What do you do with your passwords?

Written by on October 15, 2013 in BillingViews, Guest Blog with 3 Comments

Something that affects all of us in both our business and personal lives is password security. As we do more and more online, especially in the payments space, we have to remember an increasing number of passwords. It seems like every week there is another website security breach (and I always wonder about the ones we don’t hear about!) which makes it vital to keep everything unique. You really don’t want that password from a hacked shopping site letting a malefactor get access to your corporate servers, your bank account or even your Facebook profile – it’s not going to end well.

Managing all these IDs and passwords is a huge challenge and the only way to do it in a secure manner is via an encrypted database app.

What surprises me is that more businesses don’t mandate the storage of passwords securely.

Employees are told to keep them secret but how? Relying on human memory is a risky strategy and the result is employees using the same password across multiple applications and quite possibly putting them on Post-it notes!

“The recent Adobe security breach is one of the biggest of it’s kind in the last 10 years. High profile attacks like this grab the headlines but the reality is that nearly 80% of businesses of all sizes have, to their cost, suffered a security breach,” says  Mike Newman, CEO of cloud password management firm my1login. “The high profile incidents create a wave of renewed interest in corporate security but the reality is that within a few weeks complacency will set in leaving companies vulnerable to the next attack.”

I’ve been using 1Password across my iPhone, iPad and Mac for a while now and last week Agilebits released their new version for the Mac – 1Password4. This is a significant upgrade involving a complete rewrite of the code and adding both a new look and new functionality. The app has many great features including prompts to save new passwords when you enter them on websites, a mini mode that sits in the Mac Menubar, browser extensions and my favourite; the Security Audit.

The Security Audit (see below) shows you which of your passwords are weak, which are duplicates and which are old enough to merit changing. This analysis is vital in understanding where the weaknesses are in your password inventory.

This quote from the 1Password website sums it up:

Why 1Password? Because your mother’s maiden name and your dog’s birthday haven’t cut it as a password for a long, long time. 

Because reusing passwords has never been a good idea. 

Because “secure” and “convenient” never worked together in a sentence until we built 1Password.

1Password supports iOS, OSX, Windows and Android although you’ll have to wait a little longer for new versions for Windows and Android.

If you do one thing to improve your password security it should be to download an encrypted password storage app and I would suggest it should be 1Password.

You can follow Jonathan on Twitter at [@sevendotzero]

Security audit

Tags: , ,

About the Author

About the Author: Jonathan has been working in payments for 18 years covering digital money, identity verification, telco billing, finance systems and consumer payment services; in both startup and corporate environments. Most recently, his experience is in developing alternative consumer payment models. "I'm passionate about removing the friction and frustration from payments. The convergence of payments and mobile technology and its impact on consumers fascinates me." You can follow Jonathan on Twitter at @sevendotzero .

Subscribe

If you enjoyed this article, subscribe now to receive more just like it.

Subscribe via RSS Feed

3 Reader Comments

Trackback URL Comments RSS Feed

  1. Peter says:

    Absolutely agree with the dispair that companies don’t provide or enforce any form of tool for password management. I find it astounding.
    Inevitably people will have their own favourites for any genre of application they use and it will usually be as much a religious debate about which is the best. My preference here is for KeePass, primarily because it’s opensource so you can see the code to ensure there are no backdoors and also because it’s free! The database access can be controled through a master password or a keyfile, or both and the auto-type feature uses “Two-Channel Auto-Type Obfuscation” rendering keyloggers and clipboard spies useless. However, everyone to their own which suits best.

    • Mark Brown says:

      Hi Jonathan,
      I agree. Pretty much everywhere you go online you need to register and create a password. I’m all mac’d up these days and use eWallet which not only syncs across iPhone, iPad and Mac but also allows you to securely login to any website in a managed wrapper window. Only need one password now. But what happens if that is compromised?

      Cheers
      Mark

  2. JJ says:

    Thanks for the comments. Keeping your master password safe is clearly key. Good entropy plus remembering it and maybe sharing it with one key person are good strategies.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Top