How many online passwords do you have to remember? Five, ten, more? Or do you use the same passwords across several sites? Perhaps you use cloud-based practice management software. Maybe you do your banking online or you have your details on several therapist directories. And, of course, all of us have accounts with a number of online shopping companies. It’s vital that we keep our passwords secure.
Iain Nash is the CEO of Siario, a web-based programme that enables clients to work on CBT exercises between sessions using their mobile device or PC. He’s written a guest post for us about password management.
One positive outcome from the recent Heartbleed exploit is that people are beginning to think a little more about their password practices. This is a short intro into how to best manage all of your on-line accounts.
At its heart, security on the internet can be broken down into two components;
- Things you know (passwords)
- Things you have (mobiles, security fob)
Most websites focus on the first component and require you to have a password to access your account. However, many websites now allow for ‘Two Factor Authentication’ which means that after you successfully enter your password, you are required to enter a code that has been sent to your mobile. This is very strong security as the chances of an attacker having access to both components is low.
Gmail, Twitter and many other popular websites offer this service and you should avail of it.
When it comes to passwords, standard practice is for a person to have a somewhat complicated (and short) password which they use across a range of sites. This is not good practice as these passwords are often easy to crack (malicious computer networks can try hundreds of thousands of guesses an hour) and once they have been cracked, the attackers will try this password on other popular sites.
Best practice is to use a ‘Password Keeper’. These are programs that will generate strong and secure passwords for each of your on-line accounts and store them so they are easy to access. Personally, I use 1Password, which is cheap program that lets me sync my passwords via Dropbox across my personal and work computers and my mobile. LastPass is another popular (paid) program while KeePass is a popular and free alternative.
Password keepers ensure that your passwords are hard to break and also unique to each of your accounts, so that if one account is compromised the attacker will not able to use that knowledge to access your other services. Your password file will be encrypted to a strong level. You then simply need to remember one strong password, and this gives you access to all your other passwords.
By using a combination of strong passwords and two-factor authentication (where possible), you are reducing the chances of an attacker gaining access to your account by brute force. If an intrusion into your account then happens (perhaps by the attacker hacking your account directly) you also have also isolated them from gaining access to your other accounts.
Do you use a password keeper? Or, are you considering using one? Do you have any questions for Iain about online security or encryption? Let us know below.