This month has been a fairly busy month in the area of password security, especially with news of improved password cracking techniques and the social engineering attack on Mat Honan’s accounts. To help you defend yourself against these attacks, I’ve included some of my favorite posts detailing what you can do to protect your online accounts.
Security Now Episode 366 – Security Now is a great podcast, and always has some great information on tech security in general. In this episode, Steve and Leo talk about how “clever” password techniques really don’t work any more.
Sites that use Two-Factor Authentication – Lifehacker provides a great list of sites that allow you to use Google Authenticator or your mobile phone to receive one-time codes when logging into sites from a computer or mobile device. Two-factor authentication is a method of adding “something you have” (your phone), to “something you know” (your password) to provide a layered method to logging in to your accounts.
GRC Haystack Tool – This page does a great job of showing how well your password stacks up against large password cracking arrays. It’s important to note that the conclusion reached here is that a longer password is better than a short “clever” password. (See Security Now link above.)
Best Password Managers – Gizmodo covers their favorite password managers here. Using a password manager allows you to generate a random long password for every site that you visit. This limits the impact of individual site hacks to your password to only the attacked site. Combined with two-factor authentication, this is a pretty secure combination in my opinion. I use Keepass personally, with a keyfile and long master password, to keep my passwords secured. It is imperative that you select a long master password if you are using one of these managers.
Have any questions or suggestions? Feel free to leave a comment below.