Technology & Social Media How Safe are your passwords?.

Does that mean Password and Admin123 aren't sufficiently secure?

 

Used Roboform & 1Password for years , now using Lastpass for everything. When I used PC's for 25+ years I also had software like keyscrambler running at most times, look it up, you'll see what it does to protect your interests.

Consider 2 step authentication, on everything when it's offered, either sms or google authenticator, a master password length is far more important than complex symbols, random generate the maximum password length allowed with any membership and or login you require.

Update your trustee/will/BFF with the new password which gives loved ones the access they need to the details they require in case of an untimely death or physical incapacitation.

I could go on, but that will put you in the top 1% of people who give a **** about personal security.

 

Hey Simon, can you change your auto correct from "puppy" to "Mr Whippy" for that word, it's far more appropriate and on topic.

 

My password automatically is invisible for other people. Even if I type it in a message board. hunter2 see?

 

Nice one

 

Thank you for your post Simon - very useful.
I have now bought 1Password and got around to use it - it's excellent.
The inter compatibility between different devices (laptop, iphone, desktop) is great and the iCloud sync is very nice too.
This is something I meant to do for a while, so I am glad I went ahead with this.
I am slowly adding new logins to 1password and changing the password to long random automatically generated password.
Love it.

Thanks again Simon, your post was very helpful!

 

I was using this program at the time:
http://sourceforge.net/projects/passwordsafe/

 

Slight tangential comment - but who has a contingency plan for the day that their computer is stolen or suffers a catastrophic hardware failure? I've spent my whole career in the IT industry and it never ceases to amaze me how few people think through what they would do and practice the recovery process.
I've seen some people who run rigorous backup processes, but fail to test their recovery process, which on occasion has meant the backups that were held were not satisfactory for recovery.
Here are some examples;

• forgot that backups included critical files that were encrypted using native EFS in Windows. No copy of private key held anywhere other than the computer with EFS on it. Computer dies, person connects backup USB to replacement computer, tries to open said encrypted files but can't without the private key. Face palm, encrypted data lost.
• backups done using a common backup tool to a local NAS on the home network. The software uses a database container to hold the files rather than storing them natively under NTFS (ie you can't see the individual files on the NAS, just the container file). Computer dies, no problem I can restore my files as I have a copy of the backup tool on my second computer, which I can now just point at my NAS and recover. Problem is for some reason this second computer won't mount the container and the files are now lost for ever as the original computer can't be saved.

These problems could easily have been avoided by practicing the recovery process as they would have been discovered and dealt with.
So folks, it is not enough to backup your data, you must practice the recovery. Think about it, pretend your computer suddenly ceased to exist, what would you do?
Also, your personal security is only as good as the weakest link in your defences. I have seen highly intelligent people give up their strong passwords to cold callers that convince them there is a problem on their computer, later realise the mistake they have made and then be too ashamed to get help.
Trev

 

Love your work Trev, that's why I like creating portable live drives with front end hard drive encryptions for my backups as well.

This is a topic you could go very deep into, social engineering is huge, the problem I have found in the last 20+ years is people just don't want to put the effort in as they feel it's not as big a deal as someone breaking into their home etc.

I would be more scared of identity theft and identity fraud than most other things as the impact can be never ending and very difficult to repair.

I still know people who throw their bank statements, credit card statements and receipts directly into the recycle bin for the weekly pickup as they feel they don't need them anymore. Insane stuff.

Confetti shred everything I say and if you don't have a quality shredder, soak in a large bucket of water and use a drill mixer to break it down and then throw in some bleach for good measure.

Now were changing topics a little, paranoid? maybe, important? absolutely!

Could go on rambling about this stuff for a while but I will stop for now.

Insurance is not just a policy you pay for, it's a carefully planned behaviour you adopt.

 

Just make sure you have the private key stored somewhere for those encrypted drives!

The sad thing for some people is how much they can lose and it isn't just financial, it is our memories, identity and reputation as well.

The shock I see when I have to tell people that the only backups they had are unusable is very sad. Our whole lives are held digitally now. I fear that the trend to online services is only going to make this a whole lot worse down the track as it is further abstracting ownership.

Another classic problem, people not realising when a RAID set fails they lose ALL of their data instantly and the only recovery option is to go to those trusty backups held on $4 USB memory sticks. Another reason why it is vital to practice recovery.