Every day it seems like another major site is being hacked. Data from the Linked In hack is still being sold online, and recently MySpace data was shared, proving that those old, forgotten accounts might be just as vulnerable as the ones you use everyday. With huge amounts of our personal data being stored online by ourselves and others, being security aware is more important than ever. This gorgeous interactive infographic shares the world’s biggest data breaches, and demonstrates how areas ranging from finance, healthcare, media and retail are all open to attack. It’s not just websites that can be hacked. With the Internet of Things becoming a reality, our cars, TV and even Barbie Dolls can be used for nefarious purposes. Tools like Have I been pwned? might put your mind at ease, but the truth of it is that ongoing hacks are just a part of life in 2016, and we need to take proactive rather than reactive measures.
What is concerning is the number of people who don’t take even simple steps to ensure their data is secure. One of the most basic is to have a separate and strong password for each of the different accounts you have online. This classic XKCD post gives a great explanation of password strength.
Why do people still use the same password for multiple accounts? Or use easy to guess variations of the same predictable words? The hack of the dating site Ashley Madison (used by many to seek extra-marital entertainment) in which millions of passwords were revealed, showed that “123456”, “12345” and “password” were among the most popular. So even for this type of highly personal information, many did not take the time to create a password that might not easily be guessed by others, let alone cracked by a computer!
Obviously the reason we often take the easy way with passwords is because it is just that; easy. We could not possibly remember different passwords for all of the different accounts we hold, and using the same one or simple variations reduces the time and effort needed to get to our information. Unfortunately, it also reduces the time taken for others to get to our information! And while using a complex password will not protect us from hacks which reveal our passwords publicly, it will stop a lot of simpler attacks, and also reduces the chance of others randomly guessing our password to gain access. Using a different password for each account means that should one account (e.g. our Linked In account) be hacked, we only have security issues with a section of our data, and we don’t have to change our password for EVERYTHING!
I gave up a long time ago trying remember lots of different passwords. Now, I use KeePass, a password safe application, which means that I only have to remember one complex password; and KeePass manages the rest! It’s free and opensource, which means that they open up the code so that others can examine it and build upon it. This actually keeps it safer:
Public security is always more secure than proprietary security. It’s true for cryptographic algorithms, security protocols, and security source code. For us, open source isn’t just a business model; it’s smart engineering practice.Bruce Schneier, Crypto-Gram 1999-09-15
There are a number of different applications which do the same job, and while some have varying levels of security, many are just a case of personal preference. I have been using KeePass for several years, and the regular updates reassure me that they are doing a great job in keeping my passwords safe, and letting me concentrate on other more important issues. I use KeePass at a very low level, for storing and organizing my passwords, and keeping them accessible. It has lots of features that make it easy to use, and although it is mostly suited to the Windows desktop environment, there are ports and compatible apps so that you can access your data on mobile devices as well. I use MiniKeePass on my iPad, and find that it works well.
Of course, you don’t have to use KeePass. There are great articles that help you decide which password manager will work best for you. What you must do, though, is use something. The days of keeping passwords in a notebook, or combining your pet’s name with your favourite number are long gone.
There are a number of great infographics that summarise password information, and which I would encourage you to display if you work with others, to spread the word. It is important that students are taught this type of information, and that effective password management is modelled in learning environments. It is a bit of a hassle to get used to initially, but using different, complex passwords and storing them in a password manager definitely takes a significant stress away when the news reports of another hack are (inevitably) the headlining news of the day.