My current work environment consists of mostly Macs authenticating against a MS Active Directory server (see my earlier post all about Joining Mac systems to Active Directory). One of the disadvantages of this setup – one that has prevented me from rolling out an agency-wide password expiration policy – is the fact that, when a user updates their AD-based password, Mac OS X, by default, doesn’t know how to automatically update the passwords that protect the users keychain.
(Quite) a while back, I wrote about getting serious about password management – with that under control, I wanted to write about the next step in personal data security – two-factor authentication (2FA).
What is 2FA?
Two-factor authentication is a process whereby, whenever you sign in to a site or service, you are not only required to input your password but to subsequently enter a numeric code provided to you on the fly, either via SMS or via a code generator app on your mobile device. This additional step helps to ensure that you are, in fact, you and not someone else who has gotten their hands on your password. Unless the culprit also has your mobile device, then 2FA serves as an extra layer of protection. Read More
April’s Heartbleed scare brought with it a lot of questions from my users regarding passwords and how to protect one’s data. As a recent convert to the wonders of 1Password (a topic for another post), it was a topic already on my mind.
I wound up scheduling a couple of lunchtime meetings for anybody to attend – in it, I gave a high-level overview of good password practices and then spent some time covering using specific tools such as 1Password.
After the fact, I posted a tech note to our help desk website as a reference resource for our users. Thought it might be useful to post here for anybody who needs a starting point for similar such efforts.
With all of the hacks, break-ins and data theft in the news these days, it’s important that we all take our password security seriously. Here are some tips on how to make your valuable personal data more secure.
Password Creation “Rules of Thumb”
- avoid simple word and number sequences
- avoid using facts related to your personal life
- complicate passwords with special characters and random numbers
- make passwords as long as possible
- make each site password unique
Password Management Tools
Following the above “rules of thumb” will necessitate using a password management tool like 1Password or LastPass – these utilities give you a central, secure place to store your sensitive password information and make it easy for you to access that information from within your web browser.
The key to successfully using a password management tool is to go “all in” with it – dedicate yourself to doing the up-front work of inputting as much information as you can and you’ll find that using a password management tool is something you can’t live without.
Tips for Importing Information in to a Password Managemet Tool
Take the time to root out any existing logins you may have and get them in to your tool of choice right away. Some places to look include:
- any spreadsheets, text documents, etc. where you may have stored login information
- the saved logins in your existing browsers (Chrome / Firefox / Safari)
- your email – look for any emails you may have received confirming the creation of web site accounts
You can also take advantage of your tool’s ability to add logins to your database as you log in to the site itself.
Improving Your Personal Security
Once you’ve successfully populated your login database, consider these additional steps:
- audit your login collection and identify any that contain sensitive information (banks, email, Google, etc.) – reset each of these passwords to something unique (from one another) and complex. Consider using a password generator – 1Password / LastPass – to help with this.
- set your web browsers to NOT save logins (and delete any previously-saved logins)
- uncheck “Remember Me” from any site logins you visit
- enable two-factor authentication wherever possible