Seems like there are endless examples of security problems with all the Internet services we depend on. What can we do?
Gotofail. Heartbleed. Target. Sony's PlayStation Network. The NSA. It seems like every few weeks, there's a new story circulating in the news about major security breach concerning systems that you rely on. What can you do to protect yourself?
The bottom line is that attacks do happen, so it's best to try to minimize the risk you face when these services inevitably are breached. Here are some tips to help you stay as safe as possible by changing your password habits.
1. Don't reuse the same password
It's easy to remember one password, more difficult to remember dozens. That's why many of us end using a single password for several different services we access. If you're doing this, don't. It's huge mistake. You're making it much easier for someone to get access to all of your accounts when you do this, especially if stolen information about you includes your e-mail address or other crucial identifying information you use across multiple sites.
2. Change your passwords...often
Get into the habit of changing passwords on a regular basis, at least on higher-risk sites and services like your bank or other financial institutions or anywhere sensitive data about you is maintained. Whether it's monthly, quarterly, whatever, make sure you don't use the same password forever. Many of these institutions may require you to change your password periodically already, but many (like my bank) don't. So make sure to shore up your security by filling in those gaps when necessary.
Use strong passwords
Don't use dictionary terms; hackers often employ word lists straight from the dictionary. That's why many services now require you to use a combination of letters, numbers and other characters.
Don't use the name of your spouse, pet, kids or any other information that might be gleaned from a potentially compromised personal profile.
The longer, the better. Some services have minimum password lengths they'll allow, but it's often a good idea to extend it even further. If your service requires an eight character password but allows up to 16, use as many letters as you can. Mix up letters, numbers, upper and lower case, punctuation — anything you can do to make it harder to crack your password.
3. Use two-step authentication if it's an option
Check to see if the services you rely on use two-step authentication. Google, many banks, even iCloud support two-step authentication.
The idea behind two-factor authentication is to combine something you know, like a password, with something you have, like your cell phone. While it does add a layer of complexity to interaction with services you depend on, it is very secure, because while a hacker might be able to get your password, they're unlikely to have access to your cell phone or another device you use for authentication.
4. Use a password manager or even just a notebook to keep track
Rotate passwords periodically. Use strong passwords. Use different passwords for every different service — it's easy to lose your mind with passwords. Make it easy on yourself by using a password manager.
Password managers are standalone apps that help you manage passwords for all the different sites and services you use. Some, like Mavericks' own iCloud Keychain and Agile's 1Password, work on both OS X and iOS.
If you can't afford a password manager right now or you don't feel comfortable using one, consider getting a dedicated notebook to keep track of your passwords, assuming you're a home user with relatively little security risk. It sounds counterintuitive: If it falls into the wrong hands, a notebook with your passwords can jeopardize your online safety, no question. (It pays to keep the notebook somewhere safe, that's for sure, to keep out prying friends and relatives).
But on the other hand, many of us aren't trying to keep friends, family and coworkers away from our online accounts, but hackers from the far corners of the globe who we've never met and are unlikely ever to meet. To that end, a notebook can be a relatively secure option.
5. Be safe
These are just a few common-sense tips to protect yourself online; there are a lot of other things you can do to keep your identity safe while you're online.
Your best tips for better Mac password security?
I suspect you have a few of your own that you're dying to share, so lay 'em on me in the comments!