Skip to main content

Security Tips - Passwords and Logins

Passwords are something we all have to live with. There are other authentication methods slowly coming into use (i.e. two-factor) but it's hard to see passwords going away anytime soon.

I assume everyone knows the basics - use "good" passwords, don't share them between sites, don't write them on a sticky note on your desk, don't save them in a file named "passwords.txt" on your computer, etc etc.

That's all well and good, but there's so much more you can do!

Good Passwords
A "good" password is hard to guess, is what we're told. I think most people are unclear about what exactly "guess" means. These days, it means that it needs to be resistant to password cracking attacks that are getting ever more fast and sophisticated. Just making sure that you have numbers, characters, upper/lower case, etc isn't enough.

The gold standard most important thing about a password is that it is long. The longer the better. This isn't a post about password cracking, but believe me the math shows that a long password with no special characters or even numbers is still way better than a short one that has them. This is crucial.

So, think in terms of passphrases, not passwords. The human brain can remember a more or less nonsense list of several words as easily as a nonsense string of letters/numbers/punctuation. And it ends up being way, way longer. One passphrase I use a lot has 30 characters - from 5 words plus a number.

There are sites out there that will generate nice random passphrases for you. I'd recommend using one!

Password Managers

And where will you keep all those passwords? No, not in that "passwords.txt" file. Use a password manager. There are many out there, like LastPass. You can also save them in your browser. All these are better than using the same password on more than one site. If you use the same password on crappy sites as on your email or bank site... you're in trouble.

Personally, I prefer to use a local password manager that saves the passwords encrypted on my computer. By not using a service, I'm not vulnerable if the service gets hacked. And it works even without internet. I just throw the file in dropbox to make sure I have it backed up well (in addition to the usual computer backup). It also runs on just about any platform you can imagine. Because the file is saved in dropbox, I can share it with other people if desired.


Two Factor Authentication (2FA)

I'm sure most of you have heard of it, if not google it. But I recommend turning on 2FA anywhere you can - at least the kind that verifies via SMS.

Security Questions

In my opinion, security questions are a disaster. Sometimes you'll be forced to use them - don't use real questions and answers! Anything that can be researched or guessed is a possible way for someone to take over your account. I save the question and gibberish answers in my password manager. Treat them like a password.

Your Email is Critical

Now, more than ever the security of your email is paramount. Most websites have a 'forgot password' system tied to an email address. If someone gets access to your email, it's a simple step from there to taking over your other accounts. If you protect nothing else, protect the email account!

Comments

Popular posts from this blog

Using FIle FIlters in FileZilla

Here's a handy tip for situations when you want to download a large number of files - but only of a certain type. For example, perhaps you want to download all the PHP files from a largish website, scattered through many subdirectories. Perhaps you're making a backup and don't want any image files, etc. FileZilla (still the best FTP in my opinion) has a handy feature called filename filters - located under the Edit menu. Here you can set various filters that filter out files based on their filename. Took me a minute to figure that out - you're saying show only PHP files, rather you're saying filter out files that do not have ".php" as their suffix. For some reason, that seems a little backwards to me, but whatever. It works quite well. You can also check whether the filter applies only to files, only to directories - or both. In this example, you'd want to check only files, as otherwise you won't see any directories unless they happen to end in...

Great google article

Over on Maximum PC - there were a few things I didn't know you could do with the various Google apps. One is uploading files to google docs - any file. Which ties in well with my previous post about storing passwords - I uploaded a copy of my password safe file to google docs as a backup. Can't hurt, right? Also, I wasn't aware that you could set up forms in google docs that act as surveys, and then store the results in a google docs spreadsheet. This is a little alarming, as a decent amount of my work involves coding up custom surveys similar to this...

Cleaning content from OpenOffice using Perl

Open office is great software for a number of things - I use it as my office software instead of paying a premium for Microsoft office. But one thing it's not so hot at is converting documents to clean HTML. And one of the main things I use it for is adding content to sites that clients send me in word files or excel spreadsheets. Of course, you can always cut and paste, but that loses a lot of formatting. For example, if the content uses a lot of italics, bold text, etc. it can be a huge pain to go back and put all that back in. Another common situation is a client sending some sort of tablular data in a spreadsheet - for example a list of events. It's the kind of data that can change a lot, and it also needs to be in a table with some decent formatting to be usable. Doing it manually is a lot of grunt work. But grunt work is what computers excel at, and I'm not very good at. So I've developed a number of perl scripts to help streamline this kind of job. I'll go ...