I hate passwords. I don't know why we are still using them. Tom Cross (@_decius_) wrote a piece on TechNewsWorld much more articulate than I will put together here if you want to understand why we should quickly get away from passwords.
The Lamest Holiday Ever
Over the years I've developed a ritual called "Password Day." Twice a year I go through all my online accounts and change the passwords. When I started creating online passwords around 1990 on bulletin board systems (and later the Internet) I would use the same password on all accounts and change them on Password Day. In 2012, a security consultant worth their salt will tell you to use a different password on each site. I would tend to agree because a few years ago I found a common password of mine on display on a hacker's website after they had extracted an unencrypted listing of usernames and passwords from a service provider I used (canceled that week, of course.) Up until that point I used three tiers of password (1) sites I didn't care if they got hacked, 2) sites that would annoy me if they got hacked and 3) sites that would make me faint if they got hacked.) So I had three complex passwords (at least for tier 2 and 3) that I would change twice a year. I realized that wasn't going to work as hackers became better organized and incentivized. I needed to have a better system.
Giving into Password Management
A few years ago I moved to using a unique password on every site. My memory is barely good enough to keep up with where I parked my car and when my anniversary is. I had trouble enough with 3 passwords. As I just completed celebrating my most recent Password Day I had more than 300 sites that I have logins into. Needless to say I had to use something beside my faulty memory to manage all of that. I looked at a lot of solutions and finally landed on RoboForm. It generates all my complex passwords, it records them and synchronizes them across machines for me. I know what you are thinking "What happens when a hacker breaks into your RoboForm data?" The answer is two fold: 1) RoboForm goes out of business and 2) Password Day comes early for me. It's a horrible "solution" but it's the best I can manage as long as we continue to use passwords for authentication.
Two Factor Authentication
This Password Day Season I added another step into the process. For all the services that supported it (Google, Facebook, etc) I enabled two factor authentication (at least a facsimile of it) by requiring a text message to be sent to my phone when logging into my account from a new device. This seems more like a road bump than a security barrier for hackers as smartphones increasingly become targets of attack, but I guess I'll take what I can get.
Now that Password Day is behind me, the count down starts again; less than 6 months to go! Here's to hoping I don't have cause to celebrate early.
