Tag Archives: password safe

New Christmas computer, part 1: password security

There it is – a shiny new laptop, desktop, or tablet running Windows. You can’t wait to go to your favorite sites: Netflix, Hulu, Pandora, Flickr, Pinterest, Facebook, and see how fast things download, how crisp and bright the new screen, how precise the touchpad and keys.

But if this new PC does not have anti-virus, a firewall, and other precautions, the glitter will soon be gone, and you’ll soon wonder why the problems you’re having in 2013 are related to that new PC.

New machines are a good time to develop new habits. Sure, there’s a little trouble now, but you’ll save hours of grief later.  Think of this as the moments required to fasten the seat belt in your car and perhaps a bit of discomfort – but compare that to the pain and expense of injuries incurred in even a minor crash if you weren’t wearing it. Minor decisions now can have major consequences later.

Habit #1: Use unique passwords on every site

Many people pick what they feel is a “good” password (long and complex, not easily guessed), but they use that password on many or all of their favorite Internet sites. There is a serious problem with this: if any of those Internet sites suffers the type of security breach like we saw many times in 2012, your password may become known to an adversary. Since most peoples’ userids are their email addresses, and because many people use the same password everywhere, an adversary who has discovered your password on one site will try your email address and password on all popular Internet sites and see which of those sites they can also log in to.

How to use unique passwords

It can be difficult remembering a lot of different passwords, especially good passwords. I strongly suggest you begin using a password vault. The best ones are Password Safe and KeePass, both of which run on Windows and Mac. The password generator feature creates strong, random passwords. The best feature of these password vaults is that they make it easier to use passwords: select the site you wish to log in to, push a button to copy your password, and paste the password into the password field.

The reason that unique passwords are powerful is this: if one site’s password database is compromised, none of the other sites you log in to are at risk, since the one site’s password is not used for any other site you use.

Let’s consider an example: you use Facebook, e-mail, and on your online banking site. Your Facebook password is compromised – the attacker uses your e-mail address (in your Facebook profile) and your password, and tries to log in to your e-mail. Since your passwords were the same, your e-mail account is now compromised. Next, the attacker tries to log in to several online banking sites, and finds yours – again, because you used the same password.

E-Mail Password Importance

The password to your e-mail account is especially important, because your e-mail is the key to establishing / recovering the ability to log in to many of your other sites. When you click “forgot password” or “forgot userid” on many sites, getting into those sites is often as easy as clicking Forgot Password or Forgot Userid, and then reading your e-mail to get your password or a link to reset it. An attacker who controls your e-mail controls nearly everything.

If you are not sure how to use Password Safe or KeePass, the sites (links above) have installation and user instructions. If you are still not sure how to proceed, write down good, unique passwords on paper and find a computer expert friend who can help you install Password Safe or KeePass, after which you can transfer your passwords into those programs.

Part 2: anti-virus