Another day, Another Breach
“Another day, another breach”. A colleague said that to me the other day in response to a database of 560 million passwords that surfaced online. This got me thinking about passwords again.
Every time I read a security blog or newspaper article about passwords, at some point they will ask the question. Are passwords dead? Meaning are we going to start using biometrics, heuristics, etc. instead of passwords. Nobody likes passwords. They are a pain to remember, and now people like me are telling you that you need a different one for every website!
Unfortunately, passwords are not going away. Biometrics is not a good alternative because you can’t change them. If someone gets your biometric data, then they have your password. Heuristics could be a good alternative but it isn’t ready for prime time yet to replace your password. So, if passwords are not going away, what should I do to keep myself safer? Well, there are several things you can do, and one of them you already know.
Do You Have a different password for every site?
This might sound daunting. And who is going to guess Summer17!? Well, everyone is going to guess it. Also, if you use the same password for your ignored AOL account, that you use for the Home Depot account, then you could have a problem. Think about this. If Home Depot gets compromised and they are then able to get into your AOL account, no problem, right? What if the AOL account is the backup account for Gmail, in case you forget that password? Then they could reset your Gmail account with your AOL account, and bam they start resetting your bank accounts because that uses your Gmail as the backup. See the snowball starting to happen? So, there are two things you can do to help stop this. Either write down on a piece of paper, every single password that you have and keep that paper very safe. Or use a password manager like LastPass, Dashlane, or 1Password. Some even automatically rotate password for you, so you don’t have to even do that. Also, you