And so we turn to passwords and online security. I’ve dealt with this at some length previously in a post entitled “Keeping safe online” which I last updated in May 2023, and although much of it is still relevant and most, if not all, of the links are still working, I thought to write something from scratch, rather than do another edit/revision.
I’m going to skip to the content at the end of the article referred to above and pick-up the theme of Passwords, Passkeys and Two-Factor Authentication (TFA).
First-of-all – you want a fright? Try typing your favourite password(s) – you do have more than one, don’t you? – into this website.
Secondly, check to see just how vulnerable your email address might be, using …
… go to haveibeenpwned? – and if you want to know what pwned means, and how to pronounce it, look here. If a service you use is in this list, you seriously should change your password!
Another approach is to use a tool that looks at your “digital footprint” to examine where you might be exposed. Such a tool is this one from Malwarebytes.
So that’s got your attention, right? You really need to deploy/use a Password Manager to hold your passwords – preferably one that is usable/consistent across all your devices. Two such products are 1Password and Dashlane. Both of which get very good reviews.
The alternative to using a Password Manager application is to use the password security offered by your browser. In Apple’s case this is iCloud Keychain – which stores the passwords – with its associated Passwords app; in Google’s case this is Google Password Manager. Both of these now offer support from one ecosystem to the other – so multi-platform users can choose one or the other. Microsoft also offer a Password Manager using the Edge browser, but its features are possibly not as well developed as those of Apple or Google, nor of dedicated password manager applications such as 1Password or Dashlane which score best with users who have a mixture of Microsoft, Apple and Google devices and applications.
And now we have Passkeys. When assessing whether you want to move to a Password Manager, you MUST check that the chosen one supports Passkeys as defined in the FIDO Alliance …
… and the key to its success and inter-operability is its integration with biometric signatures. So Passkeys are the platform for increased and improved internet security and should be welcomed with open arms – for Apple, for Google and for Microsoft.
If a Passkey can’t be employed on your favourite website, or even if they are, you may be asked to use 2FA (two-factor authentication). Using this means that when you’ve typed in your username and password you’ll be challenged to provide a code from a mobile phone, an authenticator app such as Google Authenticator, or go to another app (particularly if its a Google app), and do that extra second step (hence 2FA) to authenticate you are who you are.
We’re entering the passwordless world. It’s long overdue!
Finally, some other links to help you navigate the digital security world.
7 phone apps you need to secure right away – if you value your privacy – this could have formed the basis of an article in itself. It’s important to just check you’re doing the best you can to secure your favourite apps.
Best antivirus: Which? Best Buys and expert buying advice – a review for both PCs and Macs of anti-virus software – of course you could just be relying and using Windows Defender (for Windows) or nothing at all (if on a Mac), both of which are acceptable decisions, which then leads into …
Everything you need to know about cybersecurity basics – an inventory of terms, some with links to free tests, and the option to purchase tools. The definitions of terms are good.
Online learning events from the u3a – especially a recurring event “Staying Safe Online – A u3a Presentation with Q&A”