It seems like every website requires a password and it is impossible to remember every one of them if using unique and secure passwords. This often causes people to use the same password on every site, which is a very bad idea. If a criminal gets access to one, they get access to all. The way servers are being compromised, user names and passwords are being stolen by the millions.
Before we get started, you should check to see if your information is on a known list of potentially compromised accounts. The website shouldichangemypassword.com keeps a database of compromised user names and passwords. You just enter your email address and there is no need to enter a password. The website will check its database and let you know if you are their list. The site will even monitor one email address for free and notify you if it appears in their database at a later time (there are paid options to monitor multiple email addresses). This is not a definitive way to say whether or not your information has been compromised, but it is a good start.
Next, you should learn a little about strong passwords. Steve Gibson’s password haystack page has some very good information about passwords. Though I will introduce a password manager in a bit, it is not always possible to use this program. Having a secure password you can remember for some websites is important, so browse through Steve Gibson’s page before choosing this password. Be sure and try to minimize the number of websites where you use the memorized password.
The truly best password is one that uses many characters (24 if possible), uses upper and lower case letters, numbers, and special characters. Even better yet, you only use this password on a single site. Using even one of these passwords would be difficult or impossible to memorize. Try this on several websites. This would be impossible unless you have a photographic memory or use a password manager. I do not have a photographic memory, so I will discuss using a password manager. There are many password managers available, but I prefer LastPass. Even better than my recommendation is Steve Gibson’s preference of this program. It is not easy to trust a program that stores your most important data on a remote server, but so far LastPass has proven itself secure.
LastPass has free and paid versions. At $12 per year, the paid version is well worth it. The paid version allows you to use it on your mobile phone and you will need this feature when away from your computer. LastPass requires you create an account that uses your email address as the user name and then you need to create a password. I recommend that you use a strong and unique password that is not used on any other site. This is because LastPass is the ultimate key to all your sites.
Once you have your LastPass account setup, you install an extension in your web browser that monitors your internet activity. Whenever you log in a secure web page LastPass will offer to remember your credentials. The next time you visit the same site LastPass will offer to log you in. If you create an account on a website, LastPass can create a strong password for you. I recommend you go to the various sites that require passwords and change these passwords with ones generated by LastPass. If LastPass does not recognize the password change, simply copy the new password to the record of that site in LastPass.
Be sure to explore the other features offered by LastPass, such as automatic form filling, secure notes, and importing account information from other sources or programs. You can even run the LastPass Security Challenge to analyze your passwords for weaknesses and learn how you can maximize protection against identity theft.
Now it is time to rid your system of compromising information. Many web browsers store a lot more data than you may realize. Small and simple programs can bring up autocomplete information and even passwords stored by browsers. This is the information that your web browser may use to log you in to websites, which is similar to LastPass but not secure like LastPass. I prefer Glary Utilities, which is free for personal use. Here is a quick tutorial on how to use Glary Utilities.
- Download and install Glary Utilities. This is a simple process and does not require any special instructions. They usually do not try to sneak in any other software, but be on the lookout just in case. *Many free programs try and get you to install other programs (usually without your knowledge even though you choose accept).
- Start Glary Utilities and please check the Spyware Remover and then Tracks Eraser boxes. Once those are checked, select Options next to Tracks Eraser (all circled in red).
- Now you should be in the Options screen that allows you to delete additional privacy tracks. I recommend selecting all options for any web browsers listed.
- Now you are ready to clean your system. Just select Scan for Issues.
- Once done scanning, you will be presented with the issues to be fixed.
- Select Repair Problems to fix issues and delete tracks.
- Your system should now contain less information that could be compromised by a virus or a criminal.