5 tips for keeping your passwords secure from hackers

password security

Think about how many passwords you use everyday.

To login to your computer. Your email. Your website. Your online bank account. Facebook. Twitter. LinkedIn. Other Social Media. Cloud based tools like Dropbox. Your Google accounts like Google +, AdWords and Analytics. Plus every other service that you create an account for.

The list is long.

Unfortunately there are a lot of people in the cyber world who would love to get their hands on your passwords.

Last year I travelled a lot and worked remotely. The recent WordPress hacking scam reminded me of the precautions to took in order to keep my passwords secure.

I’m also interested to find out what tips you have for password security so please leave your thoughts in the comments below.

1. Choose a strong password that you can remember

Read this article from Symantec on A Guide to Better Password Practices and there is more info in this article Your password probably sucks

There are tools that securely keep track of your passwords for you, which ones do you like best?

2. Password protect your laptop, iPad and Smartphone

When you’re away from your office, login from your own laptop, iPad or Smartphone if you can, rather than logging in from a shared computer.

Make sure a pin or password is required to log in to your laptop or iPad.  Without this extra protection if anyone steals your laptop and you’ve saved your logins in your browser then others may be able to get access to your accounts.

If you have to log in from a public computer, make sure that “remember my password” is un-checked and that the browser is not saving your password.

3. Never click on links or attachments from unsolicited emails

Every day it feels like I get more and emails from people trying to get access to accounts like my bank account, PayPal, Facebook and Twitter. And their efforts are getting increasingly clever.

Hopefully we’re all aware of the scams where someone trys to get your bank account details by offering a large sum of money, or sending a realistic looking email from Paypal or your bank trying to get your log in details.

But now there are people:

  • sending confirmation of orders that you didn’t place*
  • following up complaints made about your business* (for me these are usually from a country where I don’t offer services)
  • trying to deliver something via UPS that you didn’t order*
  • offering jobs that I’m not interested in
  • sending Direct Messages like “you didn’t see them videoing you” on Twitter in order to get your Facebook log in details.
*Often these top three are trying to get you to download an attached zip file.

If you think the email might be legitimate, contact the sender separately and check with them.

Also read the information about phishing scam emails on the SCAM Watch website.

My hotmail account was hacked recently and I have to say that I was incredibly impressed with the security measures in place to give me access back to my account.

And Google now requests a mobile phone number which can be used for verification if you ever need to recover your account details.

4. Add extra security to your WordPress website

I was recently reminded about a WordPress plugin called “Limit Login Attempts”, which does exactly what it says it does; once someone has unsuccessfully logged in a certain number of times, their IP address can be locked out for a specified period of time.

The plugin can alert you if hacking attempts are made. Since adding the plugin to one of my websites, I started receiving regular notifications of failed attempts.

A current WordPress hacking scam involves someone with tens of thousands of IP addresses trying to hack websites that have “admin” as a user name. The plugin mentioned above won’t help you beat these hackers (at least you’ll be alerted about hacking attempts though). Instead, it’s recommended that you stop using “admin” as a user name and make sure your WordPress website is backed up and upgraded to the current version of WordPress. Read more about how to protect your WordPress website.

5. Never share your Google AdWords or Analytics password

If you need to share your account data with someone else, this can be done without you sharing your password.

Given that your Google password now might give access to many accounts other than AdWords and Analytics, keep it to your yourself!  And if you do decide that it’s easier to share your password, don’t send it to someone in the same email as your user name.

I’m an everyday user who picks up tips along the way but I’m not an IT or security expert, so if you have other tips for keeping passwords secure, I’d love to read them in the comments below.