Here is a brief document for distribution to friends and colleagues all about password management best practices. Once again this coming year our number one issue is going to be network and user security and though we have disaster recovery options in place it is better if we don't have to use them.
- Firstly remember you WILL NOT KNOW when you have been hacked there are no warning signs you will just slowly lose control of everything this can occur minute hours days or weeks after the hacker gets your login details.
- The most common mistake is users entering their username and password into fake websites.
- DO NOT USE YOUR EMAIL PASSWORD FOR ANYTHING EXCEPT ACCESSING YOUR EMAIL ACCOUNT THIS IS NOT NEGOTIABLE IF YOU DO THIS YOU ARE ASKING TO GET HACKED I HOPE THE BIG RED BOLD ALL CAPS MESSAGE WILL GET THIS POINT FULLY INTO YOUR MEMORY FOR ALL TIME THIS IS THE MOST COMMON AND WORST MISTAKE YOU CAN MAKE WITH SECURITY
- Log into your machine and open your browser at the start of the day go to https://www.google.com.au/ and make sure you are logged in even if you are not a G Suite or Google user you should create an account to ensure Google security is FULLY operational in the browser, Google are good at keeping people safe their browser by default check all web sites for know fraudulent activity and will warn you if the site is infected or contains malware.
- If prompted for your email address and password by any site check to be sure you are in the right place.
- Never use a password manager these are not a good idea they create a single point for a hacker to get your whole login history in one hit.
- Let your browser save passwords for all common sites except where the site has your credit card info or enough about your identity stored to allow a hacker to impersonate you.
At this point most people are going how am I going to manage my passwords, thankfully that is simpler than you might think the issue is that you need a standard set of passwords so they are easy to remember that meet the needs of multiple web sites.
To start pick a word or phrase anything easy to remember needs to be 8-12 characters
E.g. Boxer Dog
Now complicate it: B0xerD0g!
Internet banking: unique 10 characters never used anywhere else except banks and credit card institutions.
most secure sites but not banks password.
Somewhat secure sites password.
Any old crap password.
Lastly have one special password only for your email as email is at the root of all authentication and password reset services so needs to be kept the safest of all
I hope this helps just remember if you only have three passwords in common use you are unlikely to get locked out by trying the wrong password too many times.
The only safe place to store an important password is in your head.