Every day, I open up various and sundry news feeds to find more and more people have had their accounts and devices hacked. The most recent was an interesting bit of insecurity from Starbucks, wherein criminals were actively using the official Starbucks app to obtain personal details and gain access to financial accounts. To this new activity, Starbucks has staked the claim that no customer data has been breached and the issue stems from (are you ready for this?) weak passwords on the part of the end users.
Say it ain't so!
I was certain that every mobile user on the planet knew how precious their data was and that their best line of defense was to use strong passwords. Isn't that the case?
Of course it isn't. People can't be bothered with entering the likes of wH!t3c@n@ry every time they need access to their smartphone or th3@Qu33n every time they log into their bank accounts. Besides, who can remember the likes of $i(&gH35^? People want to get into their devices with their birthdays for codes and into their bank accounts with their first born's name or password123.
Ultimately, the beginning and end of security falls in the hands of the end user. Yes, there are instances where a company was clearly at fault (Target and Home Depot come to mind), but without strong passwords, your accounts may as well stand wide open for those who dare.
It doesn't have to be that way. By simply upping your password game, the security of your device and accounts can increase exponentially. But for those who are too lazy or seem to have a deep-seated dislike for security, what is there to do?
You can start off with this simple technique:
Take a long word or phrase that you know (like whitecanary or theaqueen, as I demonstrated above). Replace all the vowels with symbols, like this:
- @ for a
- 3 for e
- $ for s
- ! for 1
- 0 for o (that's a zero, not a capital O)
Now, mix in a capital letter or two. So, instead of OliviaDunham, you have 0l!v!@Dunh@m. That's a start, but you'll want to get even more creative. You can add another symbol in there, like 0l!v!@#Dunh@m.
That's great if you use only one password for everything. But very few people have just one account they must secure. And since we should all be using different passwords for different accounts, what do we do? Set up passwords like the above for every account? How would you remember which was which?
The answer is simple: Use a password manager. Thankfully, the Android platform has plenty of these tools waiting for you to add an extra layer of security to your accounts. And what's best, you'll only need to use one password to gain access to all of your passwords. So, for example, L!nuX#R0x will be the only password you'll need to use.
What password managers should you use? Here's a list of my favorites:
Each of the password managers above is simple to install from the Google Play Store. Once you've installed and set them up, you'll only need one password to rule them all. Some of these tools even offer random password generators. You want seriously strong passwords, so use that feature like your data depends on it. Yes, random passwords are nearly impossible to remember, but when you have a password manager at your disposal, it won't matter (so long as you can remember your master password for the app).
And before I forget, the master password that allows you access to your password manager? If you set it as 123 or password or jackiscool... your data may as well just walk out on its own volition.
What if you're not willing to use challenging passwords or a password manager? What then? For those, I have a few suggestions:
- Don't set up an online bank account (do all of your banking the old fashioned way—with checks and tellers and paper registers)
- Always use incognito mode when browsing
- Do not allow browsers or apps to save any of your passwords... ever
- Never use public Wi-Fi
- Never let your smartphone out of your sight
- Never link your bank account to any service
- Do not allow the likes of Amazon or Google to save your credit card information
Of course, you could just use a password manager. That, of course, does not 100% guarantee your security. It does, however, decrease the likelihood that those accounts you access on your mobile device will not be hacked.
I hit this subject every so often out of necessity. People need to be reminded that while mobility makes us incredibly efficient and productive, it can also open us up to loss. By simply upping your password game, you make the first, biggest move towards preventing that loss.
How secure are your passwords? Is your mobile life safe from hacks—or do you leave everything to chance? Share your experience in the discussion thread below.
- Five utilities that help protect your online privacy
- Secure your mobile enterprise users with Go! Enterprise MDM
- Google VPN is on its way
- Let Authy handle your Android two-step authentication
Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website jackwallen.com.