Password Management Made Simple

I felt it appropriate to make my first blog posting on passwords. Password exploitation is one of the most common techniques hackers use. Today, you can hardly go to a website without it asking you for a username and password. While this is a good thing for security, it can make things very inconvenient for you. The problem is, if your password is easy to guess, and used on multiple sites, a hacker can quickly have access to everything about your life. 

As an example, lets say you commonly use your dog's name as your password. You make a log in on a site that you use once and completely forget about. Little do you know that this site does nothing to secure customer information. A year later, a hacker steals the password file for this site. He starts to examine yours and realizes you use it for everything, including your banking website. Next thing you know, there's money missing off your account and you have no idea how. 

This happens more often than people may think.

I have a few simple steps you can use to protect yourself from a situation like this.

1. Don't make your passwords easy to guess.
• Don't use things like your pet's name, your child's name, or your favorite sport. 
• Don't use individual words for your passwords. There's an attack called a "dictionary attack" where a hacker will try every word in the dictionary as your password.
• Your passwords should, at a minimum be 8 characters long with one capitol letter, one lower case letter, one number and one special character.
2. Don't reuse passwords
• As described in the example above, if you reuse passwords, a hacker only needs to compromise one site to have access to many of your other accounts.
• Remember, if someone gets a hold of your email account, they can probably reset most of passwords pretty easily.
• If you forget it, you will lose access to many sites.
3. Don't tell others your passwords. Ever.
• Your boss, IT, or important sounding person on the phone do not have any reason to know your password. Social Engineering is a common technique hackers use where they may call or email you pretending to be one of those people. Even if you know for sure that the person is who they say they are, they still do not need your password.
• When you log in and do something, that something gets logged and this leaves an audit trail. If someone does something malicious with your credentials, you will have a hard time proving it wasn't you.
4. Change your password every 3 - 6 months.
• If your password does get compromised without you knowing it, changing it on a regular basis can suppress some of the damages.
• Don't just change a "1" to a "2" when changing your passwords. Hackers know all about this technique. 
5. Consider using a password manager.
• A password manager keeps track of your passwords. The advantage is you only have to remember one master password, all your passwords can be different, and all your passwords can be more secure.
• There are many available from open source KeePass http://keepass.info/ to in the cloud LastPass https://lastpass.com/. 
• The initial set up may take a some work (maybe 10 minutes) but in the long run, this will save you a lot of time. 

As you can see, at first glance, password management looks intimidating but there are many things you can do to protect yourself and keep the process simple. There is more to lose than you may realize and you can be targeted. I hope this helps keep you more secure and gives you better peace of mind.