Password awareness


Wow, my selections on topics about Google was on fire this morning with stories about the new extension designed to keep your access to accounts safe.

Password Checkup is an extension for Google Chrome designed to:

Wherever you sign-in, if you enter a username and password that is no longer safe due to appearing in a data breach known to Google, you’ll receive an alert. Please reset your password. If you use the same username and password for any other accounts, please reset your password there as well.

Like many people, I have supposedly had my credentials taken in a breach somewhere along the line. This, determined from this website.

It was a wakeup call to me that all these warnings about not using the same password all the time actually made sense. I’m now far more cautious and use very unique passwords everywhere along with two factor authentication wherever possible. I’ve switched to a password manager on my computer to make difficult and unique passwords possible. I’m still not necessarily feeling 100% secure and, until something that comes along to make things more secure, will probably never feel that way. I don’t think it’s necessarily a bad idea either.

I do a spring cleaning periodically and close down accounts that I created at the spur of the moment and then kind of forgot about them. Having had an employer who had a payroll data breach makes the possibilities of problems very real. I think I’ve become a better user as a result.

The irony of using a plugin and browser from a company that relies on personal information isn’t lost on me either.

When was the last time you did a personal security checkup? Would you use a utility like this one? According to the extension site, 568 people are currently using it. Will you be 569?

Good Passwords


Check out the following page.

http://www.cbsnews.com/8301-205_162-57539366/the-25-most-common-passwords-of-2012/

This will take you to the 25 most commonly used online passwords in 2012.  Are you using any of them?  Hmm?

@bgrasley and I still marvel that “monkey” is still on the list!  I do know some people who have used those in the past.  It’s always a piece of good advice to tell them to change it to something more difficult to guess.

Why is it important?  Well, your password is the only thing that keeps hackers from your accounts, and ultimately your privacy and your money.  Biometrics may be on the horizon but we’re not there yet.  A person who guesses your password is, in effect, you online and is able to do things that you can.  Knowing how to protect an account is an important skill that all students should acquire.  I’d start by taking a list of popular ones and realize the damage that can be done.  I just noticed recently a well known individual from MIT end up being hacked on Facebook.  In this case, the hacker posted some information about a weight loss program.  Not good.  Having that password allows you to do all sorts of things.  Consider the following…

Name of the hacked person is hidden to protect them and the actual URL which is probably the destination for some phish website has been over written with red to hide it.

Intel has a great utility website to give you an idea as to just how strong your password is.  It’s located at:

http://www.intel.com/content/www/us/en/security/passwordwin.html

and it’s worth spending some time at.  Note the warning that your password doesn’t actually leave your computer but it’s a good idea not to use any real password anyway.  Maybe something close would give you a good enough idea of how good your password is.  So, how good is “monkey”?

Not good!  That advice is good for anything that’s found in a dictionary.

The nice thing to pass along to students is the information that Intel provides under the results.  It’s a really good summary of some of the ways to make your password difficult to guess.

The website is well worth the bookmark and a great idea to have students test potential passwords whenever new accounts are created.  Surely, you’re not about to use the same password on every site, are you?  are they?

So, how do you generate a good password?  Well, one way is to use this website.

http://strongpasswordgenerator.com/

(I’d add a character or two to the suggestions that it generates just to be sure…)

I generated one.

How good is it?

I think I’d be a great deal more comfortable with that security.  You just then need to find some way to remember it!  Contemporary browsers have the ability to remember passwords.  (Just make sure that you have a secondary control over the passwords in case someone sits down at your computer!)  Or, addons like LastPass do a terrific job.

Just don’t write your passwords down on paper!