My latest at ProfHacker: Security Housekeeping

Cloud-shaped padlockIn the last few years, we’ve written quite a lot about online security in this space.

One of the keys to security is to use secure passwords. Since really good passwords can be difficult to remember, password managers are really useful, and we’ve reviewed a few, including LastPass (which is being acquired by LogMeIn) and KeePass.

But secure passwords aren’t enough; it’s also important to change your master password regularly and to use two-factor authentication whenever that’s available (as I learned when LastPass got hacked this summer).

A downside to using a password manager (for me, at least) is that it’s easy to become complacent; since the software generates secure passwords for me, I don’t think very often about changing them. Yet even secure passwords should be changed regularly.

Fortunately, I recently spotted a tool in LastPass that would check whether I had any compromised, weak, duplicate, or really old passwords. It found several, including some for accounts that I hadn’t touched in years (and in some cases, didn’t even remember that I had). I updated passwords as needed, and closed some inactive accounts. No doubt other password managers have similar tools.

From now on, running a check on my passwords will be part of my end-of-semester routine.

Do you have a favorite password manger? Are there other steps you routinely take to keep yourself secure online? Let us know in the comments.

[Creative Commons licensed photo by Flickr user FutUndBeidl]

from ProfHacker » Amy CavenderProfHacker – Blogs – The Chronicle of Higher Education

One Response to “My latest at ProfHacker: Security Housekeeping

  • Bob Goldstein
    1 year ago

    Amy, I’m concerned that, in your otherwise excellent article, you recommend changing passwords often. NIST, and more recently The Centre for the Protection of National Infrastructure (UK) recommend against this, or at least point out the efficacy is quite small. If you have any suspicion your account is compromised, of course you should immediately change your password. But absent any suspicion, changing passwords preemptively does NOT make the password any harder to guess at all. And if you password is actually compromised (without any knowledge or suspicion), changing it every few months is not often enough to mitigate any risk or damage. If you are concerned that standard passwords are not secure enough (and you should be!), something like two factor authentication is a significant step forward. But aging passwords does not help.

Leave a Reply