Today is the day. You’ve been putting it off for months or years. Your IT department harps on it. Your credit card companies and banks send out calls to update. And you may have automated messages or even lock-outs from more advanced systems, all geared to keep you changing things.
Why change?
The conventional wisdom is that you minimize the losses or potential future losses by changing your password.
How do passwords get compromised?
- Guess – social engineering or brute force
- Keyloggers – spy software that records everything you type and reports that info to hackers.
- Database breach – passwords that are stored as readable, clear text, that fall into the wrong hands.
Minimize Risk
Don’t put all your eggs in one basket. Use different passwords for different accounts. Just like at home: different keys for different things. What if your car remote opened every door and lock you have? Really convenient right? Yes! And what if you lose or leave that little key behind at Starbucks, at the pool, or beach? What if a pick-pocket gets it?
That’s right. The thief has access to EVERYTHING.
I’m Not a Target – Or Am I?
You specifically? No, but every account on every service is. Not always directly. Is your email address one of 272 million purchased for less than $1 by a US security company from Russian hackers. They also had passwords associated with these email accounts, stolen from other websites. SO, if those people use the same password for Gmail that they use on one of the hacked sites, the hackers have access to their Gmail. Other highlighted accounts included Hotmail, Yahoo, Mail.ru. In fact they include 57 million of 64 million active Mail.ru accounts!
OK, But How Can I Remember All Those Passwords?
You can’t. Don’t try. Most people end up trading simplicity for diversity. Most people end up making simple, shorter passwords.
Use tools. LastPass, KeePass, 1Password, … there’s lots of choices. They store your passwords in encrypted files. And they make logging into websites quick and easy. The idea is to remember a STRONG password to access the password keeper.
Use Multifactor Authentication – AKA 2 Factor
These extra steps help ensure that you are really you. They use something you know (username + password) and something you have (a mobile phone or key dongle).
Change
Today may be the day you change that ONE password. Or better yet, how you manage ALL your passwords. Take charge. Stay safe and secure.