Feature Friday: Password Management

I posted about The Interview last Thursday and the next morning I woke to a message from Facebook:

suspicous login attempt

I can’t imagine the login attempt on my Facebook was in reaction to my blog post about The Interview, but as Andy Grove famously said “only the paranoid survive” and so I spent some time changing passwords that morning.

I don’t want to get too much into my personal security setup but I will say this. I try out a bunch of services every week and many of them ask me to create a login. I use a fairly basic login for those services. But for anything that is serious, I like strong passwords that are unique for each service.

I find a password manager to be helpful in managing all of them. The big issue with a password manager is you are creating a single point of failure by using one. But if the alternative is easy to guess passwords that you use frequently, I think going with a password manager is the better alternative. A couple popular ones are Dashlane and 1Password.

I also use two-factor authentication on services that offer it and, as I have posted here, I like using the Authy app to generate the tokens for me on my phone.

One thing I have decided to change in the wake of that Facebook login attempt is to treat social media services differently. I used to think that social media services weren’t “serious security issues” and did not worry too much about them. I’ve decided that isn’t right and I now treat social media services similarly to banking and productivity services (like email and cloud storage).

But even if you lock down your own services tightly, you still have to be worried about what you put into email and other messaging apps because the person you send the messages to you may not be as secure as you are. That’s one of the many lessons from the Sony hack. A friend of mine told me she only puts into email things she is prepared to have read on the nightly news. That’s a high standard and one that I am going to strive for myself. Given the nature of my work, it’s going to be a hard one to reach.

I think we can expect hacking and other forms of attacks on our personal data and systems to increase significantly in the next five years. If you are looking for a good new year’s resolution, I think taking security more seriously, and specifically using unique strong passwords and two-factor auth on all of your important services would be a good one. I already do that but I am always looking to do more of this sort of thing. Andy Grove’s mantra is a good one in this regard.