I’ve been getting up on my soapbox for years about the importance of good password habits.
And I’m happy to say many of my clients have taken some of my advice to heart. Most have stopped using simple passwords at least.
But last month’s discovery of the Heartbleed bug just shows how important it is to not only use complex passwords, but to use different passwords for different accounts. And to change these passwords from time to time.
If you missed it, the Heartbleed bug affected a large number of “secure” sites. It allowed bad guys to harvest user in- formation such as user names and passwords.
If you changed your passwords as soon as you heard about the bug, good on you.
Sort of.
You see, not all affected sites fixed the security flaw at the same time. So if you changed all your passwords last Friday, and site X didn’t fix the problem until Monday, your site X password may still be at risk of falling into the wrong hands.
Let’s take a step back and look at the three most basic practices of password security.
First, make your password hard to guess.
If you use something like your anniversary, birthday, kid’s/dog’s/spouse’s name you could be open to getting hacked.
I bet you have at least some of this information on your social media site. If you do, it’s not going to be all that difficult for someone to target you.
Second, change your passwords frequently. Yes, it’s a hassle. But try untangling your credit history if your personal information is compromised.
Third, use different passwords for different sites. Your email address is pretty much a universal user name, so if somebody gets your Target shopping cart password then they may very well have the login credentials to your banking sites as well.
I hear you groaning, but here’s the thing that takes a lot of the hassle out of this process: a secure digital password vault.
This is a small program that stores your passwords in an encrypted file that can only be opened by you. It’s locked with a single password that you create.
These programs are fairly inexpensive (or even free). Some that I know and trust are KeePass, Dashlane, RoboForm and SplashID.
How do you know they’re secure? The best way to tell is by reading customer reviews and doing a little research.
If a program is highly rated by reputable sources and it’s been around for a while, you can be pretty confident it’s OK. But it’s still only as secure as the password you give it (see rule No. 1 above). You still need to create a strong password that you’ll be able to remember.
Most of these programs will actually greatly simplify your digital life by logging you in to the sites you’ve stored.
Once you’ve logged in to the password manager, a single click takes you to the site and enters your user information. These programs can also generate secure passwords for you.
If you would like more about password security and best practices, visit to Help Desk area an my web site, ineedacto.biz, or post a question on my Facebook page at Facebook.com/ineedaco.
Talk to us
> Give us your news tips.
> Send us a letter to the editor.
> More Herald contact information.
