Wednesday, 8 April 2015

Time to spring clean your passwords.

Persistent personal information is bad, when you aren’t the one in charge.

I use a combination of disposable email addresses from Yahoo! And individually-created passwords by 1Password for managing my online accounts. This enables me to have a unique user name and password for each account, so if one gets compromised it doesn’t affect any other account. Best of all, I don’t have to remember the 400+ username/password combinations that I use – all I have to do is to remember the 1Password password, and the application automatically fills in the unique per-site password.

Using a unique per-site username and password combination is the minimum security you should employ, and using a password manager makes it too easy not to. Password managers such as 1Password are also beginning to support one-time passwords meaning your credentials are only valid per-visit, so even more secure. Definitely don’t tick the “remember me” option on web sites, don’t use Facebook Connect or Google OpenAuth. And think twice about the details you store on their site for convenience – credit cards, addresses, perhaps ID numbers. It’s probably better to enter these details each time you need them.

And definitely don’t record your passwords by saving your emails. Dashlane (a reputable password manager maker) has released a useful little tool that checks your inbox to see if your password is sitting there in plain sight. It doesn’t check the rest of your mailbox, but you don’t file them away, do you?

I’ve been using this disposable email + password manager solution for a while now, since 2010. 1Password also comes with an analysis of password history, and I’ve just realised that I haven’t changed some of my passwords for over 5 years! Even though the passwords may be strong, even though the emails may be unique, it’s still not a good idea to keep the information the same for a long time. Just because you can store this securely, doesn’t mean the web site will. So time to do some password spring cleaning, methinks – delete those old accounts I no longer use, and freshen up those I use the most.

No comments:

Post a Comment

It's always great to hear what you think. Please leave a comment, and start a conversation!