Ask yourself – How safe is my password?
Today is World Password Day, so let’s stop for a minute and think about password safety. Here are 4 signs that your password is treated with care by the website you just signed up for or the online service you are using.
The website or online company cannot reset your password.
This means they don’t know it. And why should they? There are different levels of how securely your password is treated by a service provider:
- Worst case: they can send you the forgotten password itself. It means they store it in a way that is reversible. If someone hacks the website, they can easily have your password.
- Middle ground: they send you a reset link with a code. It is a sign that they might have encrypted or hashed the passwords, but they have access to it on their servers during the login process. It’s still relatively easy to hijack your account.
- The highest level of password protection is the “zero-knowledge” method: your provider has zero-knowledge about your password, so you cannot reset it in the traditional way. In this case, your password cannot be compromised if the service provider is hacked or cannot be leaked by their employees.
Your service provider uses two-factor or multi-factor authentication
This adds an extra layer of protection to the simple password-method by asking for the verification of your identity with an additional, trusted device (for example with a text message sent to your phone). Always make sure to use this option whenever offered. Check out how you can do this with Tresorit.
You reach the login page via an HTTPS connection.
This means there is a secure network communication between your device and the web server. Your password cannot be intercepted until it reaches the server.
Transparency.
If you can easily find information on how your profile and password are treated, then it is a first sign that you and your password might be in good hands. Always look for privacy policies and if you don’t find the password information you need, contact your service provider for details. Read here how Tresorit manages your password.
Besides paying attention to these, make sure you also do your best in creating a strong password.