Yesterday, a group of friends and I were discussing differences between when we were growing up and today. I still remember some of my phone numbers from when I was a kid, but can't remember my partner's number, or even my daughter's number. Have we gotten lazy with the advent of technology? Maybe, although the fact that we don't have to dial numbers in most cases anymore may be more of it. That got me thinking about what we do spend our energy memorizing that we didn't before.
This morning I came across this: "LinkedIn data breach blamed for multiple secondary compromises" and it got me thinking. What do I spend all that energy on? Passwords.
How many different passwords do you use each day? How many do you only use occasionally? How do you save or remember them? Some people use protected files, so use paper, some use online applications. I even know someone who wrote their own password generator that they can use to recreate passwords. Many of us use some combination of memory, other methods, and hope.
Unlike many of the topics I'll discuss in this blog, I haven't yet seen a truly elegant and safe way to manage all passwords. Applications are probably the best option out there today, although there is always the risk of a data breech, someone figuring out your root password, someone social engineering the company into giving them access, or losing your own access. Two factor auth works great for a small number of highly valued systems, but no one wants to carry around an object from every company they do business with. Phone code generators are another good option, as long as you aren't likely to lose your phone and have a hard to guess passcode. Have you seen something in the area of identity management that you think truly changes the playing field? If so, I'd love to hear about it. Until then, understand what you're trying to protect in each case, who you need to protect it from and how much security you need for that system, and make a reasonable choice. And of course, if a system you are a customer of has a data breech, make sure to change that password, as well as any you've used on other sites that would be guessable from the first one.
This morning I came across this: "LinkedIn data breach blamed for multiple secondary compromises" and it got me thinking. What do I spend all that energy on? Passwords.
How many different passwords do you use each day? How many do you only use occasionally? How do you save or remember them? Some people use protected files, so use paper, some use online applications. I even know someone who wrote their own password generator that they can use to recreate passwords. Many of us use some combination of memory, other methods, and hope.
Unlike many of the topics I'll discuss in this blog, I haven't yet seen a truly elegant and safe way to manage all passwords. Applications are probably the best option out there today, although there is always the risk of a data breech, someone figuring out your root password, someone social engineering the company into giving them access, or losing your own access. Two factor auth works great for a small number of highly valued systems, but no one wants to carry around an object from every company they do business with. Phone code generators are another good option, as long as you aren't likely to lose your phone and have a hard to guess passcode. Have you seen something in the area of identity management that you think truly changes the playing field? If so, I'd love to hear about it. Until then, understand what you're trying to protect in each case, who you need to protect it from and how much security you need for that system, and make a reasonable choice. And of course, if a system you are a customer of has a data breech, make sure to change that password, as well as any you've used on other sites that would be guessable from the first one.
RSS Feed