thallium ; dr :
- Use random passwords, and use a different password for every site
- Pay attention to the browser’s security signals, and be suspicious
- Make your answers to security questions just as strong as your passwords
- Use a password manager to make creating and remembering passwords easier
- Use “two-factor authentication” wherever you can
It’s hard out there for a password
Most logins today are protected by a password. If an attacker can get your password, they can access your report and do anything you could do with that report. sol when you ask how secure your account is, you should very be thinking about how safe your password is. And that means you have to think about all the different ways that an attacker could access your account ’ mho password :
- Seeing you use it with an unencrypted website
- Guessing it
- Stealing a file that has your password in it
- Using password recovery to reset it
- Tricking you into giving it to them
To keep your login safe, you need to prevent as many of these as possible. Each gamble has a different corresponding extenuation.
Look for the lock in your browser
It ’ s easy to prevent attackers from stealing your password when you log into an unencrypted web site : Think twice ahead you type your password if you don ’ t see a lock picture in the URL banish, like this :
The lock means that the web site you ’ re using is encrypted, so that even if person is watching your crop on the network ( like another person on a populace WiFi hot spot ), they won ’ triiodothyronine be able to see your password. Firefox will try to warn you when you ’ re about to enter your password on an unencrypted site .
Your browser besides helps keep you informed about how trustworthy sites are, to help keep you dependable from phishing. On the one hand, when you try to visit a web site that is known to be a phishing web site, Firefox ( and any major browser ) will display a full-screen admonition — pay attention and think twice about using that site!
In general, the best defense against phishing is to be suspicious of what you receive, whether it shows up in e-mail, a text message or on the telephone. alternatively of taking action on what person sent you, visit the site directly. For model, if an e-mail says you need to reset your PayPal password, don ’ deoxythymidine monophosphate click the link. type in paypal.com yourself. If the trust calls, call them binding .
Strength in diversity
The secret to preventing estimate, larceny or password reset is a whole set of randomness. When attackers try to guess passwords, they normally do two things : 1 ) Use “ dictionaries ” — lists of common passwords that people use all the meter, and 2 ) make some random guesses. The longer and more random your password is, the less likely that either of these guessing techniques will find it .
When an attacker steals the password database for a site that you use ( like LinkedIn or Yahoo ), there ’ second nothing you can do but change your password for that site. That ’ randomness bad, but the price can be much worse if you ’ ve re-used that password with other websites — then the attacker can access your accounts on those sites arsenic well. To keep the wrong contained, always use different passwords for different websites.
Use Firefox Monitor to keep an eye on electronic mail addresses associated with your accounts. If your e-mail address appears in a sleep together bodied data breach, you ’ ll be alerted and provided steps to follow to protect the feign account.
Security Questions: My mother’s maiden name is “Ff926AKa9j6Q”
last, most websites let you recover your password if you ’ ve forgotten it. normally these systems make you answer some “ security questions ” before you can reset your password. The answers to these questions need to be just as secret as your password. Otherwise, an attacker can guess the answers and set your password to something they know .
randomness can be a problem, since the security questions that sites frequently use are besides things people tend to know about you, like your birthplace, your birthday, or your relatives ’ names, or that can be gleaned from sources such as social media. The good news is that the web site doesn ’ metric ton worry whether the answer is very or not — you can lie ! But lie productively : Give answers to the security questions that are long and random, like your passwords .
Get help from a password manager
immediately, all of this sounds pretty intimidating. The human mind international relations and security network ’ deoxythymidine monophosphate good at coming up with hanker sequences of random letters, let alone remembering them. That ’ s where a password coach comes in. Built justly into the browser, Firefox will ask if you want to generate a unique, complex password, then securely save your login information, which you can access anytime in about : logins .
When you ’ re logged into Firefox with your Firefox explanation, you can sync across all your devices and access your passwords from a Firefox mobile browser. Learn more about how to use the built-in password director to the fullest here .
Two-Factor Authentication (2FA)
2FA is a great way to level-up your security. When setting up a newly account, some sites will give you the choice to add a “ second gene ” to the login procedure. Often, this means linking your earphone number to your account, so after you enter your password, you will be prompted to enter a procure code texted directly to you. This way, if a hacker has managed to get your password, they still won ’ thyroxine be able to get into your report, since they don ’ t have your earphone .
Your Firefox account, for example, can be protected with 2FA, which you can learn more about here.
Read more: A Few Thoughts on Cryptographic Engineering
2FA provides much better security than passwords alone, but not every web site supports it. You can find a list of websites that support 2FA at hypertext transfer protocol : //2fa.directory, angstrom well as a list of sites that don ’ thymine support 2FA and ways you can ask them to add support .
Strong, diverse, and multi-factor
For better or worse, we ’ re going to be using passwords to protect our on-line accounts for the foreseeable future. Use passwords that are strong and different for each site, and use a password manager to help you remember them safely. Set long, random answers for security questions ( even if they ’ re not the truth ). And use two-factor authentication on any web site that supports it .
In today ’ s internet, where thousands of passwords are stolen every day and accounts are traded on the bootleg market, it ’ randomness worth the effort to keep your on-line life sentence safe. When you use Firefox products, some of the attempt is taken off your plate, because all our products are built to uphold our privacy promise. And Firefox is constantly guided by Mozilla ’ sulfur mission, the nonprofit organization we are backed by, to build a better internet .