NEW YORK (MainStreet) — In light of recent data breaches, Nancy Shenker uses several passwords, which could prove difficult to keep straight. But now that she subscribes to a cloud based password-keeper, the New York-based founder of marketing company theOnswitch is more organized than ever.
“Whenever I change a password, I take a few minutes to log it and the date I made the change,” Shenker told MainStreet.
After researching password maintenance options, Shenker settled on aWallet, which allows her to store rental car and frequent flyer accounts.
“I like this particular service, because it allows for categories, which is very intuitive,” she said. “I never miss a discount when on the road.”
Shenker is one of many Americans who are making an extra effort at password hygiene.
“Passwords open many doors on the Web but plentitude of those passwords encourages their reuse,” said Alex Holden, chief information security officer with Hold Security. “Each site should be treated as another door and should have a complex password to lock and protect it.”
Some 43% admit to using the same password for more than one important account and 58% have more than twenty password-protected online accounts, according to an F-Secure study.
"You should enable two-factor authentication, and use a password manager to store your passwords,” Sean Sullivan, security advisor at F-Secure in San Jose. “Don’t even try to come up with strong, unique passwords instead let the password manager do it for you."
Password hygiene surged to the forefront of public dialogue last month when Hold Security announced that a Russian gang hacked some 5 million email addresses and passwords known as credentials.
“The CyberVor gang might have stolen credentials that belonged to an e-mail address that you no longer access or a password that you haven’t used for more than a decade or even a default password automatically assigned to you by a website,” Holden told MainStreet. “The sheer number of credentials can potentially open a door to many systems and accounts.”
Without a management system, the average consumer resorts to using one password for all accounts rather than laboriously keeping track of multiple passwords, which can be time consuming, confusing and frustrating. However, using only one password for multiple accounts is worse.
“If you use the same password on all of your online accounts and your email account credentials are guessed or otherwise gained, the perpetrator can access your email account and see from whom you receive messages,” said Jeff Bell, CEO with LegalShield. “When you have the same login credentials for your bank as for an email account, the perpetrator now knows where you bank and how to access the account online.”
Using password maintenance programs such as F-Secure, aWallet, Roboform and Thycotic is one way to protect your accounts and data, changing passwords monthly is another.
“Once the password manager program is established, the user needs only to remember one master password and the program takes it from there,” Bell told MainStreet.
Another method is to create a passphrase instead of a password by enlisting the first letter of each word in a phrase and substituting numbers instead of letters.
“Develop one password base of at least eight characters that is easy to remember, contains lowercase, uppercase and numbers,” said Praveen Puri, a software management consultant. “Develop a rule to create passwords for sites by combining your base with characters from certain positions in the site URL.”
--Written by Juliette Fairley for MainStreet