Secure those Passwords

In the beginning, everyone had what one or two systems that they logged into?  It was typical practice for an end user to use an easily remembered single password to log into those one or two systems that they used on a daily basis.  Then in the late 1990s, the industry began preaching the use of a "Complex Password."  Something that couldn't be easily guessed, was made up of some combination of character types, and was at least 8 characters long.  That seamed to work well for most folks until we hit the age of rampant internet based everything.

Online Banking, Online School Reporting, Online Medical Records, Online Newspaper Subscriptions, Online Fantasy Football, Online Electric Bills, even Online Pizza Delivery have now taken over our daily lives.  Each one of these various systems that touch our lives are holding some type of personally identifiable information, or in some cases payment information.  Things like Online Banking are holding the holy grail of your financial life.

Sadly today, many people have one complex password, and they use it everywhere.  Not only is this not a secure practice, but it can be devastating when it fails.  Many of the systems that are being guarded with that single or even a couple of different complex passwords reference other online services that you may be using.  For instance, lets say your online pizza account gets hacked.  That account not only has your tasty pizza preferences, but it has your address, telephone number, and even an email address.  The hackers can they quickly determine where that email is hosted, and wala, if you used the same password for pizza as you did for email, that service is now hacked.  From your email account, they have the keys to the kingdom.  From informational emails in your inbox, to various password reset mechanisms that only require access to your inbox, the sky is the limit for those that now control your online identity.

Whats the solution?  A highly complex password with a high level of entropy for EVERY SINGLE ONLINE SERVICE that you use.  Bar none, this is the best way to protect access to your vital online accounts as well protecting those services from each other.  You may think that this is a great idea that just isn't practical in the real world.  What happens, you keep an offline record of all of these accounts and passwords in some encrypted, or heaven forbid, un-encrypted text document on your home computer?  For many that's the case.

However for the past several years there have been an outcropping of many password managers coming on the scene.  These solve several problems.

1. They give you a somewhat secure centralized location to place your account information.
2. They allow you to keep multiple different passwords ready for each account.
3. Most of them also have a high quality random password generator.
4. They allow secure syncing of password access across devices.

Of the many options out there, I like LastPass.  I could go through all the reasons why, but Steve Gibson of GRC, and the Security Now podcast, does a great job of breaking it down here.

What does this mean?

It means that there is a system out there that is highly secure, that allows YOU, yes YOU, to use a highly complex, highly entropic, secure password for every service you use.  Use it!