Securing your Log-in Credentials of Web-Services

TL;DR

Few guidelines to secure your log-in credentials of a ton of web-services you use.

  1. Use different (strong) passwords for different web-services.
  2. Use password managers.
  3. Use Multi-Factor Authentication (MFA).
  4. Keep your account recovery information up-to-date.

Do you know how many digital services you use? Take a guess! Chances are that you’re using 100+ web-services & apps. Most of the web-services will ask you to create an account on their web-site. It’s not practical to remember the log-in credentials of all web-services you use. What do you do?

You use the same combination of username and password for most (if not all) of the web-services. You are an informed digital user and hence you create and use a strong password. You generally create a password which starts with a capital letter, contains special characters in between and ends with a number. You use special characters by substituting “$” for “s”, “@” for “a,” and so on. Perfect! What could go wrong?

Well, let’s start with the practice of using the same combination of username and password for all the web-services. Companies such as Google, Microsoft, Facebook etc. build strong security infrastructure, employ top-notch security professionals and lead the efforts in standardizing and implementing security best practices. Unfortunately, not all web-services employ the same security standards. Chances are that some of the web-services you use, are vulnerable to data-breaches. Remember the 2012 LinkedIn data breach?

Sounds scary? Try this! Head over to this website and check if your e-mail address can be found in one of the known data breaches. Check if the password you currently use has been leaked in one of the known data-breaches. Got some red results? Time to change your password!

Hackers know the fact that people generally use the same log-in credentials for most of the web-services. They don’t have to hack the well-built, secure web-services. All they need to do is to break into the weakest of the web-services and they have the keys to get into the well defended web-services. They also know that if people don’t use the same password for all the web-services, they generally use a slight modification of their password in different web-services.

What to do then? This brings us to Rule #1.

Use different (strong) passwords for different web-services.

LastPass Secure Password Generator

Okay, but we can’t possibly remember (such complex) log-in details of all web-services. Yes, we can log-in using our Google, Facebook, Twitter account on web-services which do provide this feature but some of them don’t. This brings us to Rule #2.

Use password managers.

Okay, great! But we’re putting all our eggs in one basket. What if the password manager gets hacked? The hackers would have access to all the web-services we use. That is a valid concern. We can’t rule out this possibility. However, since it’s the bread and butter of password managers to secure their customer’s data, it’s highly likely that they’re putting their best efforts in employing the security best practices. Nevertheless, how to mitigate this risk? Rule #3.

Use Multi-Factor Authentication (MFA).

This is all good! But what if I loose my MFA device (mobile-phone)? Rule #4.

Keep your account-recovery info up-to-date.

Account Recovery Information

Keeping your digital identification information secure is the responsibility of both, you and the web-service providers. If both the parties employ security best practices and guidelines, it will enable the safe and secure use of digital services, helping our society move forward.

Interesting articles to read:

Nom Nom

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store