Tuesday, April 15, 2014

Tech Time ::: Password Management Refresher Course

Image from Heartbleed.com

With all this "heartbleed bug" madness, I figured it might be a good time to remind you all about password management, and give a  little "change your passwords and make em long and tough" speech. Also, this may be a good time to turn on 2-Step Authorization, assuming my post from a few weeks ago wasn't enough to talk you into it.

No one is really exempt from this situation, unfortunately, with more than half of all websites being affected in some way by this bug. Thankfully it sounds like there's little "damage" done, as it was a researcher who caught this two-year old bug, vs a hacker in an exploit.  However, it's something that's been around for over two years, undetected evidently, and now everyone is scrambling to patch for it.  

Image via Mashable (portion of the current punch list)

That will not be super-quick, and therefore some of the sites that have put patches in place (Google, Facebook, Instagram among them), may require repeated password changes as they tighten up security.   If you haven't changed the passwords for those already, you may want to, but just note that you might be doing so again in a few days as more patches go out and get further updated.  

The good news is that it appears most banks appear to be unaffected because they use their own proprietary security, vs the free OpenSSL that was affected by this.  Like most security breaches we see when store systems get hacked, we have no idea just how big this is going to be, and I suspect it's going to be huge.  I also have a suspicion this might be enough to turn a lot of the major sites towards proprietary security similar to what banks use.  Yahoo, one of the majors with one of the highest numbers of active users around, so far has not been entirely patched, as of this writing anyway, and they, of course, make it hell to change your password, especially if your accounts are linked in any way to SBC/AT&T. Figures... So keep an eye on that.   (Seriously, Yahoo! You have GOT to separate that password situation from AT&T because making someone jump through 100 hoops to change their password is RIDICULOUS and is why people choose other services instead.)

So now is a good time to remind you to look into a password management tool to maintain your passwords, any tool, because you're going to be making a LOT of changes, and you need to remember all of those changes, and remember: they need to be UNIQUE CHANGES. The longer the password, with as many numbers and capital letters as you can use, the better. And no repeating from site to site. Throw a period or an underscore or an exclamation point in there, even.  I know some folks like to keep a spreadsheet to keep them all straight, some like to back their passwords up in a note in Evernote that keeps them synced, but as you well know, I am a rabid fan of 1Password and recommend it every chance I get.

As I hoped and expected, I am pleased to see that AgileBits has reduced the price of the app in light of this debacle to get more people on board with this incredible app.  It's presently on sale for $8.99 for the iPhone version (and I assume the Android version, as well), and seriously, it's a steal. I refer to and use this app nearly daily, and cost per use is seriously cheap.  And since you will need to generate tough passwords, change and save so many right now, it's going to pay you back right out of the gate.  

How do you manage passwords?  Are you a fan of 1Password like me? Have you taken advantage of the sale now or any of them in the past and picked up this fantastic app?  I'd love to hear about it in the comments below! 

Be sure to follow according to ame on 
Twitter ::: Facebook ::: Instagram ::: Pinterest  ::: Bloglovin'

No comments:

Post a Comment

What do you think?