It seems as if every day a new website gets hacked, and all the passwords are leaked. This post will explain what
you can do to keep your accounts secure.
Use a password manager
Using strong passwords is the number one thing you can do to stay safe online. If a site implements security precautions decently, the only thing a hacker can do is the salted, hashed version of the password. That means the only way to crack your password (theoretically) is a brute-force attack. So, the longer and more complicated your password is, the better off you are. A password manager allows you to only remember 1Password(get it), and it will generate secure passwords for all your online accounts. As you only have to remember one password, the one to access all the other ones, you can make that one really long, making it hard to crack. There are other steps you can do, but the number one defense is your password, and arguably, your username.
Two factor authentication adds a second layer of defenses to your accounts. It generally works by requiring you to have the correct user name, password, and a one-time code. That code can be texted to you, or through an app, such as Google Authenticator, or 1Password Pro. I prefer 1Password pro, as it puts the one-time code right next to the other account information. To keep things simple, only use two factor on accounts that are important. For example, as an admin of this site, I use two factor, but if you’re just a user, you probably don’t need it(although you can, just go to your profile settings).
Use social login
I don’t always do this, but if the site doesn’t ask for full permission over your social account, this does increase security. The chances of a small site being hacked is much greater than Google, for example. Sign in with Google doesn’t send your password to the site, so that’s one place less your password is stored.
If you are creating a login
I’m no expert in security, but I do know the basics pretty well. Here it is: Do NOT store the password anywhere! It should be stored salted and hashed. If you don’t know what those terms mean, do not build a login system. If you need one, use sign in with Google, or something like that.