If your password is a word, you’ve got a problem. Yes, even if you replaced some of the letters with numbers. Mother’s maiden name as a “secret question”? Not so secret. We’ve all read the stories of celebrities, politicians and simple folk that had their accounts hacked and their dirty underwear thrown all over the press. They were all shocked to hear that someone didn’t “hack” the system, they just guessed their password. Vindictive exes? Snooping spouses? Passwords on paper? Probably the biggest threats to your accounts…not hackers.
Facebook and Google and Yahoo and Microsoft can have the best encryption and security protocols in the world, but that doesn’t mean anything if your password is “shinyobjects321″. It may be easy for you to remember, but it’s also easy to guess. And, chances are, you use it for every account you have. Sound familiar?
So, please, do these three simple things and feel much safer about the security of your accounts.
Enable Facebook’s Security Features
Facebook has gone ahead and made this one real easy. Your password could even be sub-par and you still have a great way of securing your account.
Step One. Visit your Facebook Account Settings page.
Step Two. Under “Account Security” enable all of those nifty check boxes (except the 3rd, unless you want to).
The first box forces Facebook to encrypt all data it transmits from your computer over the Internet. You’ll notice your URL switch to “https://” and nice friendly notification from your browser that you’re surfing securely. How nice. 
This is key if you’re accessing Facebook in a public area, like a coffee shop. It’s amazing how easy it is to ‘sniff packets’ on a public network. That’s for another post.
The second and third notify you by email and phone, respectively, when you (or someone) log into your account from a new device. When you log in from a library computer, for example, you enter your password and then name the computer you’re on. That way, even if someone knows your password, Facebook will notify you when the account logs in. You can revoke access from devices at any time.
The final one is the best, but possibly the least convenient. When you log into your account from a friend’s computer, or any other device that hasn’t been previously authorized, you will receive a text message with a short code in it that must be entered before accessing the site. If you always have your phone, this is easy. If you never have you phone, don’t check it. If you’re missing or have lost your phone, you’ll need to log in to a previously authorized computer and change your number or disable the feature.
Step Three. Check your list of authorized applications. It’s not a bad idea to clear out the ones you don’t remember or don’t care about. Keep a handle on what and who has access to your Facebook details and account.
The point of this is to protect your bad password from wreaking havoc on your privacy. However, if you do not enable the “two-step verification” by checking the fourth box, someone can still access your account if they know your password – you’ll just find out about it.
Wasn’t that easy? Well, it gets a bit more complicated from here.
Enable Google’s Two-Step Verification
Google was the first major email provider and online service to provide simple two-step verification to all its customers. The first step if your password, same as always. The second step is a 6-digit code generated by a piece of software on your phone, called Google Authenticator.
If you’ve ever worked as a government employee or in a company that has little key fob security tokens, this is no different. Instead of an annoying keychain, it’s app for your iPhone, Blackberry or Android. You can also have the token texted to you, or Google will call and read it to you.
Step One. Visit your Google Account settings page. Click “Enable Two-Step Verification” and set up the account with your phone number. Download the necessary application to your phone, and you’re all set. Take note of the set of tokens Google has generated in the event you lose your phone. 
Place them in a password-protected cloud storage system…or, a desk drawer.
Step Two. This is the part that can be a little annoying at first, but once it’s set up you’ll be fine. Each application that accesses your Google account must have a new password. Google has made managing these passwords very easy. 
If you use an email client, access your email from your phone, gchat from a chat client, etc, you must create special passwords for each application. It will take you ten minutes, but is well worth the effort.
Step Three. When accessing Google from a new device, you’ll be asked to enter that security token from your phone. If you’ve lost your phone, Google provided you a set of tokens that you should have kept handy. Where are they? Or, just access your account from a previously authorized device.
If you stop and think for a moment about the information available from your Google account, this security feature doesn’t seem as inconvenient. We routinely receive emails from banks, family, business and others that contain information that could easily be used to piece together a very comprehensive picture of our lives. Feigning ignorance is no longer an option.
Start Using Password Management Software
There are some wonderful browser plugins and software packages that will take care of remembering your passwords for you. I use 1Password, for example. LastPass is also very popular. Password management software allows you to use long, random digit passwords for your websites without the hassle of remembering them. The password files themselves are encrypted and locked behind a master password. Of course, that one password had better be good and I hope you change it every once in a while.
Aside from remembering your passwords, 1Password will remember your personal and bank information for easy completion on web forms. When it’s type to create a password, it will auto-suggest one that is very strong, then save it for later use. There are plugins for all major web browsers, and a standalone software package to manage everything easily. With an application for your phone, you have access to it even when you’re on a friend’s computer.
I think I sound a little paranoid. Perhaps that’s a fair point. In reality, I think it’s just about using common sense. You don’t need a 28-character password for every little site you sign on to. A password generator will happily suggest a pronounceable, 8-letter password that is just as good for that antiques forum you like.
However, in a day when more of our information is moving to the cloud and our lives’ small details are available with a few clicks, little emphasis has been put on the one thing locking most of it away – your password. Don’t be caught off-guard with a dinky childhood pet’s name and yell at the Internet for being unsafe. Yell at yourself for having a terrible password.