One simple way to avoid identity theft
Ready to be scared a little bit? The odds are very, very good that—at some point in time—a website you use has been hacked, and your e-mail and password from that site have been compromised.
Ready to set your mind at ease? It’s simple and easy to set up your online life so that you’re totally safe if that ever happens again (and to protect yourself now, in case one of your passwords is out in the wild).
The stuff I’m writing here is about your online life, and how you can make sure the bad guys don’t get to access your bank accounts, your e-mail, your blog, or the other important parts of your identity on the internet.
So, it turns out it’s hard to write something about “security on the internet” without it quickly falling into a hysterical, doom-and-gloom, panicky mess of a post.
I don’t want to cause anxiety, but I also want you—when you read this—to understand how important it is, and how easy it is to protect yourself. Really, it’s as simple as downloading a free program (takes a few seconds), setting it up (takes about a minute), and then using it to log in to the sites you normally use (no more time than it takes you now).
If a website I use gets hacked, and my password gets stolen, what do the thieves get?
Without getting into boring details, there are two ways a website can store your password: encrypted (meaning a password like “puppies_are_cute” is stored as something like “c76dae966ba4fe2e427249511e3983ac16beef67”) and unecrypted (meaning it’s saved in the database as “puppies_are_cute”).
Even if a password is encrypted, hackers might still be able to crack it and figure out your password.
Ideally, every website would encrypt passwords securely before saving them. But they don’t all do it. If your password gets stolen, it’s probably safest to assume that the bad guys have your actual password. (Yikes!) And that they now have access to every site where you use that password. (Double-yikes!)
If I can’t guarantee that my password will be safe at a website, how can I protect all my other accounts if that site gets hacked?
The easiest way to keep yourself safe is to use a different password for every website. That way, if Site A gets hacked, your password from there will be useless at Site B.
Do you know how many sites I use? I can barely remember to get all the things on my grocery list. You expect me to remember that many passwords?
Me too. And no.
“Remembering passwords” is something you should probably commit zero brainspace to. But if you can remember just one (which you’re doing right now), you can use a password manager.
What is a password manager, and why should I use one?
Password managers do three things:
1. They securely store the username and password you use to log in to every site on the internet.
You only have to remember the one password you need to get into your password manager, and you’re all set. Also, when you first set it up, it’ll import all of the saved passwords you have on your computer.
2. They let you create unique passwords for each site.
Instead of using an easily-guessable password, they’ll generate a password that looks like this: “Af!@ADn56Zk*”. And every site you use will have a different password, so if one gets compromised, the rest of your online accounts are safe.
Even better, they remember your passwords for you, and can fill them in automatically. So you don’t have to worry about remembering them.
3. They give you a browser extension that lets you log in with a click of the mouse (or no clicks!), and manage your account across computers.
You might already have your computer set up to do this, but with a service like LastPass, you can set up your computer to log you in to any site, automatically. Further, if you log in to your LastPass account from another computer, or from your phone or tablet, it’ll log you in there, too.
As a bonus, they also store credit card information and other important data that you need. And they encrypt it all, so your info is secure.
(This isn’t sponsored by them at all. I’m just a fan.)
I have to pay for this, right?
Not for basic service. LastPass is free, but if you upgrade to Premium (right now, that’s $1/month), you get even more security.
But … what happens if my LastPass gets hacked?
The short answer: nothing. All of your data is encrypted, via methods that make decryption practically impossible. Your data is safe. Not even the folks behind password management tools can see your passwords.
Every few months, I see news that some large site has been hacked, and millions of passwords have been leaked. That used to freak me out. Since setting up a password manager, though, it doesn’t bother me anymore. I’d love you to have that same sense of peace.
And with all the things you’re trying to manage in your life, don’t make managing your own passwords be something that you have to handle as well.
Get our weekly email called
5 Quick Things,
where we share new stuff from the blog and podcast—that way you’ll never miss a thing. Tsh also shares other goodness from around the web... It can be read in under a minute, pinky-swear.
(You’ll also get her quick list of her 10 favorite essays and podcast episodes from around here, helping you wade through a decade of content.)