PSA - update your passwords
I know that it's a pain to remember oodles of passwords. But best practice is to have a different password for every site. And then you need to make it hard to guess, but easy to remember. There are several ways to do this. But the easiest for me is to not remember them. That's right. I don't even know my passwords. Or rather I know one really pain in the ass password and then an application that I have keeps track of the rest. It even generates them randomly for me, so I really don't have to remember them at all. It has an added bonus of reminding me to change them.
I'm using a password manager called keepass (I'm actually using keepassx, because the user interface works better on my netbook, but it's essentially the same.) On first run, you'll set up a new database. It gives you security options for it, I opted for a combination of keyfile and password. So if you know my uber password, but don't know the keyfile you still can't get at my other passwords. I backup my keyfile and the database to a secure online location manually, just in case my harddrive dies. I also keep a copy locally on another drive. It isn't 3,2,1 (3 backups in 2 locations with at least 1 offsite), but it's good enough for me. I should find another backup location online, but I'm not sure where. Everytime you sign up for a new site and it needs a password, use keepass to create an entry and generate a password. I set a timer for how long the password is good for, so that I can generate a new one in 6 months. I could do it weekly if I was truly paranoid.
Just copy and paste the password from the database to log in. It can even be masked the entire time, so you don't even know what the password consists of. It's beautiful.
I admit, it's a bit of a bear to get started, but it really helps to keep your online presence secure. It might seem like overkill, but if your twitter gets hacked is it the same password as your email? And what about your bank? Credit cards? Amazon? The Apple Store? In my opinion it's better to be safe.
As an exercise, just in case you still think it's overkill, keep track of how many different services you use during the next week and how many have the same password as a year ago. That's a long time. And how many use the same user name AND password?
Just be safe and save yourself from potential heartache.
</psa>
I'm using a password manager called keepass (I'm actually using keepassx, because the user interface works better on my netbook, but it's essentially the same.) On first run, you'll set up a new database. It gives you security options for it, I opted for a combination of keyfile and password. So if you know my uber password, but don't know the keyfile you still can't get at my other passwords. I backup my keyfile and the database to a secure online location manually, just in case my harddrive dies. I also keep a copy locally on another drive. It isn't 3,2,1 (3 backups in 2 locations with at least 1 offsite), but it's good enough for me. I should find another backup location online, but I'm not sure where. Everytime you sign up for a new site and it needs a password, use keepass to create an entry and generate a password. I set a timer for how long the password is good for, so that I can generate a new one in 6 months. I could do it weekly if I was truly paranoid.
Just copy and paste the password from the database to log in. It can even be masked the entire time, so you don't even know what the password consists of. It's beautiful.
I admit, it's a bit of a bear to get started, but it really helps to keep your online presence secure. It might seem like overkill, but if your twitter gets hacked is it the same password as your email? And what about your bank? Credit cards? Amazon? The Apple Store? In my opinion it's better to be safe.
As an exercise, just in case you still think it's overkill, keep track of how many different services you use during the next week and how many have the same password as a year ago. That's a long time. And how many use the same user name AND password?
Just be safe and save yourself from potential heartache.
</psa>