A web developer explains why and how to keep your passwords safe
Every day we hear about security breaches where websites are hacked and usernames and passwords are stolen. There must be many more we don’t hear about. You might have been told not to use the same username and password on more than one website or app – but how do you remember them all?
Hackers steal login details in many ways – through data breaches or other more direct methods. They then test those credentials on sites all over the web to see if that same login and password combination was used elsewhere. You might not even know that someone has logged into one of your accounts or used your information until you end up locked out of some of them or see suspicious transactions.
Let’s say someone steals your username and password and uses it to get into your online public transport travel card. You might think that’s not so bad – it’s only your travel card. However, these hackers can not only use the credit on the travel cards linked to your account, but when they’re inside your account they can see your account and your kids’ accounts, where and when you travel, stops and routes that you might have marked in your favourites, and find out your address, email address, phone number etc.
When hackers can get into your online accounts they can potentially find enough information about you to take over your identity, empty your bank accounts and a range of other awful things.
Here are some of the simple recommendations I make to family and friends to look after their passwords.
Set up a PIN or key pattern or biometric security on all your digital devices so you're the only person who can log in.
Without this kind of security all your information is open to anyone who steals or finds your phone. If you’ve automatically logged in to lots of apps on your phone, anyone who gets your unlocked phone can use all those apps and change your logins and passwords to lock you out.
As a web developer I have to log into a lot of different systems for work. At work we use a single identity provider where possible, plus secure software to manage additional passwords as needed. In my personal life I use password management software.
Gartner provides a list of many of the most popular password managers, but for a simpler option see Choice magazine’s article that explains what password managers are and how to choose and use them.
Most web browsers can securely store your usernames and passwords and fill them in automatically for you. Better yet, many work on all your different devices, so you’ll have the passwords wherever you are. For example, if you have a Google account and use the Google Chrome browser on all your devices, when you need to create a new login, it’ll suggest a secure password and allow you to save the login details. The new password can be a mix of letters, numbers and symbols and you can accept it knowing that you don’t have to remember it. The browser will remember it for you. Even if one of your passwords to a particular website is somehow stolen, all of your online accounts will have different passwords, so they’ll be safe.
Protect all your accounts with a simple extra step. Whenever a website offers you the option of turning on two-factor or multi-factor authentication, accept it. You probably already use this for your bank’s mobile apps and for online government services – you log in and they send you a code via text to your phone or by email, and you enter this before you can log in.
If you don’t want to, or can’t, receive a text or email, you can use something like the Google Authenticator app, or one of the many other authenticator apps out there, to get the code you need to log in.
Mansi is a Full-Stack Developer with ten years of experience working in the Digital space. She has worked with various technologies like Silverstripe, Laravel, ReactJS, Bootstrap, Foundation, etc. She is passionate about web technologies and enjoys solving challenging problems to help clients and businesses have a better digital presence. With her love for mathematics crossing over with software development, creating robust web solutions is never far-fetched for her.
Mansi Sheth-Parma, Senior Developer