Do you feel you’re already doing everything right when it comes to Internet security? Are all your passwords in order, unique, and not created by you? Or do you still use the same one for most accounts and keep them in a notebook on your desk?
With so many companies suffering breaches and having customer accounts leaked, it may be time to consider some new security practices with your technology, especially if you use it outside of home.
This past Thursday, besides this year being Star Wars Day, was World Password Day. The first Thursday in May provides a timely reminder to reevaluate our passwords, including assessing their strength and security. The Password Pledge may be a good place to start.
Dead Pets’ Society
Most password managers will review your passwords and provide information about the ones you’ve reused as well as those compromised by a breach. For example, in Safari > Preferences > Passwords and System Preferences > Passwords, a checkbox at the bottom lets you give the browser permission to detect compromised passwords. It will proceed to show them at the top of the list.
Likewise, 1Password’s Watchtower can connect you to lists of your vulnerable, reused, and weak passwords. You can learn more about security leaks by entering your email address(es) at Have I Been Pwned.
It’s time to stop using your partner, places you’ve lived, and dead pets’ names in your passwords. While we proceed (for now) with the inferior system of using passwords to sign into online accounts, the best practice is to use a computer-based password generator to create secure strings that make it more difficult for other computers to hack into our accounts.
Keep Passwords Private
You know why payment terminals have barriers around the keypad, right? For the same reason you wouldn’t want the customer behind you to learn your debit card PIN, you wouldn’t want them to learn your password either.
So, use your iPhone’s Face ID or Touch ID capability, and set up Touch ID on your Mac if available. If you haven’t set up Face ID because you’re spooked by face recognition technology, it’s time to dispel your fear. Your iPhone stores your face biometrics securely on the device and cannot share it over the Internet. The same goes for your fingerprints and Touch ID.
Get a Two-FA
Use two-factor authentication but not by text message. SMS can be spoofed, so verification codes sent by text message are not necessarily secure.
When 2FA is available, check to see if you can use an authentication app like Google Authenticator to generate a one-time password (OTP). If so, you can engage many password managers like 1Password to provide this rotating key.
Wondering how using a password manager to also generate OTPs is secure? Well, therein lies the choice between security and convenience. A hacker still needs your master password and secret key to unlock your vault. Or, you could opt for higher security and net a more complex and tedious login process.
What Comes After Passwords?
The future of account security measures involves passkeys, which use biometrics to authenticate an account. Rather than using your face or fingerprint to unlock a vault and fill in a password, your biometrics would directly log into the account.
Apple supports passkeys as of macOS Ventura and iOS 16. Not many websites and services are compatible yet, but you’ll probably start seeing them offered more over the next few years. In celebration of World Password Day, 1Password had this to say about its development path.
[Update: As of later in 2023, 1Password supports passkeys. Read more about how to do it.
There are more tips and opportunities in this 9to5Mac article. I can help you take any of these paths based on your own security preferences. What measure will you implement next?
Reply or comment on this