Password Protection
Table Of Contents:
- Where should I store passwords?
- Passwords should NEVER be sent over unsecured methods.
- Use a password manager
- Never Reuse a password
- What password should I use? How to choose a password?
- 2FA - 2 Factor Authentication - What is it? How do I use it?
Where should I store passwords?
Passwords should be stored in a password manager that is encrypted. We recommend using Dashlane but there are other programs like LastPass that also encrypt your passwords and keep them all in one safe place. If you decide to use a password manager, we also recommend setting up 2FA for ultimate protection. You should download your passwords every year and keep them in an encrypted storage.
Passwords can be stored locally on your computer in an Excel spreadsheet. If you prefer keeping your passwords local, be sure to encrypt your Excel spreadsheet and have a password to protect that file. Be sure that your file is part of your backup software.
Google Drive and OneDrive - You could store your passwords on one of these. But we recommend only sharing this information with trusted individuals. NEVER share the file as a direct link; be sure to only share with specific accounts. Editing ability and viewing ability can be set. Also both of these services offer a "drive sync" operation for an account. This means that these files MIGHT be stored locally and would still follow the same directions above about storing passwords locally. They need to be encrypted. The negative aspect of using this method is that you, as the owner of the password, does not have control over what the end user is doing with the password.
Passwords should NEVER be sent over unsecured methods.
These methods include but might not be limited to:
- Text Message (SMS)
- Facebook Messenger, Twitter Messenger, TikTok, SnapChat (any social media messenger) ↠these are the worst and none of these messages are private.
- DropBox
- Excel Spreadsheet (Not Encrypted or Password Protected) stored on a network drive or server.
- In your browser
If you need to send a password to someone, use DashLane to send password to another user. This way it is sent through a secure method. Or call the person that you prefer to send a password to. Using password managers still is the best and easiest method to share passwords securely.
Google Chrome, Firefox, Edge, Internet Explorer - all of these browsers store your password unencrypted and are easy to manipulate to gain access to these passwords. We don’t recommend storing your passwords in any browser. If you want autofill we recommend using a Password Manager like DashLane or LastPass to autofill your passwords.
Use a Password Manager
The most effective way to store passwords is using a Password Manager. Password managers keep your passwords safe, encrypted, and all in one easily accessible place.
We highly recommend using DashLane for password management. But there are other password managers like LastPass that also work well.
Password managers should have a unique master password. Please check out our section about "What password should I use? How to Choose a password"?
Never Reuse A Password
If you use a password across multiple sites, you run the risk of that site being compromised and the other sites that use the same login information also can be compromised. This is a typical hacker attack. We recommend that you use a unique password for every site that you login to.
If you need help choosing a password "What password should I use? How to choose a password?"
What password should I use? How to choose a password?
- Passwords should NEVER be something personal to yourself.
- Passwords should NEVER be your birthday, pets name, address, social security number, phone number, etc.
- Passwords should contain numbers, characters and an upper case character. At least one of each. Multiple combinations are even better.
- Special characters can also be used, but not all systems support special characters. Special characters include !@#$%^&*()-+~`<>?,./{}\|
The password that you use to access your password manager needs to be a secure password. A password that means nothing personal to you. That has not been used before and is unique in every way. If you need help with creating such a password, please use our password generator.
If you feel that your password is not unique enough or has been used before we recommend using Have I Been Pwned website to check if your password has been used or has been part of a hack.
2FA - 2 Factor Authentication - What is it? How do I use it?
What is it? It is a way to secure your account from hackers or people that have obtained your password. It is a second level of protection for your online accounts.
The most common methods for 2FA are Google Authenticator (app based security), Hardware Based Security Keys (Yubico Keys, Google - Titan Keys), Text message based code system (SMS) and Email validation code system.
How do I use it? It is based on the implementation of the site that you are using it with. Not every site will have all the authentication methods listed above available; you will need to use the ones that are available for that site. The upcoming and most secure method is using a Hardware Based Security Key. But not all sites use this method, you will be limited to the availability of these methods.
To find out how to implement this on specific sites please visit our page dedicated to each common site.
Hardware Based Security Keys - this is the best implementation of 2FA. This secures your account with a Time Based Security key. This requires the key or authenticator code to access your account. This could be used in conjunction with Google Authenticator (an app based security code). We recommend using Yubikey as they are top rated and have a lot of different options for key types.
Google Authenticator - this is an app that you load onto your phone or tablet (Android, iOS) and will allow you to use that device as your 2FA. When you login to your account it will ask you for the time based code. You would open the app and enter that time based code on the site or app that you are trying to login to. (Second best 2FA option)
Text Message (SMS) - the site or service will send you a text message with a unique code that you will enter on the site for authentication. WARNING - This method is NOT a very secure method and has been proven to be hackable. We would recommend only using this as the last resort for 2FA. We believe it should NOT be used unless it’s the only option for 2FA.
Email Validation Code - the system will send you an email with a one time unique code to enter or login with. This method is secure as long as your email is secure. Email in general can be hacked if the password to your email account is easy to guess or has been hacked previously. This is still a viable method and still better than SMS.