Wednesday, June 6, 2012

Time to Change Your Password

Yeah, yeah, yeah, now Bill's on that Password kick.

Today, it was LinkedIn that had their passwords compromised with a leak.  There is an announcement of that sort of thing every day.  If it isn't a website, it's someone's bank, or even something as simple as a padlock on the shed.

Yes, that last bit happened to me.  I was in the backyard opening my shed and someone was watching me over the hedge.  Very Creepy, and thankfully they have moved on.  However I was muttering the four digit code while I was setting the lock and the "individual" actually repeated it back to me.   I slipped at that point and lost the combination.  The lock is long gone.

It has been said that for safety's sake you are supposed to change your passwords monthly.   If you work on a computer, and who doesn't these days, you can be subject to that being enforced.  You walk in on the first day of the month for example, and up pops a window demanding you to change it.

Now lets look at this.  You just changed work's password.  You're reading this that I'm hosting on .  Blogger uses its own password.  It's linked into the suite of sites so that means I have a account.  Add to that the email accounts that I have for each of the companies and charities I consult for, my professional account, the various stores like that I shopped at just this morning to buy a sauce pan, and you see the point...

It Gets Ridiculous.

I don't know what the solution is.  If you write it down on a sticky and place it somewhere it can get lost or stolen.  I have a file that has password hints on it, but I couldn't tell you the last time I changed it.

I'm guilty too and I deal with this Security Stuff every day.

The worst case scenario is where you have company websites that insist that you use a strange code that isn't meaningful for a password.   Randomly generated.  Just pick a password by slamming your hand down on the keyboard - I just flat out don't remember those.  That particular annoyance is at an HR site run by a large company that uses SAP for their internal software.  Not only is my password random, but my username is too.  I don't even bother trying to remember.  Just click on the button that says "I Forgot" because that's useless to try to remember something like 9ea4b1c and pretend it is meaningful.

At least think about it.  I'm going to try to come up with something new since too many of my own passwords have been gravitating toward something I've been using for a while now.

Oh yes, it is a bad idea to have all your passwords be the same thing.   If you're doing that and saving that password in your browser, I personally want to congratulate you on making a huge mistake.  Go into your browser, Now, and delete all those passwords.  In Firefox Click on Tools, Options, then the Security Tab.  Click on the Saved Passwords button and then Remove All, then close.   You also should have the check box next to "Remember Passwords" and "Use a Master Password" unchecked. 

For other browsers, you're on your own.  I used Firefox almost exclusively.

The benefit of doing things this way is that you are forcing yourself to remember the passwords.  The problem with that method is that you end up gravitating toward a few passwords - like I have.

It sounds paranoid, but that's basically what "they're" telling you to do every month.  Every blasted site.  More than 100 in my case.

Well, no time like the present... I'll get back to you.

No comments:

Post a Comment