How Many Passwords…
… Must A Man Write Down? – to paraphrase the great Bob Dylan. There is (yet again) a story of phishing against web based email in order to get passwords. This is not new – what has been picked up on this time (but has always been true) is that people use the same email for their bank as they do for their email and often everything else. So, if one is compromised, then they all are. So how many passwords do you need?
Well, you need to minimize the number – but not down to one. So, I recommend three. You can remember three relatively easily and you shouldn’t have to write them down. One for the bank – and only for the bank, this should be the strongest cryptographically (so some random numbers, letters and other characters). The next one is for things which involve money, so credit cards / on-line shopping sites / email finally one which is used for the rest – for those sites which require you to log on but only so they can track you.
One of the other dangers with email is that once there is access then the cyber-criminal can see who you do business with (including your bank). They can potentially then request a password reset – which would mean all your hard work keeping passwords safe was pointless. Having at least two email accounts can help you keep an eye on those emails which are important (bank, bills etc) and those which are just marketing.
Maintaining your digital information in the Internet Age is hard and requires a certain amount of vigilance. It also needs some common sense as well… so do remember to change your password regularly. Don’t share usernames and passwords with friends or family – and if you are somewhere which is Internet ‘unsafe’, such as a cyber-cafe, don’t log onto those sites which you would be afraid to be compromised. Finally, if anyone ever suggests you email them your username and password – for whatever reason – don’t do it. If you are worried by the contents of the email, make a phone call to clear things up.
Guy Bunker
comments
Leave a Reply
-
Connect with us
-
Get Email Updates
-
Recently Posts
- Spam is decreasing. Is it the beginning of the end for e-mail?
- Taming the tablet
- Free Wifi: Why do we trust it?
- The true cost of a data breach (Part Two)
- The true cost of a data breach
- The Ultimate Combination – Information Protection with Visibility and Audit
- Gaining Access Control
- O3 –Control in the cloud
- Mobile adoption has reached the tipping point, but businesses accept it’s time for a security reality check
- The internet explodes with gTLDs
-
Pages
- announcements
- Application
- Availability
- backup
- botnet
- Cloud computing
- Complexity
- Compliance
- Consumerization
- cyber-crime
- data centre
- data-loss
- Denial of service
- disaster recovery
- Education
- Green IT
- impersonation
- Information Policy
- Insider
- IT equipment
- Miscellaneous
- misleading applications
- Patching
- Phishing
- Regulation
- Reputation
- SaaS
- security
- small business
- Social Media
- Spam
- Speaking
- Storage
- trojan
- Uncategorized
- Virtualization
- Virus
-
Blogroll
- Ask Marian Consumer Security Blog
- Bruce Schneier’s Blog
- Con Mallon’s Symantec Consumer Blog
- Gareth’s BE Blog
- Get Safe Online (The Blog)
- Gizmodo Gadget Blog
- Jonathan Schwartz’s Blog
- Phil Windley’s Technometria
- Security Bloggers Network
- Symantec French contributor - A blog from the French pen of Laurent Heslault
- Symantec Guide to Scary Internet Stuff – Botnets
- Symantec Guide to Scary Internet Stuff – Drive-by downloads - Video explaining the latest security threats in simple terms, on drive-by downloads
- Symantec Guide to Scary Internet Stuff – No 5 Rogue AV
- Symantec Guide to Scary Internet Stuff – No 6 Denial of Service Attacks
- Symantec Guide to Scary Internet Stuff – No7 Pests on your PC
- Symantec Guide to Scary Internet Stuff – No8 Losing your Data
- Symantec Guide to Scary Internet Stuff – Phishing
- Symantec Guide to Scary Internet Stuff – Underground Economy
- Symantec podcast channel - A channel of podcasts on current security and availability topics from the experts at Symantec
- Toby Stevens’ Data Trust Blog
