That's right. It's time to change your passwords. The internet needs to start looking at this topic as if it were daylight savings time. We all know it is a pain in the ass but it truly is a necessary evil. People like to take this time to replace the batteries in their smoke alarms, change the filter in the furnace, or swap out their snow tires. Let's all add changing our passwords to the list. I recommend twice a year minimum but I know what everyone is thinking so at a bare minimum do it as part of your spring cleaning. You will be glad you did and let me explain why. While we are at it, I will explain how to make them strict AND easy to remember.
If you haven't paid attention recently in the news (not just tech news) there was one of the biggest melt downs of cyber security to date. Possibly the biggest: The HeartBleed Bug. I am not going to go into any detail about it; you can read about it HERE or you can watch a colleague of mine talk about it HERE. To say the least, it made about 2/3rds of the websites you frequent vulnerable to"the bad guys."
BUT DONT PANIC
There is a good chance that this bug didn't affect you. However, there is a high probability, 70% chance, that you have already been compromised elsewhere or will be in the future. How do I know that? That is the nature of the internet today. In the last 12 months there have been multiple breaches of security at some very commonly used websites. Here is a chronological list with the respective amount compromised from InformationIsBeautiful.net.
I like to pick on the Adobe breach from late last year 2013. You can go here: https://haveibeenpwned.com/ to check and see if your email address was involved in that breach. It will check your email address against 19 different site to see if you were part of the leaked information. If you were, there is a very good chance that your password was released in clear text along with your email address. That means that every site where you use that email address as a login account AND decided against using a different password for each service, has now been leaked to everyone on the web. How so? Well, if you are like me (and most other people) you use that same sign in almost everywhere that lets you. If you can't use your email address, you use everything leading up to the '@' sign. Right? And that is bad.
There are sites out there that will show every online service where you have used that logon name. They may not ALL be you, but you get the idea. My favorite is http://namechk.com/. Go there, enter in your username, and watch all the sites populate. Now if you are like a vast majority of the internet, you use the same password for every site. Nervous Yet? You starting to get why that is a bad idea?
Now listen up! Time to use a different password for every website/service you use. It really isn't that hard and I'll prove it to you. You can use https://howsecureismypassword.net/ to test your passwords. The greener your screen is, the better your password. You will catch on. It is actually kind of fun to test different passwords and pass-phrases.
PASS-PHRASES?... YOU ASK. Yup. That's right.
SIZE DOES MATTER!
And that goes for everyone. So my quick tip to get you on your way. USE PASS-PHRASES! Type a sentence. Something easy to remember but make it >20 characters long. To make it different at every site just add something unique about the site to your sentence either at the beginning of the phrase or the end. You will have password security licked in no time.
As for a list of amazing resources... Well I can't let you go without that.
Now go change those passwords and come back here in 6 months to do it again.
And if you don't have a password set on you home computer or only have one user account, you better checkout my pervious post.