As a Road Warrior and Cloud Enabled person, i have for long time (sadly enough) rejected using password managers and other valid authentication for my personal browsing experience. This was due to many solutions (imho) was very manual – required software installed and no support for the (many) devices that i use.
I have (this summer) settled down my own FUD and established a “Decent Practice” that i would like to pass on to the readers of my blog. Spoiler Alert, i have taken the plunge and trusted a commercial service.. 🙂
So – do i have to lose sleep over the fearsome and terrible internet, hackers on every server and just a “bucket load” of problems and potential thieves and criminals; would be a question asked by people in my network. Well, not lose the sleep – but stay vigilant would be my response.
Part of the reason why I (personally) don’t lose sleep is because I use what I think are some good Internet security practices.
I Use strong, complex passwords
There is some discussions over the value of a password complexity, but strong passwords that have more than just numbers and letters, but also include different cases and symbols–also tend to be longer, and the longer a password is, the more difficult it is to crack by brute force. My practice is as follows:
- Use a as many characters in a password as possible, even when impossible for me to remember the characters.
- If a site says something like “Enter a password between 7-20 characters” I will always adjust to use the maximum; in this case 20.
- If a site does not allow special characters, I always make the password as long as allowed.
All this does is to ensure that the password is harder to crack by brute force. It does not make it impossible to crack, just more difficult.
Use a different password for every service
This sounds like a lot of work, but really isn’t. I use a tool called LastPass and I can do the following:
- Generate a random, strong password of any length and combination.
- Keep track of the list of services I use and have my browser log into those services.
- I don’t have to remember 70 different strong passwords.
- I have lastpass on Windows / Linux, Browsers and Mobile Phone (Nokia Lumia)
- See information about my login history, and have LastPass update my entries when I change a password.
There are other services besides LastPass that do this, but I like this one. It is simple, easy and gets the job done. There are numerous advantages to having different passwords for every service, the biggest being:
If a password is hacked, the person who has the password can access ONE and only ONE service. If they get access to LinkedIn or Hotmail for instances, nothing else is compromised
The benefit LastPass brings, in addition to keeping track of strong, unique passwords for every service I use is that integration into my browsers (Chrome and Internet Explorer) and I can access these services automatically without having to type these passwords, so long as I have unlocked LastPass locally.
Once again, this doesn’t make it impossible for someone to hack into an account, much it makes it much more difficult to get into more than one account when the password only works in one place.
[part 2 of this article will be available next week]