Sunday, May 11, 2014

The Bleeding Hearts Club

I'm sure everybody has, by now, heard of the Heartbleed security bug. Those of you that haven't well, that's quite a rock you live under, and people call me sheltered!

Despite the majority of websites patching this hole, you should still change your passwords, not just because it's possible that your account has been compromised but hasn't been hacked yet, but also because the majority of people duplicate passwords across multiple websites. I'll admit it: I'm guilty of this too.

In the aftermath of the leak, I've endeavored to make every web account I maintain have a unique password, and I recommend that everyone else do the same. I myself have a lot of accounts out and about, so I know it's a big project, but I've put in a week's effort, and I'm about 85 percent there.

But this is difficult to do, for two primary reasons: first, it's difficult to come up with unique passwords for everything, and secondly, it's ever harder to remember all those passwords. Let me assure you, though, that both of these problems are easier to solve than you may think.

Coming Up With Unique Passwords
For the more creatively-minded people, this may just become a mental exercise. For the less, you may need to go find a password generator. Once you get the hang of it, it's actually relatively easy.

I've used everything from childhood games (thefloorislava) to favorite characters (tworrsinhorrible) to obscure mythology (dagonsayshi).

A few things to note: longer passwords are more secure than short, computer-generated nonsense passwords; sprinkle leet in periodically to keep real-word-looking passwords while still protecting yourself from dictionary attacks, or obscure or intentionally misspelled words; most websites do not check passwords for explicit content.

Remembering All Those Passwords
I'll admit that owning a cell phone, smart or otherwise, has stunted my memory. I used to have a lot of phone numbers memorized, but now have to rack my brain for my parents' cell phone numbers. My recent decision to live without bookmarks and browsing history (an additional security thing) has helped work on my memorization, but not a lot.

That's why I have a password vault. It's a secure storage program that holds all my login information for everywhere that has a unique password, and requires a 30+ character password to unlock. Thirty characters is a little excessive, but I think paranoia in this circumstance is a good thing.

There are a lot of vaults out there, and they're not all created equal. I'd give you my recommendations... but you should do your own research and find one that suits your needs.