Generate New Passwords For All Of Your Online Accounts
DAY 14: Generate New Passwords For All Of Your Online Accounts
Welcome to Day 14 of my 30 day security challenge, the month long challenge I created to help you gain control of your privacy and security online. You can follow along with the security challenge via my blog at snubsie.com, where you can skip ahead or download a checklist of the challenge. Each video will also be curated into a playlist so it'll be easy to follow along from Day 1 all the way through 30 here on Youtube.
Today we're going to go thru all of our online accounts and generate new passwords for 'em. Get out that notepad you were using to write down important details. Today, we're going to transfer those fresh new passwords into a password manager and generate new ones for your online accounts.
Let's start with the #1 rule of password management: EACH ONE MUST BE DIFFERENT. Reason being? You don't know how a company is storing your password when you create an account on their website. They could have terrible security practices, and if they got hacked and your password leaked, you don't want the attacker trying that same password against your other accounts. They could easily gain access to more accounts than just that one that got hacked, so using a different password on each account makes it a lot harder for someone to take control of your online self.
So, how do you create a new password for each site? That's A LOT OF WORK, and you'd probably run out of clever ideas for passwords pretty quick! That's why I recommend a password manager. If you missed that episode, go back to yesterday where I discuss the pros and cons of password managers. The one I use, called LastPass, can generate new passwords for my accounts automatically, or I can manually generate randomly created passwords that include symbols, numbers, and letters all mixed up together. I'd never remember those, but now I don't need to.
If you don't have a way to randomly generate tough passwords, I'll give you some pointers: The National Institute of Standards and Technology Special Publication 800-63 recommends users create passwords that include long phrases with four words or more. This is because longer passwords can be much harder to crack by software than shorter passwords that still include letters, numbers, and symbols. I tend to do a bit of both. If my password was the phrase: "It does not do to dwell on dreams and forget to live." (any Harry Potter fans out there?) I could then add in some weird upper cases and numbers and symbols to make it even harder. For example: "1t d0E$ N07 Do to Dw3!1 on Dr3aM5 & f0Rg3t tO L1V3." Now ya see why I like those password managers so much - that is a real pain in the bum to type in all the time. (PS: No, that's not one of my passwords). You don't need to add in the weird letters and symbols - that's just my own thing. Simply having a long phrase is enough, though I really prefer not using dictionary words in my passphrases. NIST also recommends not changing your password periodically because this leads to counterproductive password generation. In other words, people get lazy. I tend to change my passwords about once a year by just generating new ones through LastPass's generation tool.
Now, how do you know which sites you currently own online? This is where your notepad comes in. You should have written down all the websites you log into. If you haven't already begun to add these to a password manager, go ahead and manually go to each site and change your password through the settings for your account. Generally, you'll find online sites have an "account" or "profile" page that has security options include a "change password" page. You'll need to type in your old password then your new one, sometimes twice. If you use LastPass like I do, it should recognize your login attempt and ask you if you want it to remember that login for future use. I always click yes.
A great way to find sites you've created accounts on is by searching your email inbox. Generally new sites will send you a confirmation email or sign you up for a newsletter or coupon mailer, etc - so if you search your inbox for the word "Unsubscribe" or the phrase "Confirm your email", you can find some of these sites. You can also search https://knowem.com/ for your username, and it'll show you if you've created an account on popular sites using that username.
Remember, you can always go back through these accounts and delete any you no longer need using https://justdelete.me and you should probably update all of your passwords to new, fresh passwords just in case any of these have ever been breached before in the past. While it does take a long time to manually go through all these online accounts to update the passwords on them, it also saves you tons of time in the future because you'll be less susceptible to hacks.
Day 14 is now complete! Tomorrow is all about setting up a two factor authentication! But first, make sure to subscribe on youtube and hit up snubsie.com for the downloadable checklist and to skip ahead on the 30 day security challenge. Again, I'm Shannon Morse and I'll see you tomorrow for day 15!