April’s Heartbleed scare brought with it a lot of questions from my users regarding passwords and how to protect one’s data. As a recent convert to the wonders of 1Password (a topic for another post), it was a topic already on my mind.
I wound up scheduling a couple of lunchtime meetings for anybody to attend – in it, I gave a high-level overview of good password practices and then spent some time covering using specific tools such as 1Password.
After the fact, I posted a tech note to our help desk website as a reference resource for our users. Thought it might be useful to post here for anybody who needs a starting point for similar such efforts.
With all of the hacks, break-ins and data theft in the news these days, it’s important that we all take our password security seriously. Here are some tips on how to make your valuable personal data more secure.
Password Creation “Rules of Thumb”
- avoid simple word and number sequences
- avoid using facts related to your personal life
- complicate passwords with special characters and random numbers
- make passwords as long as possible
- make each site password unique
Password Management Tools
Following the above “rules of thumb” will necessitate using a password management tool like 1Password or LastPass – these utilities give you a central, secure place to store your sensitive password information and make it easy for you to access that information from within your web browser.
The key to successfully using a password management tool is to go “all in” with it – dedicate yourself to doing the up-front work of inputting as much information as you can and you’ll find that using a password management tool is something you can’t live without.
Tips for Importing Information in to a Password Managemet Tool
Take the time to root out any existing logins you may have and get them in to your tool of choice right away. Some places to look include:
- any spreadsheets, text documents, etc. where you may have stored login information
- the saved logins in your existing browsers (Chrome / Firefox / Safari)
- your email – look for any emails you may have received confirming the creation of web site accounts
You can also take advantage of your tool’s ability to add logins to your database as you log in to the site itself.
Improving Your Personal Security
Once you’ve successfully populated your login database, consider these additional steps:
- audit your login collection and identify any that contain sensitive information (banks, email, Google, etc.) – reset each of these passwords to something unique (from one another) and complex. Consider using a password generator – 1Password / LastPass – to help with this.
- set your web browsers to NOT save logins (and delete any previously-saved logins)
- uncheck “Remember Me” from any site logins you visit
- enable two-factor authentication wherever possible