Strong passwords are crucial for protecting your online information.
Spending an hour or two updating your passwords and log-in settings is a simple first step to take when preparing for episodes of online harassment that may make you vulnerable to hacking or doxing. Keep in mind the following tips:
- Try to follow a one-to-one rule. Feminist Frequency stresses the importance of creating an individual password for each unique account in its Online Safety Guide. Don’t forget all the different accounts out there! Email, social media, banking, household expenses like electric and heating, credit cards, health insurance, television and movie subscriptions, retail subscriptions, charities, and volunteer memberships are just some of the online accounts you might have. It’s a lot to remember, so consider using a secure password manager (see below).
- Compose difficult passwords. According to the password-creation requirements of many websites today, a strong password is longer than seven characters and should contain a mix of upper- and lowercase letters, symbols, and numbers. (An emerging best practice suggests combining words into a random phrase.) It can tempting to use familiar names and places in your passwords or to swap out letters for correlative symbols, like “@” for “a” or “3” for “E.” Resist doing this. Instead, try using an automated password generator (like Secure Password Generator) or download a password manager (see below). The Electronic Frontier Foundation (EFF) recommends writing your passwords down on paper and storing them in a secure location, like your wallet.
- Use a secure password manager. Creating and remembering a unique password for every account can feel like a Sisyphean task, which is where apps like LastPass and Dashlane come in handy. Password managers help generate randomized, high-security passwords and keep them securely stored so that your brain doesn’t have to.
- Use multi-factor verification whenever possible. Email, social media, and other sites requiring a log-in usually offer the option of turning on two-step verification—a layer of security which requires you to retrieve a code from a secondary device before logging into your account. If someone tries to sign into your account, they won’t be able to complete authentication without access to your secondary device, which in most cases is your mobile phone—a device many of us have nearby at all times.
Use security questions. Many sites require you to create a security question in the event that you forget or need to reset your password. The questions tend to be simple and personal—meaning their answers could be easy for an attacker to dig up through a Google search. Try to make your answers to these questions difficult, or pick a question whose answer isn’t Googleable. (For example, if the question is “Where were you born?” and a Google search of your name surfaces an article about the time you starred in your middle school play in Pleasantville, America, maybe don’t pick that question.) EFF recommends using a randomly-generated answer in response to these questions. You can always save answers to security questions in your password manager if you’re worried you might forget them.