Thoughts on passwords
Earlier today a mess was made in a client’s Gmail and Dropbox accounts. We’re not sure yet exactly how this happened, but they were hacked due to some carelessness on their end. Here I want to express some approaches we can all keep in mind to avoid the hassle a security breach can cause.
Back in 2012 I put up a post that still holds relevance. Largely it lists the salient points from a Wired article by tech journalist Mat Honan, who was hacked. We all aim to have a safe and yet convenient system, and the outcomes of a failure are:
- “Catastrophic failure”: you are hacked and your digital life becomes a mess to clear up.
- “Annoying everyday failure”: continuing to forget which passwords work for which logins.
Top four priorities as I see them
- Use passwords
- Always use PINs and passwords on computers & phones.
- Strong passwords have: 8+ characters, upper & lowercase, number and symbols
- For critical passwords use really strong passwords. By really strong I mean to try to reach 100% on a site like this or +1 trillion years on a site like this. This should be the case on email accounts, bank accounts, web domain registrars, web hosting and anything else that would have a large business impact if it was compromised.
- Use a unique password for each email account
- The point here is that if we use the same password on another site and it gets hacked, they’ll often have our email address AND password.
- Once they can login to our email, they will be able to reset many of our other accounts.
- Use 2-step authentication where possible
- Banks have been doing this for years.
- In addition to a password, we enter a randomly generated number.
- Google, Twitter, Dropbox and others now offer this.
- Have a strategy
- If you are a business, you probably have to share passwords for online services that you use.
- Creating a few levels of secure passwords to help ease the balance of secure & easy.
- Services like Clipperz, LastPass.com and 1Password can be helpful.
Using passwords will always strike a balance between security and convenience. Much the same as the physical security on your home or office, more locks and alarms does mean more keys and more false alarms.