About two days a go I received an email from Evernote (a cloud based note taking tool) informing me that there was a security breach at Adobe that may have exposed private information, including Adobe passwords, email addresses and password hints of millions of users and is now for sale in the black market! The Evernote team did a cross reference and I was on the breached list.
The good thing is that I don’t use the same password for Adobe and Evernote. That’s a relief!
Evernote showed leading edge pro-activeness and technology leadership. Shouldn’t I have received something from Adobe by now? What happened to personal information security [PIPEDA]…ADOBE!
A common question from my clients is about the insane number of passwords they need to memorize to live in this digital age. Many IT security experts will tell you to make your password complex, 14 characters, use a different one, rotate it several times a year AND never write it down! Seriously?
After working with corporate and individual clients for over a decade the sacrifice of such a demanding regiment is security strategies that just fall apart, because they are unrealistic for the busy.
Here are 7 easy techniques that anyone can follow and feel safe (this is not suitable for computer accounts passwords):
1- Use alpha-numeric and special characters where possible: Don’t make it too simple. Add numbers and special characters [$ or !]. Did you know that if the word is found in the dictionary, it can be cracked in 8 seconds.
2- Do NOT tie a password to an email: The worst thing you can do is use a particular password when using a certain email, this is a bad practice because if one site gets breached it will have your email and the password that goes with it.
3- Categorize your passwords: Don’t use the same password for your online banking and your supermarket rewards. Break them up into 3-5 categories according to the value of information, for example; A – Highly secured bank account and other financial related accounts like pay pal, B- Emails, C- social media, D- Generic low impact etc.
4- Write them down: IT security experts will disagree with this! Write it down and keep it somewhere safe in your house (not in an open office where several people come by your desk). Your home is pretty safe and even if a burglar breaks into your home, the odds of him being a cyber criminal as well are extremely low.
5- Be creative: Try not to use your name or someone you love’s name and birthdate, try to look for other significant things that you can remember, and if you run out of options just look around you, find something visual you can remember, modify it to be more secured, (1966 Ford truck becomes 66F0rdTruck) and use it!
6- Use a password vault: There are several utilities out there that will save your passwords in an encrypted form, some are local like the Apple Keychain and some are cloud based and offer syncing options across your devices (the new Keychain in Mavericks and iOS 7). I am not a fan of the cloud ones as you are back to putting all your eggs in one basket and trusting somebody else with it!
I would stick with the local one and even with that; don’t put the most critical passwords there.
7- Password recovery is important: Whenever possible review the password recovery options and strengthen them with relevant and secure information, this practice will also educate you on how secure that site is with your password. Some will ask you several personal questions and some will just send you a reset link to your email.
Apple Certified Technical Coordinator