Here at Nexcess, we deal with lots of passwords. Passwords for SSH, passwords for e-mail, passwords for intranet sites, passwords for VPNs. We have passwords that fall within the client realm things like webmail, control panels, e-mail, FTP…the list goes on. I can also safely say that we all have passwords for personal services like e-mail, calendaring, and various forums and blogs. With all of these passwords in our life, how can we be expected to remember them all AND use secure unique passwords? The ugly truth is that most of us probably don’t.
Password re-use is probably the single biggest security issue on the internet today. In recent years, account information released from popular websites where people would tend not to think about security has led to proof that password re-use is a huge problem. Lifehacker had an article recently that talks about the Gawker hack (and others) and other sites that were compromised. The point here is that login information stolen from random websites was just plugged in at other locations and yielded very sensitive information, such as access to personal E-Mail and banking sites.
What can you do to secure your passwords? Get creative! There is tons of great free open-source software out there to help. One option would be to use a password manager such as the one built into FireFox (which, since FireFox 4, works with Sync to share this information securely with your other computers / OS installations), or KeyPass (and even integrate it with FireFox or use it with other helpful plugins). Another idea is to use The GNU Privacy Guard (‘gpg’) and store the encrypted file on some secure file sharing platform like Dropbox. These are all great options that are fairly easy to use and can be very secure if set up properly.
Here are some things to keep in mind:
- Salt — All good passwords are salted!
- Stay away from the obvious — No names of children / pets / people close to you, birth dates, or other super obvious things should be in your password
- Get a system that works for you, not against you. If it’s difficult to use, you probably won’t keep using it.
Further Reading from lifehacker.com:
How to Update Your Insecure Passwords and Make Them Easy to Use
How I’d Hack Your Weak Passwords
Secure Your Online Life the Easy Way