Yesterday, I received a notice that Adobe had a security breach. I’m an Adobe customer. I used my Adobe ID for Creative Cloud and Adobe Digital Editions for loading library books on my Nook.
Adobe did a great job of being public about this, and forced me to reset my password. Security breaches happen, and Adobe has handled this well. Secret security breaches are much bigger of a deal.
To pat myself on the back, there is one thing that really helped me out in this situation- the password I used was unique to that account. I didn’t use that password for any other account.
As someone who works with the general public and have lots of conversations about accounts and passwords, I get having multiple passwords can be tricky. But it’s worth it for this reason. If someone stole a bunch of user names and passwords, and I use the same login information for all of my other accounts, whoever took those has full access to all of my accounts.
So, how do I manage having hundreds of unique passwords? I don’t. I paid for a application that generates and remembers passwords for me. I went with 1Password and I’ve used it for years. It recently was updated to tell me how long a password has existed on that account unchanged, so I can judge if it’s something that should be changed regularly.
So here’s how it works, when I start a new account with a company or a website, it will ask for a password, and I turn to 1Password to generate a password, which it then saves. When I return to that website, I invoke the program again, and it fills it in.
I’d recommend to everyone to shop for some sort of password manager. Recommended reading:
- How Secure is My Password - Password strength evaluator, and it will estimate how quickly your password would be cracked by a brute strength attack on an account.
- Lifehacker - Geek to Live: Choose (and remember) great passwords - Some really good tips for password creation on, and if they’re passwords that you have to remember because you sign in from places that aren’t your own equipment, good advice for making them memorable. Does it need to be pronounceable? How many numbers should go in there? How many special symbols need to go in there? Is it okay for characters to repeat? Should it avoid ambiguous characters like 0 and O?
So you can customize it. The “symbols” bit though is one that I’m a bit frustrated with because I like having symbols in it’s passwords, but a good number of accounts that will let you have a special character or two in there won’t allow some special characters. Like they’ll accept punctuation marks but not a / or a \, and I can’t figure out why exactly. Maybe because they’re UNIX special characters and that freaks out their system.
As an appendix to this comment I’ll just post a couple passwords that 1Password will generate for me:
Here is one that’s pretty much got the recipe cranked up to the max:
Here is a “pronounceable” one.
Here’s a kind of mingle ground one that I usually have to go for with services that don’t allow super long passwords.