The online world is a dangerous place, especially if you don’t know how to take even the most basic steps to protect yourself.
Every day the news is filled with accounts of hackers attacking Fortune 500 businesses, even our national government. The New York Times recently reported that Russian hackers had gathered 1.2 Billion usernames and passwords for online sites.
We are told about the threats, but not how to protect ourselves. Until now, that is…
I’m about to tell you how to take the most crucial preventive step.
As you probably know, passwords are the linchpin to online security. What you don’t know is that you’re probably woefully negligent in protecting your passwords.
What Hackers want most from you
Hackers want to know two things about you: (1) what banks or financial services do you use? and (2) what password do you use to login to those places?
(By the way, let’s put aside the fact that most hackers are not going after individuals, but rather large groups of people. To properly protect yourself you have to assume they’re targeting you specifically, and build security to prevent that attack, or at least minimize its damage)
So, what’s the low-hanging fruit that will allow hackers to get at your financial sites? Answer: your email account.
If someone gets the password to your email account, they can login and read all your email. Then they can find out what bank or financial services you use.
Then, they can go to the bank and click the button that says “I forgot my password.” And guess where the password reset instructions will go?
Yes, they’ll go to your email account, which the hackers now have access to. Then they’ll be able to create a new password for your bank account and start siphoning money.
So, how did the hackers get your email password to begin with? That’s really the crux of your woefully deficient password problem.
Because if you use the same password for all of your online accounts (which most people do), then all a hacker needs to do is to hack into an online database like Target’s, LinkedIn’s, or Twitter’s etc.
Once they know the password that you use on one of those online sites then they can (usually) safely assume that you’re using the same password for your email service.
What’s your first line of defense?
So, the first line of defense in protecting yourself against hackers is to create DIFFERENT passwords for every online account. Or at least for the important ones, like your email service, and your financial sites.
Keeping track of those different passwords might at first blush seem like a big problem, but it’s really a small one that’s easily solved. Here’s how…
Password manager = strong protection
Get a password manager. By that I mean, get software for your computer that helps you manage all the different passwords that you’ll be needing to create and use.
There are at least three password managers that have been around for a long time, which savvy internet users have been using: 1Password, Roboforms, and LastPass.
It doesn’t matter which one you use; pick one. But, in case you’re not sure what to do…
I’d recommend LastPass. It’s the cheapest of the three I just listed ($12/year), and it has every useful feature you’ll want.
Those useful features include:
- NSA-level of encryption for your password database, which means that no one can hack into it. (they’d have to guess the password you use to protect it, and you should use a strong one).
- ability to auto-fill passwords (and username) at all of your important websites
- ability to generate (and then automatically remember) strong passwords, e.g. H7uCzHC8PiWobBHb
- ability to store and auto-fill credit card information, which makes it easier to fill in online forms
- ability to synchronize the password database to your phone or tablet, so that you can have access to your passwords even when you’re away from your computer
- ability to quickly share any of your passwords with family members and trusted associates, if you need to.
There are so many benefits that flow from using a password manager, that it’s blatant negligence for a lawyer not to use one.
Oh, and one more important thing…
Obviously, you need to protect the main password that’s needed to access your LastPass database. Don’t use a word or phrase that’s in any dictionary, because computers can easily guess (by brute force) passwords that are in the dictionary or in a reference book.
For sure, don’t use any of these passwords.
The best way to construct a good password to protect your database is to use a weird word, and then put some numbers or symbols in the middle of it.
For example, in New Orleans there is a street called ‘Tchoupitoulas,’ which most people have trouble pronouncing, much less spelling.
If you lived in New Orleans and knew about this weird word, you could use it to construct a password like this: ‘tchou*pi1oulaz’ (or something similar; use your own creativity).
That’s a word/number combination that a New Orleanian could remember, and which a hacker wouldn’t guess using a brute force attack. That’s how you create a strong password for your database.
Key Takeaway
First, start using a password manager like LastPass. And when you do, spend the time to create a strong password to protect your LastPass database.
From there, use LastPass to create super strong passwords for all of your important sites. Then you can relax, knowing your online information is very, very secure.
Obviously, you still need to keep your guard up. But at least you’ve thrown up enough roadblocks to make yourself unappealing to lazy hackers who always prefer to seek out the low-hanging fruit.
We can talk about two-factor authentication another day. For now, just get that password manager going.
Bonus video
Finally, watch this 5 minute video I created on to see just how easy it is (using inexpensive, widely-available software) to crack passwords that are based on common words. If that doesn’t motivate you to start using a password manager…well, I don’t know what to say. Except, good luck out there.