Accounts and passwords

Most of us are likely to have a digital trail as long as their arm. Social media is just the beginning of it all, though: just think about online shopping, newspaper and magazine subscriptions, the utilities, bank account management, loyalty cards, bus tickets, access to shared folders or image repositories, … look around and you’ll find that pretty much everything we do is somehow managed online these days.

I’m not saying that is a bad thing, sharing stuff and having access to your information is paramount these days, in almost any conceivable situation. However, there are dangers involved with being entangled in the world wide web to a high degree. Therefore, most of those digital connections require setting up an account and creating a password. And that is where the trouble usually starts.

Accounts

Setting up an account online can be a very simple thing to do or it could be a nightmarish experience, depending on the sense of security the provider of the access wants to give you. Interestingly, the amount of details given is not necessarily linked to the level of security you’ll receive. Often, signing up for a site appears to be limited to a user name, email address and a password, but if you want to make full use of the options you’ll gradually be asked to provide a whole lot more information about yourself that may or may not be covered by the initial promise of confidentiality you signed up with. That typo you made when signing up might well crop up in the digital world forever.

Once an account has been set up, it is often nearly impossible to find out how to delete it. If you are really lucky, it’s obvious; but most of the time, providers of websites are sly foxes: the success of their service depends on the number of accounts they hold, which is why they do not want you to leave, quite apart from the data you have delivered free of charge on their doorsteps.

Beware, if you close an account, you may just shut it down and all the existing data is simply ‘inaccessible’ to everyone INCLUDING YOU! Again, it may be just to be able to prove that there IS an account but it’s dormant right now. Worst case scenario: your data is being used for other purposes without you having any say in it.

Some websites may not even give you an option to close your account: you actually have to get in touch by phone or email for them to close it for you. Suffice it to say, who knows if your data is still there or has been erased from their system?

Passwords

Here’s the kicker: for each account you will need a password. It is common knowledge (or it should be at least) that we are supposed to use different passwords for different accounts to minimise the chance of hackers finding a password and using it on many – if not all – of our online presences.

Unfortunately, this is entirely unlikely. Not only are we creatures of habit (we use the same password often), but we are lazy to boot (we use simple, short passwords rather than complicated, long ones).That is exactly why – after an initial period of ‘who cares’ – most serious websites who require an account have developed a series of security measures for their passwords:

• Length for a password. That minimum length has gone up from 6 characters to 8 to sometimes 12 or more these days, depending on the level of security awareness of the service provided.
• Type of characters in a password. In the past, passwords were ‘anything goes’, but today you will usually have to provide a password that includes letters, capital letters, numbers and sign in varying combinations.
• Passwords have to be changed regularly. Well, this is the one where most websites are slackers: they understand full well that most people would revolt if they were forced to change passwords on a regular basis. So we are only made aware of this requirement whenever there is a leak or there was a hacking incident. Are you confident all the websites will report such a thing? How secure is your data?
  
• Additional levels of security. Sometimes you’ll get something called a Captcha or similar that tries to determine if we are actually people and not automatic bots trying to crack the code.

Where does that leave us? Here’s the (not so pretty) picture of the standard situation concerning passwords in a standard human being:

• We are lazy: we create passwords that are as short and simple as possible, AND we tend to use the same ones over and over again.
• We have short memories: we write down our passwords somewhere near the place we need them, AND we never change them for fear of confusion.
  

Together, these two things are our highway to doom when it comes to online security, and that is without even taking into account subjects like professional data security (you are likely to have signed something along those lines with your employer or customers), a clear separation of work and free time, etc. The above-mentioned Captcha’s are – in fact – security features that keep our own lazy short-sightedness from creating trouble for ourselves.

Why ‘highway to doom’? Because those two habits are exactly the spots where we can prevent hackers and online crooks from taking control over our personal or professional data.

Good habits

There are a couple of simple steps you could take to ensure your accounts are more secure, and luckily they are relatively easy to put into place.

• Think twice before opening an account. Is it really worth the trouble? NOT opening an account keeps you from providing any personal data, and it prevents the whole password issue altogether. Think outside the box: can you find the service you are about to sign up for in one of your previous accounts?
  

When it comes to passwords, there are several options you can use to keep them handy, and I’m not talking about a piece of paper in the top drawer of your desk!

• Use your browser’s password manager, but make sure you can secure the information with a master password. That master password should be as complex, long and troublesome as you can imagine. Make sure you keep a record of it nowhere near your computer. The advantage of a password manager is that it usually synchronises across devices, meaning that as long as you are logged into the same browser, you’ll have access to pretty much everything you need. Downside: it’s an cloud service and – therefore – prone to hacking.
• Maintain a password-protected file that contains all your passwords. The upside to this is that you can also keep other information like your bank details, emergency phone numbers, etc. in here. If you save that file to GDrive, Dropbox or similar, it will be accessible across devices. Same comments as for password managers, though: be aware that it’s in the cloud.

This should really take care of the ‘short memories’ part of the equation: both options allow for the creation of different passwords for each of your accounts as the information is readily accessible, and it also allows for a clear record of changed passwords.

However, we remain stuck with our ‘lazy bone’. In order for data to be really secure, we have to change passwords regularly, and make them hard to remember. It’s something we tend to procrastinate about (and I’m not excluding myself here). I believe that as a species we prefer for others to do the heavy lifting, in this case: “let the computers do their work and I’ll just lean back, I’ve done my bit”. Sadly, that just won’t do if we want reasonable security.