Web Security: Managing Your Passwords
This post is for friends and colleagues and any one who cares to listen. It focuses on the very real issue of managing all our password!!!!
Everyday I deal with websites, and their owners, in varying degrees of distress. I want to help avoid crossing paths with any of you. There are a number of preventive tips you can take and you can watch them here or read about it here. The one I want to spend a few minutes on specifically is password management.
I, like most of you, as of a week ago, would have been classified as a culprit of poor password management. I mean lets face it, in this day and age we have, probably, no less than 50 different sites we go to that require us to enter credentials to authenticate (e.g., Facebook? Bank? School? Work? Email?).
Here is the catch, password management is so much bigger an issue than just a website and its owner, its on you, the day to day online consumer and web surfer. In a split second you can lose access to all your worldly possessions. I really don’t want to see that..
The odds are you don’t. You probably have one username and password for multiple sites and to make it worse you have probably haven’t changed it in years. This is horrible. Once again, former culprit of this…. If nothing else, I hope that after reading this you at least come up with one unique password and change all your sites..lol
So what to do? One can’t be expected to come up with a unique password for every site, can they?
The short answer is you can. But you’ll need to leverage a password manager.
What’s a password manager?
In short, it’s a way to easily maintain a list of all your sites and their associated log in credentials. No, a word document doesn’t cut it..lol
What do you use?
Until recently, I didn’t use any. I know horrible. But after sitting in countless talks around this and feeling like a hypocrite I decided it was time to walk the walk. There are a number of good solutions out there. My personal PC AV (anti-virus) actually offered one. The issue I had with most of the solutions I found, to include my AV, was that they were all desktop centric. I mean come on, how many of us actually stay in front of our desktops? I mean we all have a tablet of some sort, smart phone, etc… we’re in the digital age baby, we’re on the go…
After some reading and research I came across LastPass (not an affiliate link). Its a free product..:)
What do you like about it?
There are actually a couple of things that I really like, these are but some:
- Only have to remember one password;
- Provides a password generator that can be configured;
- Has options that allows you to better harden the passwords;
- Offers an option to request an authentication key that can be loaded on USB and used in conjunction with your master password;
- Allows you to create throwaway master passwords for one-time use; great for when working in public places;
- Works on multiple platforms – Windows, iOS, Linux, Android… At least all the ones I use;
- Works with all the common browsers – Internet explorer, Firefox, Chrome, and Safari;
- Its Free;
- Access from anywhere.
Those are just some of their features that really attracted me.
Its on the web though, is it safe?
There are sharks in the ocean, I still swim in it. The point being, its all a matter of perspective. Their practice is solid, it does not, however, prevent stupidity. Yes, you’ll find articles of security issues, but frankly, if there weren’t, I’d be concerned. It’s kind of like when I would fly in the old UH-46’s in the Corps, if they weren’t leaking then I wouldn’t get on.
It’s also about personal risk, for me it was acceptable. For others it won’t be.
The point is this folks, every day I see the affect stolen passwords have on people’s livelihood’s. While its specific to websites its a very serious threat that can have huge repercussions. Imagine you wake up one day, log into your bank account and all your money is gone. What would you do? While I’m not implying that a password manager would completely prevent this, it’s one, very good, preventive measure you can take to make it that much harder.
I really don’t care if you use LastPass, what I do care about is you become more aware of the serious security vulnerability poor passwords and their management are.
The excuse of, “There is no way I can remember multiple passwords” or “I am horrible at coming up with unique passwords” is over folks. You are the first line of defense for your information, get with it!
[…] in February I put out a post talking about Web Security: Managing Your Passwords, with the recent compromises on sites like LinkedIn, eHarmony and Last.fm I felt it was appropriate […]
[…] recommend two: Lastpass and 1Password. I have even written posts on my personal blogs talking to password management and the security methods used by LastPass that might prove of value to […]