Spring is Here: Time to Clean Up Your Passwords!
As you know, I tend to post quite a bit about data privacy as well as its pesky cousin, data security. Now, just to make sure that we are all on the same page here, some definitions for you to ponder:
- Data privacy issues revolve around the collection and (most likely) digital storage of your personal identifiable information that may include (but is not limited to) healthcare, criminal, financial, genetic, ethnic, and residential information. The issue of privacy usually arises when that information is either improperly disclosed or whether there is no disclosure policy in place which leads to disclosure of that information. (Do I sound like a lawyer?) In short, either your expectation of privacy or the legal expectation (via regulation) of privacy may have been violated.
- Data security is the way in which your data (personal and everything else) is kept safe from corruption and is “suitably” controlled in terms of whom and what has access to it. In other words, data security helps to ensure data privacy as well as protect your personal data. And yes, a data security breach can lead to a data privacy breach.
Now you, like me, may often feel that data privacy is beyond your individual control. That’s just not the case. As a digital trekker (you know, web surfer), there are things that you can (make that should) be doing to protect the security of your data.
The most important? It’s all your passwords! You should have a different password for every website you visit that requires it. You should never, ever, use the same passwords for private and work activities. And all your passwords should be strong. What does strong mean? It means the length and complexity of your password—at least 14 characters long, using the characters available from your entire keyboard, and never including your personal information in it (such as your birthday, social security number, name, you get the picture). Microsoft has a handy password creation cheat sheet and password checker for those of you who would like a little assistance.
Yes, this is a pain. But if you do it, it will be much more difficult to become a security breach victim. If you don’t, you could be the victim of a phishing attack (a way to acquire your personal information by acting as a trusted source) or a cyber hack such as what happened at eHarmony. In both cases, if you use the same password for multiple accounts you have increased your chances of a multiple data security breach. And as this recent research from Security Group at the University of Cambridge Computer Laboratory points outs, when two websites were recently hacked (with passwords hashes stolen and then cracked), 76% of the overlapping customers used the same password at both sites! Say it with me: a different password for every site.
Okay, I know that if you are like me, the thought of changing and tracking all new passwords for every site is, well, exhausting. You have some options though. You could use something like LastPass (it’s free) which is a password manager that manages all your passwords, will generate strong passwords for you, and all you have to do is remember one password: the one to your LastPass vault. I use LastPass for all my work passwords. Or you could go “old school” (I do this for my personal passwords) and create your own strong passwords for each site. Of course, when you do this you will have to keep track of those passwords as well as update them when you change them. I am very old school and keep my personal passwords offline (remember paper?) in a secure place that does not scream out to any would be burglars “here’s my password file that you can use to hack me.” If you chose this method but decide to keep a password file online, please do not name the file “My Passwords” (chose something innocuous that only you would know the true meaning) and absolutely encrypt it (yes, another password to remember).
So get cracking (pun intended)! Update all your passwords and make sure that they are strong, are different for every site, and securely stored: let the spring cleaning begin.