Passwords are a pain in the neck. Worse, re-using passwords on multiple accounts is a really BAD idea. It most certainly leads to a breach at some point.

31040441_lHere’s how.

Let’s say your email is ‘imspecial@ g*mail.com’, and your password is ‘SpecialMe1‘. I think we can all agree tht this scenario is not good – but for argument’s sake, let’s keep it simple.

Let’s pretend you’re traveling for work.  Your laptop battery died and you forgot your charger at home. So you login to the Hotel’s Guest computer to check your email. Not surprisingly, that machine has been compromised and had a spyware trojan keylogger that captures your email credentials secretly running ‘behind the scenes’.

This certain spyware also captures and uploads each email and password to the hacker’s website as unsuspecting hotel guests enter their information. Next, the hacker starts trying to access bank accounts, Facebook, and other social media accounts.  With a little persistence, he will have sucess. Oh, and then, Mr. Criminal Hacker logs into your email account, changes the password and signs up for a credit card account in your name. He gets the information he needs from the read emails still on your account. Bam! you’re $20K in debt.

To make things worse, he accesses your work computer through one of those remote access services like Go 2 My PC, or Log Me In.  Bummer, your entire patient database is gone, into the black hole of the dark web. The criminals are having their way with your patient’s identities.

10279234_lBut wait, alas this is not you! Why? Because you’ve been paying attention and taken the advise of your Trusted Technology Adviser. You’ve been using a “Password Manager” for months now! Hurrah!

Well, maybe none of these scenarios have happened yet. Let’s be thankful.  It’s not  far-fetched – really!  If you are serious about fixing the password headache, read on. Here are three options for managing your passwords.

Basically, these function very similarly. The first two are applications that run on your phone, or desktop, or just live on a thumb drive.
Essentially, you create a new safe file and assign a strong master password to secure the password safe manager. Then, you let the Password Management software generate unique and secure passwords for all your accounts thus only having to remember the master password.

  1. Password Safe. This is one of the two we recommend and use internally. It is free, Open Source Software. It was originally created by Bruce Schneier, an internationally renowned security technologist. Pretty simple to use, and works well to keep it on a thumb drive, or sync it using a private sync solution.

    “As a cryptography and computer security expert, I have never understood the current fuss about the open source software movement. In the cryptography world, we consider open source necessary for good security; we have for decades. Public security is always more secure than proprietary security. It’s true for cryptographic algorithms, security protocols, and security source code. For us, open source isn’t just a business model; it’s smart engineering practice.” Bruce Schneier, Crypto-Gram 1999-09-15

  2. KeyPass – Open source password manager. Like Password Safe, easy to use and very secure as the code is maintained by the community. I really like these two because you can keep them on a flash drive attached to your key ring so nobody but you has access.  Don’t drop your keys!
  3. LastPass – Commercial application with Cloud Syncing. Less secure because it’s in the cloud, but based on how the company conducts itself, pretty darn secure.

In our next posting I’ll be putting up a video on how to setup and use these password managers.

Stay safe out there!

 

Leave a Comment