Time to Update your Passwords and Web Security Before it is too Late
By having better passwords and making them longer and more secure can result in a safer internet experience. There are simple steps you can take to make your web use safer and I have listed some suggestions that you may want to take. This article is not meant to make you paranoid, but a guide to take extra steps that you feel are necessary based on your particular internet needs.
Computer security incorporates many different types of hardware devices, such as mobile phones, computers, tablets, TV's, home smart devices and security systems as some examples along with all those items you have hooked up to your home internet network. Basically, if an item is hooked up to the internet, then having better passwords, computer security software, a more secure/updated modem/router and making file backups would help keep your online presence more secure.
Do you know someone else who could benefit from selling their handmade items on Amazon that
would find this information useful? - How about clicking on one of the social share buttons above.
One of the most important things you can do is to change your password every once in a while even if you do not think anyone has your passwords because you never told anyone. The length of time between password changes can vary for different people based on personal opinion. The more important the specific website is to you, the more you should change your password. While I understand that this is a boring thing to do, you do not know nowadays if someone stole your password, put it out on the dark web to sell for a small amount of money and someone may purchase your information.
If you have 2-factor authorization set up on some of your online accounts that offer this extra password (sign-on) protection, then you may not need to change your password as much. 2-factor authorization relates to online log-in security and even if bad people stole and had your username/email and password unless that person had access to a piece of hardware such as your mobile phone, they still should not be able to login into your account. At least not without being a very sophisticated hacker. More on 2-factor authorization is shown later in the article.
I personally, put in the effort to change all my major passwords once a year even if I feel they are secure. Your time will vary, but if you have not done it for a real long time, this may be the time for you. Since my account information, such as email, address or phone number on the different accounts has not changed, I can just do the password update and it does not take that long. An easy way to change your password is to press the 'Forgot your password' prompt on the website's sign-in page. You generally get sent an email and then follow the steps to enter a new password. You then should update your password list with the new password update. While changing my passwords, I take this opportunity to make my passwords, when needed, a little longer and stronger at the same time.
If the place you work at requires you to change your password at a certain period of time such as quarterly, try not to write down your password on a piece of paper and put it on your desk.
In the rare situation that you have been hacked or your account has been compromised:
In the situation in which you feel, know, or have been notified a specific web account site has been compromised, this would be a good time to change your password right away as well as check that site's latest transactions depending on what type of site it is. You would also want to check if any general account information such as contact information or credit card type information has been changed. If you know that your account has been hacked, you also have the option to add, when offered, 2-factor authorization to that site. You may also want to optionally change your user id for that site in addition to your password.
When you contact a company to inform them that your account has been hacked and you no longer have access to your account, it may take time and proof to convince the company that you are the real account holder. The company may not treat this situation as much as a priority as you do and it may take some time or even weeks to fix things. It is always better to try to avoid this situation from happening by reducing your chances of being hacked in the first place.
Which websites are more important to change your passwords on?
I feel any website that is money orientated or shopping website that has your current credit card saved on your account should be changed more frequently. Some examples of these types of accounts would be any bank, any financial institution you have money in such as an investment account, all credit card companies, your web hosting company, your mortgage account, car loan account, Paypal, websites that you pay your bills online, your online selling sites such as Ebay, Amazon or Etsy, or companies that you use to purchase items often such as Amazon. This could also include any work or business websites or any website that could cause you a problem if someone else had access to your account. I would also change passwords for any major social media accounts that you use a lot or are part of any business you have going on. You do not want to build up a major social media presence and then have it taken away from you due to password issues.
As you may see from the websites listed above, I think the most important ones are financial, money-related, security-related, home video camera type devices, or who I order items from since I base my viewpoint on which accounts can hurt me the most if messed with. You will need to determine which websites are more important to you and not only change those passwords more often but in addition adjust the password to make them stronger. For your other online accounts you can change your passwords less often.
A strong password can reduce your chances of being hacked:
A strong password is at least 8 characters long and contains at least one upper case letter, one or two numbers, and at least one special character such as ! or %. You can use a password manager as your passwords get longer or more complex since the password manager will save your passwords. You also have the option to save the passwords to our local device that remembers them. Some websites have a set standard of what is required in the password such as a required number of characters and what type of characters to save your password. It is not so easy to make your password 'password' or '12345' anymore.
Many people have the same password for numerous different accounts, but I highly recommend that all your sites (or at least main sites) have a different password. Do you want a low-level customer service rep from a third world company that may have access to your user id/email address and password, try those same user ids and passwords for all common bank names or main credit card login pages to see if your user id (email address) and password will allow them to access your accounts? If you think about this issue, you may see more of a reason to make all your passwords different for different websites.
Verification/notice that your password has been changed:
When you change your password most larger companies send an email right away to your email addresses informing you that a change to your account has been made. They may even let you know what the change was such as a password, email, address, phone, or other contact information. You can ignore these messages since you know that you just changed your password or other account information. If you get one of these types of change messages that you did not expect, verify if anyone else such as a spouse did not make the change.
When you go into and change your password, it may be a good time to update any other information that is not current that has changed such as your phone number, email address, or home address as needed.
If you get one of these email notifications that you changed your account, especially if it is to your password, email, address, or other important account information and you or anyone in your family did not make any changes, then follow the instructions that usually accompany these types of messages and contact the company immediately. You would want to ask the company about any recent activity on your account and may need to put a temporary hold on your account until things get cleared up. For credit cards, you may need to cancel your current credit card and have the company issue you a new credit card number.
Even if someone changes your email address online to a new one without authorization, the company still should send you these types of notices to your email address before the last online change.
Changing times require better web internet security:
I have been using computers since about 1979 and the internet in 1989. In the past, not as much cybersecurity was needed and you could get away with a pet's name as your password or using the same password for many websites. Later on, I started making my passwords longer or two words together. Then I started adding one uppercase letter to my password. Then I started adding two numbers to my password and finally, I started adding a special character to my passwords and now use two-factor authorization to the online sites that offer it and I feel I need that extra security. As more and more people find ways to steal from you, you need to keep up with personal or business security.
While I have been using the internet since it started I have not known any situation in which I personally noticed a password or internet fraud type problem other than a few viruses that caused me some problems, I just think that times have changed and we all need to be a little paranoid by making our passwords more secure, different for each website and check out the credit card or bank statements every month for any unusual activity.
How complex should you make your passwords?
Make your passwords more complex or stronger, especially on companies such as banks or other money-related sites, credit card websites, or websites that you purchase from that have your credit card information on file. If you have a lot of activity on certain social activity sites such as Facebook or Twitter, you may also want to have a more secure password. It really depends on how important a particular company's websites are to you or how important or private the information that they hold is. Some people may want stronger passwords for online medical sites or perhaps your email accounts.
Even sites that generally do not have anything to do with money such as a personal Facebook account can cause problems if someone has your password. You do not want to build up a social presence such as on Facebook, Instagram, Twitter, or Youtube as some examples and then have it corrupted by someone else.
Sometimes it is not easy to convince an employee of a social media account that your account was stolen. They are probably wary of giving you access to your own account since they may feel you are not the owner and trying to convince them to give you access to someone else's account.
I know of numerous people that I knew that had their email account hacked in the distant past and the hacker was sending out spam emails or messages to the email accounts friends or contact list. This can cause some confusion and get people mad at you.
Many websites have a nice feature when you type in the new password that tells you if your password entered is weak, average, or strong. Some websites require your password to be at a certain length such as at least 8 characters or must contain at least one number or one capitalized letter. I think that this is a good feature to stop people from using weak passwords or at least warn them when they are. Since many people use "password" or "1234567" as their password, I think this is a good feature. It is also not a good idea to use as your password a word that is closely associated with you such as your birthday, your spouse's name, or your dog's name.
I recommend longer passwords with at least one capital letter and a few numbers mixed in. An example of a few passwords may be "Themightyoak57" or "ParkingSpot7$". Perhaps you can have a system where the first, last, or fourth letter in your password is always capitalized to make it easy to remember.
For a more secure password make them longer and include at least one special character.
Another suggestion is that if you have your own website to make the password that is used to change your website (hosting site) strong. I had a friend who had his website hacked by someone who left a message on his homepage that his website had been hacked and the hackers call sign. Most of the rest of his website pages were made unreadable. I guess he did not have a backup of his site so the website died.
General ways to help protect and keep your computer clean and more secure that I use:
1. Keep your operating system up to date with the latest software. If using a PC or Mac, you can have it set to update your computer automatically. You can also set your mobile phone to update the operating system automatically.
2. I also recommend that you update your main internet browser's software often. If you are using Google Chrome, Firefox, Microsoft Edge (formerly Internet Explorer), or Apple's Safari, you should set the browser to automatically update. You can also update the browser software manually when a new version is available.
3. Having good virus/firewall protection software on your computer is also recommended and really necessary nowadays. I have some example virus/firewall security software listed below that you can add to your desktop or laptop computer, your phones, and other hardware devices you have.
This type of security software includes the ability to do a full manual scan of all your drives using your virus protection software every few months or when you think you have a problem. If you really do not like doing these scans, then try to do a full scan at least once every six months or every year.
If you do them often, most software allows you a Quick Scan option that only looks at the most important parts of your main C: drive holding the operating system and does not take very long to finish. You can run these scans that look for virus type software that may be on your computer in the background so you can still use the computer while the scans are going on.
4. I additionally run a free version of a software program called "ccleaner" that can be downloaded here. This program cleans out much of your temporary files, old websites you visited, and cookies. I run this program about every month or every two months. This program has never caused me a problem.
By cleaning out old stored websites you previously visited and hundreds if not thousands of small cookie files that websites have placed on your computer over time, running this program could free up some storage space and make your computer run faster.
5. Here are two free programs that I use to look for spyware or viruses that work very well. The first one is called "Spybot Search and Destroy" which can be downloaded free here. The other one is called "Malwarebytes" and has free versions that can be downloaded here. I run both of these every once in a while in addition to my regular file scan that came with my purchased virus software.
Both these programs are popular and have been around for many years. I have never had any damage to my computer done by them. These programs rarely find anything that is harmful to my computer but that just means my regular paid virus software is doing a good job. For those who want a little more protection, they are free and you can run them if you want.
2 Factor Authentication:
Note: 2-factor authorization has been around for a long time, but it was not always offered to the home consumer as much when logging into a company's online web pages. I highly recommend adding 2-factor authorization to all your major websites that offer it and there is no additional charge to use it. It does take a little time to go into many of your individual websites and see how to set it up for each of them, but you can do a lot of them in an afternoon. Once you have it set up, it does not require any more regular maintenance later. Some sites call this by other names such as Two-Step Verification or Two-Step Authorization.
It is highly recommended to have 2 Factor Authentication set up for financial institutions or brokerage accounts, accounts that access business/work systems, home security systems or home video cameras security systems, your video doorbell, major smart devices you have in your home, your hardware such as a tv that has a built-in camera, your credit card sites, banks, your work accounts, accounts that have medical data, companies that you pay bills or loans for, as a few examples when it is offered.
It makes sites much more secure and having a hacker breaking into them is much more difficult. If you make it more difficult, then the hackers will move on to someone else. If you have a security camera in your house, do you want someone watching and listening to you using your own camera? This would be a good reason to add 2-factor authorization to your software that uses security cameras or for software that runs hardware that has built-in webcams such as a laptop or smart TV.
We have to be a little more careful nowadays since online theft or hacking has grown into a much larger issue than in the past. There is a reason that companies that offer online access now offer 2-factor authorization when they did not offer it in the past.
Some of it was companies getting bad press. Most people probably remember some of the videos of some hacker being able to see the security camera video of a child in her home bedroom and the hacker seeing and talking to the child using the security camera speaker. That specific company put in many security changes to their software pretty quickly, including 2-factor authorization, that they should have already had. This made it much more secure. Companies are generally making things much more secure than they used to be which is a good thing. More companies are now offering 2 party authorization that the customer can choose to turn on if they want at no extra cost. I would not use a bank or brokerage account online nowadays that did not offer 2-factor authorization.
2 Factor Authentication adds an extra layer of security to signing into an account. You can have part of your online website sign-in procedure include having information sent to your mobile phone or other hardware devices to verify that it is you. You can set your main computer, phone, or other hardware devices you use often to be recognized during your login procedure for sites that have 2 Factor Authentication. If the website sees you are on a recognized piece of hardware, then the 2 Factor Authentication will not need to send you a verification message resulting in a normal faster login to your account.
When you access a website in which you turned on 2 Factor Authorization and the website does not recognize the hardware device you are on, the website may send you a security code number to your secondary hardware device, such as a phone. You then type in the code number you received into the device you are using to access the web page. This is how many 2 Factor Authentication checks work. Some websites have a slightly different method of verifying 2 Factor Authentication. With this extra check, even if a person you do not know had your user id (email) and password, they would not be able to get into the website under your account. When the website asks for the received security code to be filled out on the website, they would not have it.
Extra log-in verification would mostly be only asked if you enter a website on an unfamiliar computer such as at a library or from a hotel connection or on public wi-fi. For example, when I use the computer at the library to log in to my Google Gmail email account, Google sends me a quick message to my mobile phone asking me if it is me. I simply press the 'Yes' button and I can sign in. Having 2 Factor Authentication is not really any more complicated since most of the time you may not have to do anything extra. If you delete your computer's cookies, you might have to verify it is you again for that one time on that hardware device.
If someone knows your user id and password (that should not) and tries to log in, the website will ask for further verification since they are not trying to log in from your recognized computer, phone, or wi-fi connection. That person will not be able to provide this further verification, since this further verification request will most likely go to your mobile phone or another hardware device you own and not to them, which would stop them from logging in. This can also give you the clue that someone may be trying to log in to your account and you have the option to change your password for that account if you want.
Security software and keeping your computer software up to date:
It is a good idea to have some security software loaded up on your computer. Numerous companies sell these. There are a few free ones, but in this case, I would go with a security software/virus protection that you purchase. You generally purchase a license for each physical hardware device such as your computer, tablet, or mobile phone. If your family has 5 different devices and you choose to load the security software on all of them, then you would purchase five software licenses. Usually, the more licenses you purchase, the less cost it is per device. The security software should be set to auto-update and it should help prevent known malicious software or viruses from loading.
You can also use your security software to run a scan on your computer every once in a while. They usually have a quick scan to review your main operating system files and a full scan that will review all your files on your computer. It is a good idea to scan your computer about every month or two. If you only scan your computer every 6 months or once a year, that is better than not doing it at all. You can run these scans in the background and use your computer at the same time. You can set a reminder in your calendar to do a regular scan.
Note: Another thing you can do to protect yourself is limiting loading up free computer software or mobile phone apps that you do not know the company behind them well as they may have harmful added code hidden inside the software. You should also be careful to download software from more sketchy types of sites. What one could consider sketchy, others would not. For example, downloading a cracked software product without paying for it could result in bringing in a virus to your computer.
Security software is sold by many different companies. You have to look at the wording to see what they cover since the less expensive price may not cover all your needs. There is a difference between a security product that just says Anti-virus, Internet Security, and Total Security. I recommend that you get a security package that covers total security such as some examples shown below. The prices will go slightly up for more security features. Also, prices vary depending on how many licenses you purchase. If you and someone else have two computers, a laptop, and two phones, you can purchase five licenses to cover all your devices. You only need to purchase and load the software on devices you want this purchased security on. The price may also vary by how long the license may last, a package that does not expire for 3 years will cost more than a package that lasts only one year. Usually, there is a big discount on the more licenses you purchase and use for multiple years. You can take this all under consideration when you see many different prices. I recommend that you first determine how many products (licenses) you want to secure and then purchase the best total security type package for the number of years you want.
What if I get an email notification from a company that I use that they have had some account information stolen from them?
Originally, this article was written in 2014 and has been totally rewritten in 2021
One of the reasons I decided to write this article initially in 2014 is from all the company email or written notifications I was receiving at the time about their sites have been hacked.
I have received notices from about five companies (in 2014) in the last year such as Target, Adobe as many of you reading this may have also had the pleasure of reading. Another one from Adobe and even one from a small company that I use to print some of my photographs. Since I originally wrote this article, companies have been getting better at protecting their information. They probably felt that they would like to avoid such bad publicity and reduce their liability losses.
While this stolen information is not necessarily related to web accounts and more relates to hacking on the companies corporate computers or the credit card scanner devices at brick and mortar stores checkout areas, it does let you know that sophisticated hackers are out there and they are stealing private information from millions of accounts at a time. The only advice I can give on this is to review your credit card statements monthly for any activity that does not look right. Many thieves who buy the credit card information may put small charges on your account with amounts less than $10. These smaller charges may not be as noticeable as larger charges.
Some of the information that companies may have given to hackers maybe your user id, email address, or credit card number without the 3 or 4 digit verification code. It could be other personal information about you but not always your passwords. In some cases, your passwords may be released and then you will see that the company has removed your sign-on passwords and have you sign in while verifying it is you and have you enter in a new password. I have heard fewer cases of this lately, so companies are taking computer security more seriously, but hacking still takes place.
Some of this stolen credit card information is used to open up other new credit cards and some of these credit monitoring companies such as Lifelock can be useful if someone opens up a new credit card account or a loan under your name/social security number and they send you a notification email on the new credit card under your name. These credit monitoring companies charge a yearly cost for this service.
I feel that many of these companies that have been hacked are not telling their customers on a timely basis or underestimating how bad the break-in was and seem to be unsure of what information was stolen. While this kind of hacking has existed for a long time, it is getting more press now and companies are now required to inform their customers by law and the larger ones are doing it. The bottom line is that I feel that we need to be more careful and watching over our accounts now whether it be credit card accounts, bank accounts, or web-related accounts.
I suggest that if you own a small or large company, that when you have an employee leave, you remove their user id/password from the system right away. A recent very large hack (2021) on a large corporation was done by accessing the system using an old sign-on that should have been removed when the employee left.
Update: Companies are doing a better job of securing information now (2021) than back then, but you still need to be careful and do the things that you have control over to make things safer.
Have you been Pwned?
One thing I have signed up for is a site called Have you been Pwned. It looks to see if your email address or phone number is associated with an account that has been breached on a company site you have signed up for or perhaps feels your private information may be for sale on places such as the dark web.
You can sign up for this free service here. Every once in a while I get an email from them relating to my email address. When you do this and see some of the sites in which your private information might have been stolen, you will understand more why you should change your web-related passwords every once in a while.
If you look carefully at the diagram to the right, when I type in my email address, it states that it found that email address with 11 related data breaches for the many years I have signed up for.
I do not show the data breaches, but it lists off the year, company name, and what fields were exposed such as user id, password, phone number as some examples. This is helpful when you get a new notice automatically emailed to you, you can change your password for that specific company.
What can someone do to harm you when they know your online user id and password?
When someone has your email (userid) and password, they can cause a lot of trouble for you on any site that you use that password on. One of the things they may do is change your email address, change your mailing or shipping address and change your password which will lock you out of the system. Once this is done, they could have the authority to transfer money out of your accounts if it is a bank, making bad stock purchases on your investment account, or simply order expensive items and have them mailed to your changed shipping address as an example. While I am sure different companies have some internal protection that may protect you in some cases, they may not work every time.
A more recent development in cyber security is called ransomware. In the past few years, it is becoming more common for hackers to encrypt or scramble your personal PC data or files or company data so they can not be read and then ask for a lot of money so you can get access to your computer data or files again. It happens to police departments, government sites, hospitals, larger companies, and some personal home computers. The last big one (2021) shut down a large gas pipeline which caused higher prices at the pump and also many fuel shortages in multiple states. Having your computer files encrypted can happen to even a small home computer and it is not always to larger companies. It is now more important to backup your data and keep those backup drives and files off-line as in not physically connected to your computer. I use external hard drives and only turn the power to them on when I do a backup or recovery. External hard drives are now really inexpensive and backup software is simple to use.
If you get an account change notice and your password does not work, they may have changed your password and you may need to call the company to put a temporary hold on your account until you determine if any recent activity may have been on your account that was not authorized. You would first try to recover your password which many companies call 'Forgot your Password' to see if that works. After that, you may want to call and then take advice from the company since they may know what is best for their specific company. You may also be liable for future fraud on the account if you do not take the security steps as the company suggests.
Sometimes it may be best if you notice anything strange on any of your accounts even if you do not find anything wrong to just do a simple change of password.
If you are getting divorced or just break up with someone that knows your passwords, you may want to just change them if the account is under your name only.
Backups - Backing up your computer files to an external drive:
Another topic is about recovery. If you do have an issue with your computer from a virus or just deleted some needed files, having a backup of your system can be handy. If your hard drive goes bad or breaks or you are hit with a virus that encrypts all your computer files, it is nice to know you can restore much if not all of your data from backups.
You should run backups as often as you feel you need to. It comes down to at what point does your backup becomes so old that you wish you had a more current backup if you needed to do a restore. Most of the time that I use my backups is when I am working on a file or document and feel it is better to just restore it to its last saved backed-up version. Backups can also be used for major file recovery if you are in a situation that requires it.
After your initial backup of all your hard drives, you can do your incremental backups daily, weekly, monthly, or every 3-6 months depending on your specific needs. If your computer information is critical for a business, then you should probably back up more often. When you do a backup, it can be set to only backup new or changed files since your last backup (incremental backup), so making the regularly scheduled backup does not take that long. Your first backup will take some time since all the files initially need to be backed up. You can also have a second backup in case your first one does not work.
You can also keep one of your backups outside of your home or business in case you have a fire/flood that damages both your computer and local backups. With external hard drives so inexpensive now for a very large one, it is hard to have an excuse to not do backups. You could give a second backup to a friend or place it in a safe deposit box. Some people will place the backup hard drive in a safe in case of a fire, the safe will get hot enough to melt the data-saving magnetic coating on the spinning hard disks making them unreadable. I also would not trust the more new solid-state hard drives in a safe with a home fire. Most safes will keep paper from burning up for a specific time period during a fire, but may not from keeping your backup hard drives safe.
I use a backup software called Genie Backup Manager, but there are many software products to choose from. The best backup software is one that you feel you can use easily to encourage more frequent backups. If you purchased one that automatically made backups on a regular schedule, that may be better for many people. You want a backup software that you can also learn how to restore a specific older file since that is one reason to back up your files. Backups can be used to recover a single file, a total recovery of many files such as the case in which your accidental erase an entire file directory or your entire drive in case a hard drive gets corrupted or physically damaged.
I have not used the backup software shown below but put out as an example of what type of product that does backups.
Do you have the same password for many of your online accounts?
I highly recommend that you do not have the same password for many or all of your accounts. I have read that a very large segment of people do this. Can you imagine the number of Customer Service reps or a great number of people that have access to your user id (email) and password information at their company? If you use the same email and password on many of your other accounts, they could try your same email and password combination to see if they can log on to your other accounts.
You have to ask yourself if people looking to harm you or steal from you would be able to get on to your Amazon, EBay, Facebook, Bank of America, Chase bank, email account, or your credit card companies website as some examples is worth the convenience of using the same password for most of your accounts. Using the same password on multiple accounts can lead to an old girlfriend, boyfriend, spouse, roommate as some examples can abuse the use of knowing your email address and passwords across multiple accounts. Also, if someone you know knows your passwords, and you no longer have a good relationship with that person, I would change your passwords. Sometimes it is good to be a little paranoid.
Did you just get divorced, seperated, break up with someone or even switching roommates that knows your passwords?
I suppose a lot depends on if you shared that website or social media channel together and who contributed to it. If you end a relationship of any type and someone knows your passwords, it is time to change them. I would do this even if you feel that the other person would not do anything harmful with this information. Sometimes people do stupid things when they are upset. I think of this as no different as if someone no longer lives with you, it is better to just change the locks (rekeying) to your home.
I would first start with those website passwords that normally only you use or own yourself such that it is in your name only. Besides changing the password, I would also verify that the web account details has your address, phone number and email address and not someone elses. You do not want someone else to select the option, forgot my password and then have access to change the password on your accounts. If the website which is password protected is known and used by both of you, that is a discussion which you should have about who wants or gets use of the website if it is not a site that you still wish to share.
If you are no longer going to have access to a web account, you would want to erase any existing credit cards under your name that is associated with that web-related account or perhaps web apps before you no longer have access to them. You can see a sample of which type of accounts may be worth changing your passwords on in the above menu option 'Which websites are more important to change your passwords on. Depending on the situation, it may be best to just get your credit cards replaced with a new credit card number which is free. This could stop some auto-payments you forgot about, such as paying someone elsed utility bills to someone using their phone to order food with an app that has your credit card number attached to it. I do not think of this as being paranoid, just something that can be done in less than a day, and then you do not have to think about it again.
Using password management software on your computer?
I keep a manual list of my passwords on regular line paper. I generally enter the website along with the User ID and password on the rest of the line. For convenience, I also use a password manager which is software that you can buy from different companies that are not that expensive. This software can securely store your passwords for different websites you access regularly so you can log on easier without the need to check your list of passwords on a printed document as often.
The virus software that you purchased may already have a password manager built into it. I use a product called Roboform and it has as one of its features a password manager. You can find a free version of Roboform here. The paid version has more functions, but the free version will do fine for a password manager. You can also get a password manager app to handle some of your devices such as your smart TV or Amazon Fire TV stick as some examples.
I mention this for those who only want to use a few passwords for most of your websites, you have the option to use this password manager software so you can have many different passwords without the need to have them all memorized. With a passport manager, you only need to know your passport manager's password and then the software will fill in your sign-on information when you go on your different websites.
Routers administration password:
Most people do not think about this but your router password in your home is really important. Since your router can give access to all your hardware associated with it, you do not want to make it easy to have someone get your router login id and password. It is really important to verify that the default router password is changed since the default router passwords are commonly known. When you take your new router out of the box, your password to gain administrator access to it is published on the web. For most of the routers, the default username and password are "admin" and "admin" or "admin" and "password".
I recently purchased a new router for wireless internet in my home. The routers all come with default passwords to get administrator access that is used during the initial setup or when you want to change things like your router password. For my router the default router administration user id and password was "admin" and "admin" .
I was surprised by how difficult it was to find how to change this password in the menu setup. I actually had to look for a web article on which multiple menus I had to go into to change the router's administration password. I highly recommend that everybody change the user id and password from the default it came with out of the box. This administration password is not the same password you enter during the initial router setup that you enter on your wireless connected devices to access your wireless internet connection.
When changing this default router password, write it down since it may not be used for a while and maybe forgotten. Since all the default passwords are known for each brand, someone may be able to access your router if you leave your default router password as "admin" or "password". Some people actually drive around the neighborhoods with special laptops and antennas looking for easy-to-break-in routers on home wi-fi systems.
Also, if you have a very old router still on encryption "WEP", it is not very secure and can be broken in under a minute by people that know how to do these types of things. Most routers and what you probably have is WPA2 which is much more secure.
Routers regular wireless internet password:
Also during the initial router setup, they make it easy to set your regular router internet access password that you enter on your wireless devices such as your computer, TV, tablet, or phone. I suggest that since you do not need to enter this password that often once it is entered on your hardware devices after the first time, that the password is very long and complicated. As usual, I write down this password for later reference. Since this wireless signal can reach down the block from your home or business, you want to make it secure. If you live in an apartment with many neighbors very close to or near a hotel in which guests may search out for open internet connections, I suggest a stronger password. I do not recommend you ever have a weak password for your router or set up a separate guest access to your router that does not require a password.
I don't mean to be paranoid, but do you really want someone from your neighborhood downloading illegal music or child porn using your router/internet connection and getting a notice from your internet provider that they will take action if this continues or possibly call the police on you. Remember, you are responsible for what your internet connection is doing even if you did not do anything illegal and even if you are unaware of this activity. It will look like you, the router owner is accessing those sites even if it was some outside person using your router without your knowledge. A good reason for a strong router password. Also, you pay for your internet and you really do not want your neighbors getting your internet for free.
Another thing to do is to update the firmware for your router when you first install it. Your router may automatically update the firmware as time goes by or you may need to do it manually when needed. The firmware update procedure will vary per router brand.
When you do a wi-fi lookup of all the wi-fi signals near your home, you will see a long list and may even notice some of your neighbors by how they named their wi-fi names. They should all have a little lock next to the wi-fi names and require a password to access. Your wi-fi name should also have a lock symbol and require a password to access.
Entering of security questions from websites:
Before the internet, you probably had these types of security questions from a bank to verify your identity. The banks used to ask your mother's maiden name a lot or a small variety of other questions such as your social security number. When using the phone, many companies already know your identity since they recognize the phone you are calling from is yours. That may be enough or they might ask you for a four-digit code, ask you to enter a password or account number into the phone, or the last four digits of your social security number.
Even some websites use your computer identity as part of the process to verify who you are. If you use the same computer to access the website, your computer's internet IP address may be the same and the company website can recognize you, or at least your computer, from past access to their site.
Many times on more secure sites, you may know your password but still, you may have to answer a few security questions before or after you enter your password. These security questions are initially asked when you set up an account such as an online bank account. Different companies use different questions but many of them are the same. Some examples might be you are shown a list of different addresses or County's and ask you to select which one you once live at. Most of the time the security questions are ones you previously entered when opening the account at the company. They may ask what your pet's name is, what is your favorite color is, what was the name of your high school, or what city your mother was born in. On my manual written password page, I usually keep a note on the answers to these security questions next to where I write my password in case I forget what I had said.
With the internet containing so much information and more public information about you now online, I am not sure these types of security questions are as safe as they used to be. I hear of cases of celebrities getting their social network or email accounts hacked. I believe they attempted this hack by requesting a password change by only knowing the user id or email address and they were able to get full access to the account by answering some online security questions. These answers could be looked up if someone was an investigator or skilled in certain areas.
So what's my point here? I feel it might be safer to give false answers to these web security questions and then write the questions and false answers down on your manual password page in case you need to reference them in the future. Another method would simply be to add a letter to the beginning of each security answer. For example, if you are asked: "What is your pet's name", you can answer "xfido" instead of "fido '' since all our answers start with an "x". This way you can still answer the security questions by knowing the answer but entering your code "x" first to all your security answers. This should make it difficult for others to answer your questions. Just an idea I thought up but have not used yet.
Do you have many of your internet passwords listed in your old emails?
I searched and was surprised at how many I had. I found most of them and deleted the old emails that displayed my passwords. If someone knows your email password or has access to your email account, they could search for the word "password" and find many of your current and old passwords from this one simple search. You may have dozens of old passwords out there listed in your emails going back 5 - 10 years and you may not even know that they were there. If you change your passwords more often, then this should not be an issue.
Since I had originally written this article, companies have been smarter and not placed your passwords in your emails anymore. Security on this issue has gotten much better. I left this section in to see if you can find any really old passwords written in old emails that are still valid. You never know if you do not look. If you change your passwords for your main websites once a year, you probably will not have any issue with very old passwords displayed in your older emails.
What to do: Search for the word "password" on your email list. Review each email listed and delete any email that lists a current or old password. I recommend this on all emails with passwords even if it is for a minor website or for ones that may even be out of business. I do this every few years to just get rid of them as they accumulate.
If you get way too many emails on your initial search for "password" you can take another approach that I use. Most email clients have a more advanced search feature such as Gmail to search in different selected fields such as only in the "Subject"; line or only search the email content section.
I initially looked for the word "password" only in the email subject line. This seems to get most of them without having many other emails get selected that do not have passwords in them. I then do a global delete of these emails. I then may do another search for the word "password" by searching only in the content area of the email. I may look through some of these looking for passwords and then delete them as I find them.
These passwords end up in your email usually by way of the website/company sending you an initial password when you first set up your account. You then have the option of changing your password to something more friendly on their website if you want. Another way is when you can not remember your password for a website and click on the "Forgot my password" link. You usually enter your email address and the website sends you an email with your existing password. More websites are now sending you an email with a link that directs you to a special web page that you can enter with a new password. This is much better since the password is not listed in your email. Also, these password change links expire after a few hours or that day so someone can not use these links at a future date to change your password.
Written by Bob Estrin
Feel free to enter in comments (without internal links). The last 10 comments will be on display with the option to view previous comments if you want.
Copyright 2021 Bob Estrin
Feel free to link to this article from your website.
Bob Estrin Photography is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com.