Is Security Really that Important?
In the wake of the Nintendo account breach that affected about 166,000 users, the question is being raised once again: what are the best ways to secure your online accounts? This guide below should provide you with the best ways to keep your accounts under your possession.
Secure Your Online Accounts By Using A Password Manager
Of course, on a basic level, the most front-facing user aspect of providing security to an online account is the password. Now, it’s time to confess: are you guilty of using a “Life Password“? It’s ok, I was too. If someone guessed the password for one site, well, they had guessed my password for all of my sites. The practice, albeit convenient, is woefully vulnerable to attacks.
Imagine all of your online accounts are a fort with a wall around it. The people attacking your fort are the nefarious individuals trying to gain access to your account, be it through phishing or brute force. A “Life Password” weakens the metaphorical wall as such, so that if only one person manages to breach your wall, the entire thing collapses. Obviously, this setup is sub-optimal.
Of course, the best practice is to use a different password for every individual account. For example, your Nintendo account password is different than your Steam account password. But, that can be a pain, having to keep track of different passwords with tried and true pen and paper method. Furthermore, having your passwords written down on a piece of paper represents another security vulnerability.
The solution to keep your online accounts secure? A password manager.
Choosing A Password Manager
Password Managers are nifty little tools that are ever so convenient. Essentially, they are virtual databases, referred to as “vaults” and usually accessed via a web browser extension, that store your passwords. Furthermore, they can generate random passwords with given parameters like character count and uses of symbolic characters. Having a randomly generated password is much harder to breach than one that uses common vernacular.
The two Password Managers that get my recommendation are Bitwarden and LastPass. Bitwarden is the lesser-known of the two, but has a relatively clean privacy record, and functions much the same way as LastPass. Speaking of, LastPass is the most well known, and arguably commercial at this point. However, there are some minor aspects to LastPass that may dissuade those more privacy-oriented. Furthermore, LastPass was breached in 2015, however, due to their security protocols functioning as designed, the vault data was never exposed. Truly a trial by fire. But the point stands. If Password Managers are ever breached, the hackers wouldn’t be able to access the information anyhow because of encryption.
Whichever Password Manager you choose, it’s hard to go wrong with.
Setting Up And Using A Password Manager
Now that you’ve got those installed, you’ll want to run through the account creation process. But pause for a second before creating your password. You want to use a ‘passphrase’ for this one, and one that you’ve never used before. So instead of a sentence, think of a combination of words, that may or may not make logical sense when said sequentially, and ideally tack a few numbers between words or at the end. This will become your “Master Password”. Memorize it, as it will be the last password you might have to remember, and you’ll be good to go.
From here on out, you can start making entries into your vault with usernames and passwords for the sites you most commonly use. While the ideal situation would be to go through and update all of your passwords at once, that can be incredibly tedious and boring. The best way around this would be to go through all your accounts, just as you naturally would, and if the account is still using an old password, update it then and there. Get the Password Manager to generate a fairly lengthy random password, update it, store it, and you’re set!
The aforementioned Password Managers both have auto-fill capabilities. Meaning that once the Manager recognises it has stored information for the site you’re trying to log into, it can automatically fill in the username and password entry. Furthermore, both LastPass and Bitwarden offer iOS and Android apps, so you can extend the security to websites or apps you log into on your phone as well.
Make Use Of Two Factor Authentication To Secure Your Online Accounts
While having more secure passwords is a must, it’s still not the only thing you can do to secure your online accounts. Most websites now support “Two Factor Authentication”, or: “2FA”. 2FA is adding another layer to the login process in order to maximize security.
2FA comes in a variety of forms, and it’s likely you’re already familiar with it. Have you ever tried to log in to your bank account and they required you to also input a code sent to your phone? A prime example of 2FA. 2FA isn’t as within your control as making new, secure passwords is, but most sites are starting to now support it. Nintendo, the subject of the latest publicly made account breach supports 2FA, namely in the form of Google Authenticator, an app you can get on iOS or Android. This app, when linked to accounts that support 2FA through it, will display codes that periodically regenerate over time, that you will need to input in order to successfully log in.
2FA, while adding extra layer of security, does add an additional step to logging in. Which doesn’t seem like much, but we’ve grown lazy with convenience. That’s why most sites that support 2FA have a convenient checkbox that “remembers” your device for a period of time, usually around 30 days. With this option enabled, you won’t be asked to input a 2FA code when logging in from that device. While this does mildly diminish the security offered by 2FA, having some 2FA is better than no 2FA.
So while you’re going through and changing your passwords, check to see if the websites you have accounts with offer 2FA. And if they do, enable it. Whether it be a text message code, Google Authenticator code, or otherwise.
Easy As Ever
Securing your online accounts is as easy as ever. And while it can be a process that consumes time, or happens gradually over time, there’s no excuse for having vulnerable accounts. Getting setup with a Password Manager and 2FA is simple and convenient, and is really a must in this day in age.
Stay safe out there!