Passwords, Passwords, Passwords
Everything you access online likely has a password. And like most, there's a good chance you use either the same password, or a similar password for many sites.
You may have read or been told lots of advice in regards to passwords, Have a number, have a symbol, Use 3 words stringed together etc. Much of the advice on passwords is dated and these days can be breached in minutes if not seconds.
- Don't contain words found in a dictionary
- Don't substitute number or symbols for letters (P@ssw0rd)
- Are long - upwards of 12 characters
- Are completely unique to one site/service
- Contain a mixture of letters, number and symbols.
We get it, a different password for every site - that's pretty much impossible to keep track of, but it's important. Why? Because if any of the sites using that combination of username or email with that password gets compromised, attackers will try that combination on just about every website on the internet.
Google Chrome now has an inbuilt feature to generate and store secure passwords. We encourage you to use this or a similar service like lastpass or 1Password to manage passwords for sites that are not critical and don't store financial information.
Passwords for internet banking and email are the ones you want to consciously secure as best you can. Internet banking for obvious reasons, and your email because if someone gains control of your email, they will then be able to perform a password reset on any accounts linked to that email.
Use multi-factor authentication
Chances are some of the sites you use already require this, where you need to get a text to your phone, or enter a code from an app or token. This is one of the best ways to secure yourself against password theft.
Ultimately you need to do what you feel comfortable with. Your password for stuff.co.nz probably doesn't need the same level of security of paypal, but it's really important that they are not all the same!
Microsoft mfa: https://support.office.com/en-us/article/set-up-multi-factor-authentication-for-office-365-users-8f0454b2-f51a-4d9c-bcde-2c48e41621c6
Xero 2sa: https://central.xero.com/s/article/Set-up-or-disable-two-step-authentication
Paypal 2fa: https://www.paypal.com/us/smarthelp/article/how-do-i-enable-2fa-(two-factor-authentication)-for-my-paypal-powered-by-braintree-user-faq3500