Hacker

Last Word on Passwords

Lately, it’s hard to go a week or month it seems without hearing about some site being hacked, logins and passwords stolen or compromised, etc. Suddenly we have to be aware of scary sounding things like Heartbleed and OpenSSL vulnerabilities or the Shellshock Bash Bug, to innocent sweet sounding names like POODLE. Short of completely unplugging from the grid, there isn’t a 100% way of preventing these issues, but there are some key things that you can do to decrease the chances and limit the damage.

Working in online fields for over a decade now and working within digital agencies, Jill and I know about the challenges of maintaining logins. Not only do we have a large number of logins to various sites for our own personal and business needs, we are often entrusted with logins of client accounts as well. In fact, we might have multiple logins for a single site! Keeping this all straight in our heads is not an option, nor is using the same login, not that we’d want to or recommend, across multiple sites an option either.

The issue of user accounts, logins and passwords is so critically important that I want to take a moment to share our approach and tell you how you can probably dramatically increase your own security at zero cost. Before I cover that, let’s address a couple key issues.

No One Will Ever Guess

When ever the topic of online security comes up, invariably someone will utter the “no one will ever guess my login/password” phrase. For the most part, I agree nearly 100%. If you envision some unshaven, grungy-looking guy, hunched over a keyboard sitting in a dark basement, typing away trying to hack into your account, then it’s time to wake up. First, while there may be some of those characters out and about, they aren’t necessarily the norm or even the ones to be worried about. Instead, they are business people who look just like you and I.

While you and I may consider this to be a despicable, sleazy business doesn’t matter. Understand though that for them, this is a business. This is an important concept because it helps in understanding that, like all businesses, their goal is to be as efficient and profitable as possible. Obviously then, having one or even hundreds of people trying to manually hack into accounts is neither efficient nor profitable. Thanks to the power of technology and programming, this is all automated. Not only is this automated from the standpoint of attempting combinations of words or phrases (dictionary attack), but from analyzing the most likely words and phrases based on popularity, keystrokes, combinations of characters, etc. And once a successful combination is found, it can be added to a database so that it is always checked, logged how frequently it is successful, likely derivations from it, and no doubt a whole list of other characteristics.

But It’s Such a Hassle

I absolutely agree that it can be a huge hassle if you are trying to keep track of a growing list of logins in your head. But other hassles related to this have mostly gone away. I remember “in the old days” when most sites didn’t have a “forgot your” password or username link. There might not have even been an easy way to even contact someone at some sites to help you get or reset this information. Fortunately, for the most part, this is not much of an issue any more.

So the biggest hassle now is keeping track of everything, and in a lot of cases, you might be able to login to a lot of sites now with other credentials like your Facebook, Twitter, or Google account. This is both a great convenience but also a huge risk because it once again exposes access to a large pool of sites via a single login. Fortunately, most critical sites like banks and credit card sites require you to have a separate account and login credentials for their site…though that still doesn’t prohibit you from using the same credentials you use on every other site.

The best, most secure logins are unique, complex, and random. Period.

Recommendation: Use Only One Login & Password

That’s right. After everything I said above, I’m recommending memorizing a single login and password. But…

Come on, you knew there was a “but” in there. In addition to your one login, I recommend using a password tool.

Our tool of choice for longer than I can even remember has been LastPass. They offer both free (quite possibly all you’ll need) and paid versions (super cheap) as well as an Enterprise version for businesses. There are more features than you can imagine and more being added all the time, and not just for the paid versions. Whether you use LastPass or some other password tool is entirely up to you, but if you’ve been holding off on using a tool, I highly suggest making the leap.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply