The most recent Twitter hack serves as a good reminder to revisit my password management methods. While this particular hack didn’t compromise Twitter’s servers, it did manage to redirect all traffic destined for Twitter to a server under the hacker’s control. If you had software running that periodically logs in to Twitter to check updates or post tweets (TweetDeck, Seesmic, or countless other clients) it may have been possible for the hackers to obtain your Twitter username and password. Not a big deal, right? Maybe, but maybe not…
You see, with access to your account, they can find your email address. If you use the same password for your email account, they now have access to that. Do any online banking? Now they can reset your online banking password using your email account and “bill pay” themselves with your money. So what’s the solution? I’ll tell you what works for me.
By last count I have close to 50 different accounts and logins, and I couldn’t tell you a single password to any of them. I don’t know them, and I don’t try to remember them. Most look something like this:
Tko&eqL#VQzU(7Ex5g36
I only bother to remember a few critical passwords, one of which is to my KeePass password safe. I keep all my other passwords, account numbers, PINs, and $3cr37 c0d3Z locked up in a KeePass database. It’s really easy to use, and there are a number of different versions for smart phones. I keep my database synced between my several computers with Dropbox, my keychain USB, and on my BlackBerry, so I always have access to my passwords.
The major advantage to doing this is that if one of my accounts gets hacked, it’s unlikely that the evildoers will be able to access anything else. If you have any thoughts on this or other ways to help guard your accounts online, let me know in the comments.
Leave a Reply