Worry-free Online Shopping
Updated: Dec 14, 2020
Three tips to keep the online shopping season safe
Chances are good you’ve spent some serious time doing shopping online lately; a recent article in Forbes reported that 62% of adults plan to shop exclusively online this year. The bad guys know this too, and are looking for opportunities to make this their best holiday season ever.
So, unless you want to add things like “restore my identity” or “repair my credit score” to your list of to-dos, here are a few tips to tighten up your passwords and help make your online shopping a little safer.
The first barrier in the way of a hacker or an identity thief is your password. Are you making this barrier a little too easy to get past? There are three rules to make your passwords more secure.
1) Have passwords that are hard or impossible to guess
2) Do not reuse your passwords
3) Have a way to manage your passwords
Rule 1: Have passwords that are hard or impossible to guess
Got any passwords like “12345678” or “aaaaaaaa”? Hackers have lists of common passwords and software that automatically try them one after another. Here’s one example of a list of common passwords, check if you use any: https://nordpass.com/most-common-passwords-list/
If you decide to strengthen your passwords, you should be looking to create something that is easy for you to remember but hard for someone else to guess. Most sites require a password of at least 8 characters (but longer is better), a mix of numbers, and both upper and lower case characters. Sometimes, they even require special characters.
There are online password generators that you can use (for example, here: https://passwordsgenerator.net/) that will generate pure gibberish. The upside is that these passwords are very secure, the downside is they’re nearly impossible to remember so you’ll need some way to store them (more on that later).
You can generate your own secure passwords by using a short phrase or quote that you know by heart, then substitute numbers for characters and add in random capitalization, and maybe even adding a special character. If you’d like to go this route, here are a couple of examples to get you started.
Password from the short phrase “sleigh ride”
Remove the space: “sleighride”
Substitute a number for a letter, in this case we’ll substitute the number “3” for the letter “e”: “sl3ighrid3”
Easy to remember because “3” looks similar to a mirror image of a capital “E”
Capitalize something; we’ll capitalize the first letter of the second word: “sl3ighRid3”
If you need (or want) to use a special character, replace the “s” with a “$”: “$l3ighRid3”
Easy to remember because the dollar sign “$” looks similar to a capital “S”
Password from the quote “over the river and through the woods to grandmother’s house we go”
Take the first letter from each word: “otrattwtghwg”
Now just follow the rules in the previous example about a password from the short phrase
Substitute a number for a letter, we’ll replace the “a” with a “4”: “otr4ttwtghwg”
Easy to remember because “4” looks similar to a capital “A”
Capitalize something, I’m going to capitalize the first three letters: “OTR4ttwtghwg”
Easy to remember because I’ve capitalized all the letters prior to the number
If you need or want a special character in there, I’m going to add “#” at the end: “OTR4ttwtghwg#”
I’ll just have to remember this
In both cases you end up with a mess that is impossible to guess, but something that won’t be too hard to remember if you use it semi-frequently.
Rule 2: Do not reuse your passwords
Should you use the same password with multiple accounts? No. That’s the answer: No. The problem is we all have lots of accounts, and that would mean having to remember lots of unique passwords which we will probably fail at. What we need is …
Rule 3: Have a way to manage your passwords
If you don’t want to try – or can’t – remember, all your passwords because you have too many (like everyone else), you need some password management. Here are three of the most common ways to do just that.
Notebook: The first method is the simplest and most often overlooked: Just get yourself a cheap notebook and write your passwords down. I know lots of people that do this and it works well for them. Don’t knock it because it isn’t “high tech” or “sexy”. It works. The upside is that, since it’s not stored electronically, the info can’t be stolen electronically. The downside is you can’t cut and paste a password; you need to type everything.
Word or Excel: The second method is to use a Word doc or Excel spreadsheet. Type your info in and save it, update as necessary. If you go this route both Word and Excel have options to password protect files, and you should password protect this one. Use a password for this file that is different from any password in the file, memorize this password (it’s the only one you’ll need to remember) and write it down somewhere. The upside is that since you’re passwords are stored electronically you can cut and paste saving you some typing. The downside is that, since it’s stored electronically, it can be stolen electronically, which is why you should to put a password on this file.
Also, don’t name your file with your passwords in it something like “passwords.doc”. That’s like hiding a key to your house somewhere outside with a big arrow pointing at the key and a sign that says “the key to the front door is hidden here”. Give your file a name that hides what it is, like “Grandmas minestrone.doc” or “volleyball scores.xls”
Password management software: The third method is to use software designed to address exactly this problem, a password manager. There are several out there, like Dashlane, 1Password, Nordpass or Lastpass. Check the reviews and use the one that fits your needs best.
I know people that use all three. What’s my recommendation for a password management system? You should choose the system that you will actually use. If you try one way and find it a hassle, try another, but use something since keeping all your passwords simple and / or the same is a no-no.
Don’t make it a happy holiday for hackers
Many times, after removing a virus for a client, I get asked, “How can I make sure to never get another virus?” The answer I give is, “Don’t turn your computer on.”
Nothing is 100% effective or safe, but you can stack the odds in your favor. Follow the three rules above and you’ll be doing just that, putting road block after road block in the paths of hackers and identity thieves that are after your personal information and hard earned cash. Keep this holiday season a happy and safe one for you and yours.