Browse by category


Blog archive

2019October 2019 (2)September 2019 (2)July 2019 (3)June 2019 (2)May 2019 (1)April 2019 (2)March 2019 (1)February 2019 (2)January 2019 (2)2018December 2018 (2)November 2018 (1)October 2018 (2)September 2018 (1)August 2018 (2)July 2018 (1)June 2018 (1)May 2018 (1)April 2018 (1)March 2018 (2)February 2018 (2)January 2018 (4)2017December 2017 (6)November 2017 (4)October 2017 (5)September 2017 (3)August 2017 (3)July 2017 (3)June 2017 (1)May 2017 (2)April 2017 (1)March 2017 (1)February 2017 (2)January 2017 (2)2016December 2016 (2)November 2016 (1)October 2016 (1)September 2016 (1)August 2016 (1)July 2016 (1)2015December 2015 (1)January 2015 (1)2013December 2013 (1)2012November 2012 (1)

Hopefully one day soon passwords will become obsolete, but until then they're the main system we use to identify ourselves. As criminals become bolder and computers more powerful, advice about passwords has become more complex. 

The three golden rules are:

  1. Make your password long and complicated
  2. Use a different password for every system
  3. Use two-factor authentication wherever you can

In my experience most people do a reasonable job of the first rule, a few follow the second, and only IT geeks even understand what the third rule means. 

Today I'm going to guide you through all three. They're not as complicated as they look and by the end, you'll never have to type in or remember a password ever again.

 

Generating and managing strong, unique passwords

The two problems for most people are creating complicated passwords and remembering them, which is why everyone uses their oldest child's name and birthday as their password for everything. You can pay for secure password management systems if you're managing thousands of passwords across a team, but if it's just for you then there's a much simpler way using Google Chrome. 

Chrome has a built-in password manager that auto-fills your passwords across your devices and also suggests strong passwords when you sign up on a new website. Simply sign in with your Google account and ensure that sync is turned on.

Now when you sign into a website, a pop-up box in the top right will ask if you want to save your password:

Click Save and it will be stored in Chrome's password manager. The next time you come to the website the login boxes will have a blue background and your details pre-filled:

The next step is a little more involved because you need to set unique passwords for every account you already have. Make a habit of every time you sign in to a website where you haven't yet changed your password, go to their account settings page and reset it to something complicated (bookmark this page which generates strong passwords).

Then when you submit the password change, Chrome will pop up a message asking if you want to update your password like this:

Finally, when you sign up for an account at a new website, click into the password field and Chrome should suggest a password and store it automatically, so you don't need to remember it. 

Ta-da! Steps one and two complete. Have a cup of tea and a biscuit, and come back in a minute to read about two-factor authentication.

 

Two-factor authentication

If you're going to use your Google account to store all your passwords, you need to make sure that your Google account itself is secure, by setting a strong password and enabling two-factor authentication.

Two-factor authentication (also called 2FA) means using something you know and something you have to log into a system. A great example is using a cash machine: you need to have the card and know the PIN to make money come out of the hole. Most major websites now offer a digital version of this, either using free apps like Google Authenticator or by sending a code to your phone. The Authenticator app gives you a passcode that changes periodically, which proves to the website that you've got your phone in your hand.

Here's how to get started:

1. Install the Authenticator app for Android or iPhone.

2. Go to your favourite website and find the security section about two-factor authentication. Here are links for some of the larger sites:

3. Open the Authenticator app, click the big red add button at the bottom, then hit Scan a barcode

4. Hold your camera up to the QR code on the website, as shown in the example below from the Amazon website:

4. The app will add a new entry for this website and generate a new six-digit code every minute. Enter the code generated into the verification field on the website to enable two-factor authentication on your account, and you're done.

 

Other kinds of two-factor authentication

Some websites offer a different kind of two-factor authentication where they send you a text message each time you log in. This is fine but relies on you having a mobile signal when you log in. Here are links to some websites for setting that up:

 

Summary 

That wasn't so complicated, was it? Good security online is way more important than it used to be, and it's also a lot easier to set up. If you're unsure, try setting up one or two websites with your browser's password manager and enabling two-factor authentication. After a couple of weeks, you'll see the benefit!

Tagged under: Bluffers guide   Hot topics   Google   Security   Passwords