How I keep my passwords safe and away from scammers

If you are like many people, your household has a couple of smart phones and perhaps two or three other digital devices that allow you to connect to the internet. It’s also a fairly safe bet that when you are shopping, you use free wifi to catch up with your email, spend some time on Facebook, or pay a bill or two.

Free wifi locations are not secure and, because everyone has access to them, increase your risk of having your digital device hacked. That is, someone else can access your device and view, edit or download your information. It’s possible for criminals to scan your device and pick up passwords as you enter them.

They can do this from outside your house or at free wifi points in shopping centres which means there is a weakness in your security system. Statistically, the chance that yours will be the device scanned, is probably remote, but it can happen.

Two-factor identification was designed with this security flaw in mind.

What is two-factor identification?

Two-factor identification occurs when you enter a password and then have to do something else before you can access your account. Banks and Centrelink use this system. When you log in using your password, some of them send an SMS message to your smart phone. You then enter the digits from the phone into another field before gaining account access.

Because the second factor digits change every time you log in, someone scanning them on one occasion will find they cannot use them to access your account.

Creating your own two-factor identification

A company called Yubikey has designed two-factor identification we can use at home in devices with a USB port (not iPads or smart phones). It includes using a small wifi-enabled USB key from which you generate a second random password by placing a finger or thumb on the key. The sequence generated is long and changes every time you log in.

I use a password management program called LastPass (free or $12 pa for premium version). Most of my passwords are stored in LastPass in an encrypted container that allows access with a master password. After I enter the master password, I use my Yubikey for second-factor identification.

The chances of someone accessing my LastPass program or my passwords is scant, even if they had access to my laptop because I do not leave my Yubikey with the laptop when I’m not using it.

Does password management and online security interest you? Get more information about these products from their sites.

PS: The author does not have a business interest in either Yubikey or LastPass and does not receive any payment from them

To write for Starts at 60 and potentially win a $20 voucher, send your articles to our Community Editor here.