I actually find the Gawker1 situation a bit of a mixed blessing. If you work in the IT industry, I’m sure you know how frustrating it can be to explain to users the hazards of reusing passwords, of using short, simple dictionary words, and blah, blah, blah. All that oft-repeated advice fell on deaf ears, right? Maybe now that will change.
Chances are that some of your users are among those who own the estimated 1.3 million exposed Gawker-related accounts. But what if the passwords they used on those accounts match their personal email account logins or their office email and network logins? Public exposure to the hacked accounts means their mailbox contents (and your network at large) are now vulnerable to attack.
If you’re a network administrator, don’t wait to find out whether your users are involved or not: now is the time to force people to change their passwords. This is easy to control on an Exchange / Active Directory platform, but many non-Exchange mail servers will also allow you to automatically enforce password changes and set guidelines for requirements, such as combining upper and lowercase characters, and using numbers and special characters2.
If your users balk at having to create and use lengthy, random, difficult-to-remember passwords, there are a variety of tools available for free that will ease the process of creating and storing the passwords and more importantly “ remove the burden of having to remember them all. Here’s a sampling of the programs that I like:
Password creation tools:
- PCTools Secure Password Generator
- Hashapass: this one allows you to add nifty gadgets to your preferred web browser to create passwords on the fly
Password vaults:
- Password Safe
- LastPass: this one stores your passwords and can auto-fill them with a single button click so that you no longer have to remember them
Do you have any other tools that you like and recommend? Please share them here.
- 1. http://blogs.forbes.com/firewall/2010/12/13/the-lessons-of-gawkers-security-mess/
- 2. http://www.microsoft.com/nz/digitallife/security/create-strong-passwords.mspx
Actually, I thought I’d share a tool I’ve used for.. I don’t know, 10 years maybe?
It’s called AI Roboform. It’s very affordable (9.95$) and acts as a password generator and encrypted password vault. It also integrates directly into your Web Browser. I love this tool.