Submitted by SAIL Vendor Cris Carpenter, HouseCall Computer Services, LLC
It’s important to follow safety guidelines while you’re enjoying the internet. Here are some great tips for keeping your personal information safe with your passwords online.
Guidelines to help keep your accounts protected
1. Use strong passwords. Rather than just using a single word, strong passwords should have complex combinations of letters, numbers and/or other characters, making it more difficult for fraudsters to break into your accounts. Here are the characteristics of strong passwords:
- Longer, at least 8 characters.
- Cryptic, comprised of combinations of letters and other characters that would not make sense together or be easy to guess.
- Mixed case, comprised of both upper and lower case letters.
- Include at least one number
- Include at least one special character (%, $, #, etc)
2. Use unique passwords. Use a different password for every website, social media account and financial account you log in to. Sure, it’s more work for you, but it’s also more work for hackers if none of your logins share the same password. For the same reason, don’t reuse old passwords.
3. Record passwords securely. Keeping track of important logins and passwords can be as simple as recording them in a small notebook, but care should be taken to store that notebook in a secure location (not out on the desk next to the computer), and avoid labeling it “Passwords”. Some people will also record their passwords in a word processing document saved on the computer, but it is also a good idea to name that document something cryptic so that its contents are not obvious.
4. Use a password manager. Password managers are web browser plug-ins or add-ons (work with the web browser) that keep track of all your logins and passwords for you. Some are very sophisticated, with advanced features that can synchronize passwords across several devices, but these also tend to require a bit of technological sophistication from the user. Fortunately, current versions of good web browsers, like Mozilla Firefox, have built-in password management tools. Firefox has its own built-in encrypted password management utility called “Master Password” which can be turned on by going to Tools > Options > Privacy & Security. Once turned on, the computer user only needs to remember the master password, and Firefox remembers all the logins and passwords for them.
5. Enable two-factor authentication. For your more important accounts, especially your financial ones, take advantage of two-factor authentication, an added layer of security that requires an additional step once your password has been entered. For example, when you enable two-step verification for webmail accounts, like Gmail, or your bank’s web branch login, a one-time four to eight-character code is sent via text to your cell phone. You then enter that code when prompted on the website, which helps ensure that they are actually letting you into the account rather than someone else.
6. Activate login notifications. Login notifications, if available, alert you via text message or email when your accounts are accessed, your passwords are changed or if there is any other security-related activity happening in your accounts. Like two-factor authentication, how you turn it on varies from one website to another.
7. Never share your passwords. This perhaps goes without saying, but hackers and scammers have pretty sophisticated ways of duping people into giving up their passwords. If you are talking on the phone with someone you think is from some technical support department, and they ask for an account password, hang up the phone. They may be from a phony scam support outfit or possibly even a rogue employee of a legitimate company. Similarly, if you get an email that appears to be coming from somewhere you do have an account saying you need to click on a link in the email to address some kind of issue with your account, don’t trust it. Delete the email, and go directly to that website to sign in and see if there are any issues or contact the company via phone using a phone number previously provided by them for customer service.
Optional – Regularly change your passwords. Some people like to do this, but I have not seen the value of regularly changing passwords, except within a corporate or institutional network environment, and it’s way too much trouble for the average computer user. Certainly, feel free to change an account password if there is any concern that an account has been hacked or you want to update passwords to make them stronger or more unique.