Autumn is password-changing time

Just the other day I read about yet another hack. Millions of passwords stolen. And to me that says it’s time to change those passwords again. Yes, I know. I just nagged you about this in February. But you didn’t listen back then, did you? Be honest.

Stolen passwords are just the same as stolen money.

Even if you use a different password for all of your financial web sites, and even if that password is different from your email password, there’s still a lot of risk there. Companies like Google and Microsoft try to make it easy for you to save your passwords and retrieve them if you need to. In other words, with nothing but your Microsoft account password or your Gmail password, a thief can get hold of all your passwords. It doesn’t matter if they are all different.

It’s a good idea to not only change those passwords but store them offline and clear out your password manager every so often. Luckily, with cooler weather and shorter days, you’ll probably be spending more time inside. Now is the perfect time to set new passwords.

The best way to stay secure…

…is also the most annoying. You could choose a separate, unique password for each site and never store it online. You could put that password in a real, paper notebook and store it in a locked safe that is not easily accessible. But let’s be honest, you won’t do that. It’s too easy to save passwords, to log in with Google or Facebook, or something like that.

The next best step is to use a password manager like LastPass or 1password. I have used this sort of thing before and it strikes a good balance between safety and security. Personally I just started using a different method and I hope you will too.

Use Google’s own service against them

I’ve recently created several Google accounts that I just use to store passwords. Now, I’m not going to tell you what the addresses are because that would be stupid. My main Gmail account doesn’t have any stored passwords for any site I care about. If I’m going to log into any financial site, I log out of Chrome from my main account and log into one of my other dummy accounts. These have stored passwords for my financial stuff but nothing else. It’s a little bit of a pain to log out and in again but I feel more secure. I never do any browsing with my “financial” account and I never do anything financial with my main Google account.

Check out PayPal

I recently had a scare with paypal. When I logged in to change the password, I started poking around the security settings. I noticed that Paypal was connected to a LOT of sites. Pretty much every site I ever used it on. I started removing access to these sites and leaving only the ones I actually shop at regularly.

Unfortunately at this point Paypal notified me that some of these sites had set up “automatic drafts” and that I could not remove them. No automatic drafts were set up and Paypal didn’t show any of them. I actually had to call them on the phone and find out what went on. They claim these were sites set up using older versions of the paypal protocol and that it was a common issue. But I’ll tell you it scared the tar out of me.

Don’t just ignore this article this time.

It’s really best to do some password maintenance about every six months. No it’s not fun but think of it as just another way to mark the passing of the seasons. Spend a little time and you’ll sleep a lot better.