The PlayStation Network hack a few days ago which resulted in Sony losing the private data (including unencrypted mail addresses, usernames and passwords) of 77 million users should be reason enough for everyone who’s doing anything online to change passwords for every login to something unique. This way no stolen password can be used to access other services you are using. As soon as someone has access to your mail account, it is easy for him to reset passwords on other services you are using.
So how do you change every password to a unique one without going crazy or forgetting passwords on a daily basis? 1Password. This fantastic tool is available for Mac, Windows, iPhone, iPad and Android. It can sync your encrypted data between devices using a free Dropbox account so you can take your secure passwords everywhere you go. You have to remember exactly one password which is used to encrypt all account data you store in 1Password (including credit card data, software licenses and more). The great news: you can make this one passwords a very secure one because you only have to remember one password from now on.
When visiting a website that requires a login you just hit a shortcut and 1Password logs you in. If 1Password hasn’t been unlock yet (after a reboot or sleep mode of your computer) it asks for your secure master password. You don’t need the site specific password which is random, so you have no chance of remembering it after all.
Yes, something like:
wJWHElzZp0OFMVzPGtl5vcDv or even
The first example is pronounceable which is good in case you have to type it in an iPhone app or a computer not synced to your 1Password data. Make it longer and it should be secure enough for almost everything, or just use completely random passwords. Remember, when the computer you are using has 1Password installed, a browser extension does all the work of logging you in on websites.
Secure Security Questions
What about security questions like “Your first pet’s name?” or “The name of your high school teacher?” Those aren’t very difficult to answer if you ever posted personal stuff to Facebook, Twitter, etc. Even if you haven’t posted the answers to your security question, a friend might have asked how your little puppy [insert name here] is doing. This is exactly how Salma Hayek’s MobileMe account was hacked — by looking up her birthday on Wikipedia and guessing her favorite character (the password hint) as “frida”, one of Hayek’s roles. (pcworld.com).
The answer (literally) is random security question answers. Just store them in the note field of your account entry in 1Password. It will be encrypted like the rest of your data and should you ever have a problem logging in (or someone tries to hack your account) just copy
sdf094ut$df%_dfs4t into the answer field as your pet’s name. (Don’t name your pet like this, ok?)
Even More Account Security
So, how do you further improve security of you accounts after using a different, random password for every account you own? A second way of verifying your identity when logging in. Google’s 2-step verification which asks for a verification code when logging in from a new computer or device. The code can be generated using an iOS or Android app. You also print a backup list of codes in case your phone is broken or the battery is dead. (Google Reader clients, mail programs and other applications that are not browser based use a randomly generated password which can be revoked on Google’s site should it ever be compromised.)
PayPal can also be set to require a code after logging in with your password. It can be sent to your phone as an SMS. It is called PayPal Security Key and is free.
One thing to remember is to actually remember your master password and keep backups of your 1Password data. But your making backups on a regular basis already, right?