There has been a lot of news recently about data breaches at some well known companies:
Gawker (gawker.com, http://lifehacker.com/5712785/) who is a blogging powerhouse with popular sites like LifeHacker (lifehacker.com) and Gizmodo (gizmodo.com). McDonalds (http://www.pcworld.com/businesscenter/article/213345/hackers_steal_mcdonalds_customer_data.html) suffered a breach and Walgreens (http://technolog.msnbc.msn.com/_news/2010/12/10/5624759-hackers-steal-walgreens-e-mail-list-attack-consumers) too. Twitter (http://www.net-security.org/malware_news.php?id=1568) and Facebook (http://blogs.browardpalmbeach.com/cleanplatecharlie/2010/12/chipotle_facebook_hack.php) are almost under constant attack given the number of accounts they control.
While some breaches are done at the server or database level, those are rare. The weakest link in online security is still YOU! And specifically the password you use. A large percentage of people
still use simple passwords that are easy to guess and even easier to break for a criminal. And there
are some users out there that re-use that easy to guess password at every web site. This is a
cardinal no-no for online computing.
A lot of security experts recommend using schemes or patterns (http://www.fastcompany.com/article/work-smart-a-single-trick-for-remembering-countless-passwords) to create unique easy-to-remember but hard-to-guess/crack passwords. I've done this for years, and have not had any accounts of mine
broken into. But there is a better way: a password vault.
There are quite a few companies offering this type of service, but I'm giving my recommendation to
LastPass (lastpass.com). The system is easy to use, ultra-secure, and has passed many deep
examinations, including one by Steve Gibson (the inventor of the first malmare detection software)
which you can view or listen to here: http://twit.tv/sn256
The premise is quite simple. You create one ultra-secure password to access your LastPass vault and
they keep all of your other passwords safe and sound. You only have to remember the one to get in.
They also enable you to generate strong passwords for all of your accounts, so once you're signed up,
it's worth going around to your favorite sites and doing a password change. You will have access from any computer, using any Operating System, and any browser, so there are no limitations (or excuses) for not using LastPass.
Happy Holidays to everyone and be sure to stay safe in your physical and online worlds!
Posted by Phil Spitze, Network Manager