Most of us, including yours-truly use a single password for pretty much all of my online accounts like LinkedIn, Facebook and Twitter. Needless to say this will be a nightmare, if somehow that password gets out.
So what should you do about it? Simply put, you need to have multiple passwords for different sites, which you need to pick passwords other than that all-time favorite, 123456; and that you should change your passwords every month for every site. I'm not going to, though. It's all good advice, mind you, but it's also all pretty darn useless.
People never have, and never will, use good security practices. In a company, it's a different matter. It's a pain, but if you keep at it and enforce the rules, eventually you'll get most of the people to do the right things most of the time. But people at home? It's not going to happen.
Besides, there's another issue here. At work, people need to recall, at most, two or three IDs and passwords. If you do single sign-on right, all they'll need is one. On the public Internet, though, people have to remember their IDs and passwords for their bank, Facebook, Twitter, Gmail, LinkedIn and countless other accounts.
Who can manage to remember dozens of IDs and passwords for dozens of sites? I'll tell you who: no one! So what can we do?
What I do is keep a long list of user IDs and passwords in my head. I keep only for important sites, such as LinkedIn. And a few I save only for vital sites like my bank. Those last are tied in my memory with a specific site.
You can do a similar trick, by making a list of your account numbers, IDs and passwords. I don't mean a physical list, though. Make the list on your computer, encrypt it with a program like TrueCrypt , which can handle Linux, Mac OS X, and Windows;AxCrypt, which is Windows only; or FolderLock, another Windows-only program.
You should also use "real" passwords. No "123456" or "abcdef;" no "password" or "your_user_name" or "my hometown". Those kinds of passwords are so easy to break, they barely count as passwords.
If that option doesn't appeal to you, I've got another one: LastPass. This program runs on all the desktop operating systems that matter, and on the major smartphone operating systems such as Android, iOS, Symbian, and Windows Phone. It will automatically capture your log-in credentials and then enter them into the site for you the next time you visit.
While I'd rather it didn't store all these passwords in an encrypted form on the Web, LastPass's advantages more than outweigh its disadvantages to my mind. It certainly beats having your one real password to every system on earth available to anyone who hacks into any site that you visit.
The real solution, though, is to find something else to replace user IDs and passwords. I don't know what that will be. I do know that as we spend more and more of our computing time online at dozens of different sites, we have to come up with a better answer that will really work for people. User IDs and passwords simply don't cut it anymore.
New technology and algorithms are currently being developed. When the day it becomes easily accessible and usable, I’ll make a noise!
|