This month… more information about passwords, tech news & some useful links for your navigational and listening pleasure.
Password management – update
We’ve talked in-depth about passwords and password management before, but in the ever-changing landscape of IT security, there is always more to say, and the recent Equifax breach is a timely reminder – especially as it seems that someone was using ‘admin’ as login and password in Argentina…
Putting a face to a password
Facial recognition is also in the news at the moment, partly because of the new iPhone launch. There are concerns about security implications – yet many people don’t even bother to password-protect their phones, which is of far greater concern. On the whole we think there are more positives than negatives.
Security & friction
There is always a balance between security and ease-of-use. It would be possible to create a highly effective login system based on running DNA analysis every time you wanted to access Facebook, but we suspect usage might fall rapidly. This ‘friction’ is the biggest barrier to security: make it too hard and people will either not bother or find workarounds – but make it too easy and there’s no benefit. Creating a really complex password and then writing it on a post-it note on your monitor is an obvious example.
Reducing friction – Password managers
Reviewing recent breaches, it is apparent that the two biggest problems coming up again and again, are caused by users. Unsurprisingly these are weak passwords and re-used passwords. You should avoid both.
We strongly recommend using a password manager which enables you to easily use a different, complex password wherever you need one (LastPass is the one we use).
But in critical areas, passwords are not sufficient – you should also enable two-step verification. How does this work? For instance, each time you log into your bank account , you probably enter a code from an app on your your phone or a gadget on your key ring. This confirms that the login is genuine.
Using two-step verification
Consider where two-step verification is valuable. We suggest it should always be used for accounts that if compromised could damage your reputation or cost you money. These might include:-
- Password management (Fortunately, on Lastpass, it only takes minutes to setup)
- Online accounting systems
- Email (when you log in on a different computer)
- File systems – e.g. Dropbox
- CRM systems – and anywhere you store customer data
- Twitter, Facebook and other social media sites – depending on the implications of a breach
For other services – news websites etc. it’s perhaps less important, but you should use complex, unique passwords for each – the only way to securely do so is to use a password manager as already mentioned.