Set multiple unique passwords
Just as we have different keys for our house, car and office, the same should go for passwords. But while we might only have to distinguish between three or four physical keys on a daily basis, remembering dozens of unique passwords and knowing which account links to which password can be overwhelming. Research from the global analytics company FICO found that 7 in 10 people struggle to keep track of their passwords.
As a result, many people use the same password for different accounts. Software-as-a-Service provider LogMeIn surveyed people in the UK, USA, France and Germany and found that 59% of people still use one password for every account they own, even though 91% know that this poses a huge security risk.
The solution? “Use a password manager,” says Simon. Password managers are secure, online platforms that store your passwords in an encrypted form and allow you to access them from laptops, smartphones or tablets that you have verified.
“If you have a password manager, you only need to remember one very secure password - choose something unique and never write it down,” he says. “You can then install a companion browser plugin for your password manager so that, if you’re on a trusted device, the password manager will enter the password for you (assuming you have previously entered your master password). I have 1500 accounts and each one has a different password.”
Password managers can also alert you to data breaches that might compromise one of your accounts. “One method hackers use is to ‘brute force’ an account by trying lots of different passwords on the off-chance that one will be correct,” he says. “To increase their chances of getting the right one, they use lists of known passwords from previous data breaches. If your password matches one that’s been part of a data breach, some password managers will tell you so you can change it. Otherwise, it increases the chances that your account will be compromised.”
The question on my mind was about what happens if your password manager gets hacked. “Good Password Managers store all passwords in an encrypted form, whether on the user’s device or online,” he says. “So even if someone got hold of the stored passwords, they would only ever be in an encrypted form and could only be decrypted by the master password, only known to you and not stored anywhere.”