The Hacking Economy

8 surefire ways to protect your online passwords

Chris Morris, special to CNBC.com
WATCH LIVE
PN_Photo | Getty Images

Passwords are the first line of defense in protecting access to our finances, credit information and identities. But we, as a collective nation, do a pretty lousy job of guarding that line.

Among baby boomers, 58 percent still don't use secure passwords, according to the 2016 Norton "Cybersecurity Insights Report." And digitally native millennials are even more vulnerable.

Passwords aren't foolproof, of course. Any determined hacker can get past them, just as a burglar can get past a locked door. But despite repeated warnings from experts, many people are still doing the digital equivalent of leaving a key in the lock of their front door.

Protecting yourself isn't hard, but it does require a little effort. Here are eight ways to beef up your online security.

How to beat the hackers: CTO
VIDEO2:5202:52
How to beat the hackers: CTO

1. Don't pick a weak password. As astonishing as it seems, people continue to use "123456" and "password" for their passwords, even though those have consistently been ranked the weakest, most easily guessable passwords for years. When you're asked to create or update a password for a site, avoid simple patterns that are easily guessed. SplashData and TeamsID suggest you select something that's 12 characters or longer, using letters, numbers and other symbols.

2. Use multifactor authentication. An increasing number of online services that revolve around sensitive information (such as Gmail, online bank accounts and Slack, a group communication system favored by many companies) offer the option for an additional step between entering your password and accessing your account. (Typically, a code is sent to the phone number you have on record.) It takes a bit longer to gain entrée to the site, but it's a notable deterrent for someone trying to compromise your account.

3. If biometrics is an option, take it. Smartphones, tablets and laptops are increasingly letting you log on with a fingerprint instead of a password. That's not only more secure, it also prevents you from forgetting your password. HSBC is one company embracing the movement, launching voice recognition and touch security services for up to 15 million U.K. customers who access their accounts through their mobile devices.

"The launch of voice and touch ID makes it even quicker and easier for customers to access their bank account, using the most secure form of password technology — the body," Francesca McDonagh, head of retail banking and wealth management for HSBC UK told the BBC.

Participants at a hacking conference.
Virtual extortion a big business for cyber criminals

4. Different accounts need different passwords. While it's certainly easier to use the same password on multiple sites, remember that doing so can increase your vulnerability. Not only can hackers use that password to access other important accounts of yours, you're also opening yourself up to scrutiny from a larger number of people trying to crack many different sites. If you regularly visit a large number of sites and worry you'll forget which password to use, this next tip will come in handy.

5. Consider a password manager. Password managers keep track of the various usernames and passwords you use on various sites, not only boosting safety but saving you time by automatically filling in the username/password fields. They'll also synchronize your passwords across different devices, meaning you won't be stumped if you log onto a site from your smartphone but registered on your laptop. There are several options to choose from, including offerings from Norton, Dashline, LastPass and LogMeOnce.

6. Don't share your password. This seems like common sense, but a staggering number of people still freely give their passwords to others. Globally, says Norton, 31 percent of millennials are likely to share theirs. And one-third of the people who say they've shared their password in the U.S. have shared the password to their bank account. Don't be one of those people.

7. Don't fall for phishing. Approach your email with skepticism. Delete notes — especially those with attachments — from people you don't know. And never click on attachments that seem suspicious, even if you do know the sender. Should you get a note from your bank or preferred airline, look real closely at the actual email address of the sender and make sure it matches the institution's URL. And rather than clicking on embedded links, copy and paste them into a browser window, which will let you better see where you're headed.

8. Always update software. It seems we're notified almost daily about some program or another that requires an update. After a while, it's seemingly easier to put it off. But by doing so, you're putting yourself at risk.

"When that update notice comes up, people are ignoring it," says Hemu Nigam, founder of SSP Blue, an Internet security consultant business and former vice president of Internet enforcement at the Motion Picture Association of America. "Almost every single time, there's going to be a security update in that feature update, so you need to do it."

— By Chris Morris, special to CNBC.com