoo), and a good idea of what the password is.
Let’s say you forget that Kelly’s favorite food and your password is “HamburgerS0up!”; you already made your hint helpful by writing “Kelly’s fave F0od!,” which lets you know that the “H” and “S” should be capitalized and there’s a “!” as your special character. Also, if you get in the habit of changing letters into numbers that look like that letter (o = 0) you’ll be that much more secure.
If you completely forget the password, don’t freak out. Just reset it and leave a better clue. It might be a hassle to always reset, but it also forces you to create different passwords and get two-step verification into place.
The Downside To This System: If you become incapacitated or die, how will anyone ever figure out your passwords? They probably won’t, which is why you should have a separate document stored someplace safe with a simple way to decipher your code. Yes, this is a lot of work, but if you don’t want to use a password manager (and share the one password) you have to expend the extra effort.
The Upside To This System: At least you have something in place so your family, friends, and loved ones have some direction when it comes to managing your digital estate. Now go grab a nice hot bowl of hamburger soup. You earned it.