How to Take Care of Your Passwords and Security Questions

Posted on April 16, 2008, under Security, Tools and Services.

It’s real easy telling which sites store your password, and which sites store a one way hash. At any web site, click on the "forgot password" link. If the web site gives you the option to reset your password, then chances are they are only storing a one way hash. If the web site emails you your password, then they are storing your password, and sometimes what is worse they might be storing it in plain text.

I always advise to use a a different password for each site, even if it’s a slight variation of one. All major browsers offer the option to remember your passwords for you, which helps if you have numerous logins like most people do. You can also use an application like KeePass, to generate and store your passwords for you.  Multiple passwords is manageable, and makes it harder for someone other than you.

Your email password should be the strongest and absolutely unique, because your email is far too important to be compromised. Put data theft and identity theft aside, which are very important. But your email is where reset password links are sent, where passwords are sent, where verification links are sent. If you lose control of your email, you are finished. If you work within a company, everyone else’s security is only as strong as the weakest user. With online services becoming more and more popular, shared documents can be compromised very easily if someone still has the default password set for their account.

Your security questions are just as important to protect as your passwords, if not more important. These days social engineering has become very popular. Where someone who knows enough about you can fill out the form to recover or reset a password, just the same as you can. So here are some tips to use with security questions:

• Never use the same question for more than one service.
• Do not use one word answers. For example for the question "Your dogs name?" Don’t use "Fido" as an answer. Use "Fido my Jack Russell Terrier".
• Change your questions and answers often.
• Add a unique word, something to do with the web site or service to your answer.

• About Matthew R. Miller

  

NetGrid Studio

• Recent Entries

  • Don’t You Think Plaxo Has Backups of Their Databases?(0)
  • NetGrid Studio 5 Released! Savings Inside…(0)
  • Microsoft, You Have Made Vista Hard to Develop For!(2)
  • OK, Mahalo Vlog Idol Is Funny(0)
  • Why Is Yahoo Motivated All of Sudden?(0)