WASHINGTON — In an era where individuals have passwords for each of their multiple devices, online applications, emails and programs, the risk of any or all of them falling into the wrong hands grows every day.
If you are a Comcast customer you might know that keenly enough — just last week the company reported that it had to reset some 200,000 email accounts after it was confirmed a black market site was selling Comcast emails and password information online.
So what is a user to do? Some folks have been relying on password managers, which are applications that take all of its customers’ passwords, and encrypts and secures them together for safekeeping. Users need only one password “key” to access them all.
There are a host of these products online, and some of them are even free, such as LastPass and RoboForm.
Ken Colburn, founder and CEO of Data Doctors Computer Services, tells WTOP that password managers provide an additional firewall for people who tend to use weak passwords, or worse, the same password for most of their electronic computing.
In the rare event a manager were hacked, he noted, the encryption on each password would give the company a pretty good head start for alerting its customers to reset their master keys before any damage is done. This is what LastPass did when it was hacked in June.
“The bottom line is, from an overall risk/benefit standpoint, it’s still a much better way to go,” Colburn said.
Users should always use long passwords and unique passwords to keep their data safe, he noted. Then there is the “low tech” way of protecting passwords — write them down. If this sounds counterintuitive, Colburn said, it’s really not.
“What’s the total number of people that might have access to a piece of paper buried in your desk — 10, 12? — verses using the same password, where the likelihood of one of your accounts getting breached is almost certain,” said Colburn. “Again, you’re analyzing the risk.”
Of course, if making a paper list, be smart, don’t using any identifying information and use coding only you can identify, he said.
“You can literally go to the old sticky note on the screen with your own [paper] encryption system and that’s still more secure than using the same password on all those accounts.”
