TechCrunch runs down step-by-step exactly how a hacker broke into Twitter employees’ accounts and gained access to over 310 confidential company documents (and generally caused them hell). Lesson to be learned: Use strong passwords (and DIFFERENT passwords for every service you use), change them often, and use impossible-to-guess secret questions and answers. I recommend (and use) KeePass for helping you do just this.
BREAKING NEWS
- The 10 Best Link Building Services & Backlink Building Companies for Improved SEO (2023 Update)
- What Dads Need to Know About Getting Full Custody
- Top 6 Places to Live in the United States in 2022
- 5 Essential Qualities of Workflow Management Solutions
- 5 Copywriting Tips for Maximum Blog Engagement
- Exploring the Latest Virtual Trends and Innovation in Real Estate
- The Most Important Ways to Upgrade a Kitchen
- 4 Tips to Prepare You for the CPA Exam
- 5 Genius Ways Restaurants are Protecting Customers Against COVID-19
- Property Investors: Why Social Media is a Waste of Your Time (and What You Should Do Instead)
7 Comments
Mike Cerm
KeePass is essential. If you’re going to be safe online, you have to use different passwords for every site. Unless you have a really simple (and therefore, unsafe) way of creating memorable passwords, you can’t possibly remember them all.
Obvious pro-tip: Use Dropbox to sync your KeePass database.
charlie98
I use both KeePass and 1Password depending upon the OS. It is probably obvious to most of you but:
1. if you can create your own secret question(s) use KeePass or 1Password to create the question. make sure you generate a strong password as your question
2. regardless of the question you do not need to answer truthfully so again, generate your response as a strong password.
me.yahoo.com/a/nbExoX8jl…
I think it does not really address the issue that relying solely on passwords are not really the solution. Bruce Schneider posted a reference that having strong passwords for online accounts does not really achieve the desired result, http://www.schneier.com/blog/archives/2009/07/strong_web_pass.html
However, for something like company confidential information stored and shared on a service like google apps/docs, it may make sense to have dual factor based authentication, a password and something else. So something as basic as an SMS code texted to the registered user or only authorised devices (eg specific browsers) are given access or even one of those rsa type time based key thingees.
chandi
What about Macs ?? KeePass seems to be happy with windows only version …
duanehubbard
@chandi: I use KeePassX. It’s a port of KeePass for *nix systems (Mac included). I actually prefer it to the standard Windows only version of KeePass.
http://www.keepassx.org/
chandi
@duanehubbard: Thanks there! I use the standard Keychain Access … I hope this is better, anyways I will give it a try!
Tim Lytle
What’s the general feeling of passpack.com (or similar web based stores)? Security should be the same (as in the encryption of the passwords), yet keeping the ‘database’ on a 3rd party server somewhere just seems wrong.
But is it? It’s already encrypted before it’s sent.
On the dual factor topic, myopenid.com will call you (if you want) to verify a login. Wouldn’t it be nice to be able to choose your security/identity provider for ‘important’ things (seems like the sites that *accept* openid are all low-security).