The cybersecurity statistics are astonishing:
- According to The Identity Theft Research Center (ITRC) Annual Data Breach Report, 2022 had the second-highest number of data compromises in the USA alone in a single year. At least 422 million individuals were impacted.
- So, not surprisingly, 8 out of 10 people are worried about their online security, and 7 out of 10 people no longer trust passwords to protect their online accounts.
- Yet, 68% of people use passwords that are at least 5 years old and on average, people only use 6 unique passwords to guard 24 online accounts.
Do you use the same password across multiple accounts? Have you been the victim of online identity fraud? If you answered either of these with yes, it seems you could use some help protecting your data.
Sign up to receive our email newsletter full of actionable tips and practical advice every month
Important password rules everyone should follow
When it comes to passwords, the rules are stringent (any compromise on below, and you are compromising your data):
- Use a different password for every single account.
- Passwords should be 8-10 characters in length. For highly important accounts, such as your bank account, an even longer password isn’t a bad idea.
- Use numbers, symbols, and the upper and lower case as much as the account password allows.
- Never use names or number combinations that can be easily guessed (for example addresses, family names, pet names).
- Change your passwords regularly and make sure you update your password manager (we’ll talk about that in a sec) at the same time.
- When setting up an account, and security questions and answers are requested, do not answer truthfully. Your mother’s maiden name provides no security at all, especially when you provide the correct answer to all the online accounts that ask for it. Instead, use a random answer and document it in your password manager (bear with us, you’ll find out what this is in a moment).
- If you need access to your partner’s passwords in an emergency you may want to store their master password in your password manager (keep reading).
- Never write down your master password. NEVER!!! This is the only password you ever need to remember. So, there is no need to write it down. Got it.
- Make sure you change your master password regularly (refer to point 5 above).
Why you should get a password manager
We are online on one of our devices at least once a day: to book accommodation or transport, manage our finances, upload photos to social media or maintain our website. To be able to use these online services, we need an online account, requiring us to provide a username/email address and a password.
I have more than 300 active accounts, and Sandra has 240. To ensure we use a unique password for each and every account, we store our passwords in our respective password managers: I use eWallet, and Sandra uses mSecure.
Both password managers work in a similar way – we just use two different ones as we have different interface preferences:
- Passwords are stored in 256k/bit encrypted format in the password manager application.
- Each password manager syncs the databases to our Microsoft OneDrive account on a regular basis. Both the sync process and the Microsoft OneDrive file are also encrypted. This gives us peace of mind if our devices get stolen and a lot more control than password managers that store the data in their own cloud such as LastPass.
We both have been using our password managers since 2011 and 2012, respectively and never had an issue. Knock on wood…
What else can you do to protect your data?
- Never enter your username or password while using unencrypted or non-VPN wifi.
- Use the web or app-based two-factor authentication for accounts that support it.
- Turn on BitLocker Drive Encryption (to ensure your Windows hard drive is encrypted).