Friends, Romans, countrymen, lend me your ears – I’m sending out this little note to you, my family, friends, colleagues, etc… Hopefully you’ll find some value in it on this lovely Saturday morning. It’s not spam.
Even if you’re not plugged into tech news, you may be aware that in the past few months, there have been some very high-profile computer security intrusions. Perhaps the most famous is Sony, who had over one million user accounts stolen, including email addresses and passwords. This sort of thing happens all the time and often, it’s not reported in the media.
Most online services store this password data in encrypted files but modern advancements in hardware mean that even complex passwords can sometimes be decrypted in just seconds if crackers have access to the data.
I’m sending this email because online security and passwords are more important than ever though I find that many non-technical users aren’t aware of best practices or some of the steps they can take to make their online lives more secure. Maybe you’re already doing all of this – if so, great… I find many users are not, however.
Here are some tips for improving your online security. It’s certainly not an exhaustive list but I hope you find them useful.
- Use Complex Passwords
Do NOT use a password that is in the dictionary – they can literally be cracked in less than a second. Best is a mix of letters and numbers, including both uppercase and lowercase.
- Don’t Use the Same Password at Multiple Sites
This is one of the best ways you can limit your liability – if one database of passwords is cracked, they don’t automatically have access to all of your other accounts. If you use the same credentials everywhere, then you’re relying on the weakest link in the chain to protect everything else. That’s not smart.
So, why do people use bad passwords and re-use the same credentials all the time? The answer is simple – it’s hard to keep a bunch of separate passwords straight, especially since every site these days wants you to sign in to do even the simplest of operations.
Well, fortunately there’s a good solution for this problem: I use an app called 1Password [http://agilebits.com/products/1Password]. It runs on my Mac, my iPhone and my iPad (there’s also versions for Windows and Android). 1Password stores all of my site usernames and passwords, letting me restore them by pressing a single button in my browser when I need to login. It also lets you store secure notes (credit card numbers, SSN, etc…) that you might otherwise leave unprotected. They have videos and screenshots on their site so you can see how it works.
All of the data in 1Password is heavily encrypted and the various versions sync between devices so I always have my complete password list, wherever I am. In addition, 1Password includes a password generator to create the sort of complex passwords that keep you safe. My Gmail password is a 40 character string of random characters – I’d never be able to remember it without 1Password.
I know there are other, similar solutions but this is the one I use. It’s some of the best money I’ve ever spent ($40 on the Mac, plus a little extra for the various devices).
- Mobile Device Passcode / Auto-Wipe
Do you have a smartphone like an iPhone or even a tablet like an iPad? If you don’t have a passcode on your phone, you are insane. What if your phone is lost or stolen?
There is a large market for stolen phones, not only because they are expensive but because identity theives know they are loaded with personal information. Don’t make this mistake! If someone can access your email, they can likely reset your bank password and other accounts. It’s often like a master key.
On iPhone, iPod touch and iPad, there’s an additional option to have the phone wipe itself if the wrong passcode is entered ten times in a row. Turn this on as well – it’s easy to restore your phone from a backup if you somehow triggered this inadvertantly.
Passcode options are in Settings -> General -> Passcode Lock
- Find My iPhone
For iPhone, iPod touch and iPad, Apple provides a free service called ‘Find My iPhone’. This allows you to track a lost or stolen phone, send an alert tone or pop up a message on the screen and most importantly, it allows you to remotely wipe the phone. Yes, you can send a signal that will erase all the data on the device, from anywhere.
This service is free for iPhone 4, iPad and iPad 2 users and will be part of Apple’s upcoming iCloud product coming this fall.
http://www.apple.com/iphone/find-my-iphone-setup/
- Change Passwords Regularly
For your most sensitive accounts, change your passwords on some regular schedule. For my banking stuff and email, I change my passwords when I change my clocks – twice a year. Again, using a password manager like 1Password helps to make this easier to handle.
- Bill Online Services to a Single Card
I’ve started to migrate all of my online service billing to a single credit card. That way, if it is ever compromised, there’s only one card out there - easier to cancel and also to update if need be.
- Good Luck
These are just a few simple steps but if you can move to start using more secure, indvidualized usernames and passwords, you’ll be a lot safer when a service you use is inevitably cracked. Yes, inevitably.
Enjoy your weekend and feel free to pass this along if you find it useful.