How safe are your passwords?
Posted by Jacob Ball
In today's connected environment, having one password hacked can lead to multiple services being compromised and irreparable damage done to your data. Sounds scary? It should be!
A couple of weeks ago, I came across this blog post by Mat Honan:
As I read through it, I got more and more horrified at how relatively easy it was to gain access to some pretty crucial services, and what he's lost as a result of it. If you've got a few minutes, have a good read through that article, and prepare to get worried :-)
Since then, I've been reviewing my own password practices, and realised that I too had some holes that needed fixing. Whilst my passwords (I was using several different ones) were quite strong, my main problem was that I was using the same ones over a variety of different websites. I'm not exactly secretive with my name when joining / posting on different sites, so it's possible to find me in various places :-) The issue was that if a 'main' password was hacked, then quite a lot of different website accounts then became possible targets.
So, what can we do about it?
Firstly, I use Google Apps for email, so Google's Two Factor Authentication is an absolute MUST.
What's Two Factor Authentication? It simply means that in addition to my password, I have to supply another piece of information that's randomly generated (once only) and sent to another device (my phone). This makes it much more difficult for someone to hack in without my knowledge. Of course, if my phone gets stolen, I need to act quickly to shut down that potential threat.
Secondly, ensure that every password used across every website I have an account with is UNIQUE, randomly generated and STRONG.
Now, this isn't easy to do when you access as many sites as I do. So the answer for me is to use LastPass.
Again, LastPass has Two Factor Authentication, which makes things much more difficult to hack.
LastPass has a password generator that allows you to randomly create unique passwords for every website you log into, and store them in an encrypted 'vault' that is secured by a very, very strong password.
Have you got an EASY password?
You may (or may not) have heard over the past months of various large services being hacked, and password lists being posted online for all to view. The problem is, if you use a service that gets hacked, the password you use with them may be the same one you use to access your banking, and BINGO. You're in trouble.
Here is a list of the top 25 passwords used around the world, as extracted by antivirus solution provider ESET. Is yours one of them? If so, it's safe to say you should consider changing it to something stronger immediately.
Seriously, if you use any of those in the top list, change it now. Feel free to give me a call, if you'd like to discuss this in more detail!