The New York Times has a very good article today talking about the insecurities of passwords. In a nutshell they explain how key loggers, Phishers, scammers and hackers are capturing passwords, no matter how secure or complex the password itself may be. They also call for the use of cryptographically encoded methods to secure logons and how OpenID could be used to eliminate the need for passwords all together. I have said this before and agree with them.
Since this is not a very viable or widely available option yet, there are a few things that you can do now to help protect yourself;
1. Don’t click on un-trusted links – If you frequent a website, save a link in your favorites and ONLY use that link to go to the site. By doing this you will avoid phishing scams and redirects.
2. Use a different password for every site – If you lose your only password then the hacker will own all of your sites. If you loose one password, but have different passwords for all your sites then you will be relatively cushioned from the damage that they can do.
3. Use a password manager – Use a password manager to keep track of your passwords. Be sure it is a trusted program or device that uses strong encryption.
4. Never write your passwords down.
5. Don’t share your password with anyone – When it comes to secures, trust no one.
John "Mike" Wright