Time to change all your passwords again

In the last several weeks there have been a number of low-key announcements of data breaches. Unlike the Target or Yahoo scandals, they’ve been mostly kept quiet. However, that doesn’t change the face that close to a million email usernames and passwords are potentially out there. Yours could be one of them.

What to do about passwords

Well the first thing to do is change them. If you haven’t changed your email password in a long time — I mean two years or more — change it. Change it to something more secure, not just another one of your kids’ names. Change as many passwords as you can. Anything that associates with some sort of payment should have its own unique password that isn’t shared with any other site.

That’s right, if you’re still using polarvortex1 as your password for literally everything, it’s time to rethink that. It’s probably ok to use passwords over and over if they’re not tied to anything financial but if there’s money involved you should absolutely be using a set of totally unique passwords.

Take a look at the passwords for your social media, email, and banking. These are the ones hackers will look for and these are the ones you should change right now if you haven’t done it recently.

Password manager or just “log in with Facebook?”

Most people who have a lot of passwords do one of two things. They either use a password manager or they login with their social/email credentials.

Password managers

Password managers can be separate programs like 1Password or just the built-in system on your browser that lets you save your passwords. Google has really done a good job of password management in Chrome, and if you save your passwords there you can retrieve them by going to passwords.google.com or looking in the options menu. It’s as secure as it’s going to be, although all of Google’s products suffer from the same problem: If someone gets your Google password they get all your passwords.

Log in with Facebook (or other systems)

Google, Facebook, Twitter and other major sites have programming interfaces that let other web sites use them for logins. You’ve seen this before, where you can simply connect your Facebook page and you’re logged into another site.

This is easy and cuts down on the number of passwords you have to remember but it also creates a problem. If someone hacks your Facebook then they have access to all these other sites too.

What to do?

There’s really no good solution. That’s what’s so annoying. The average person probably goes to 50 passworded sites on a daily basis. Entering all those passwords and not saving them is a major drag and could take up a massive amount of time. Creating a unique password for every site is time-consuming and if you don’t use a password manager, how are you going to store all those passwords? On a notepad which you store between the mattress?

You could just do what folks did in the 1990s and keep all your passwords on a sticky note taped to your desk. You could create an Excel spreadsheet, print it out and put it in a pendaflex folder called “passwords.”  Obviously neither of those solutions are going to work very well.

Every so often someone talks about coming up with a new way to deal with passwords. Cell phone companies have done a reasonable job with biometrics. You can unlock your phone with a fingertip or your face. This is a great idea but it doesn’t seem like it’s migrating to regular web sites yet. It wouldn’t be very secure for Apple or Samsung to share everything about their biometric technology with everyone. Still there could be some way that their systems could pass along a “yes that’s really me” kind of message, right? And this same tech could be added to PCs.

Of course I worry with biometrics that the endgame there is someone holds you down and cuts off your finger. This doesn’t seem to be happening on a wide scale yet but it seems like it’s just around the corner. Even the surprise Netflix hit You has the bad guy cut someone’s finger off to ensure continued use of their phone.

The problem is that today, there’s nothing you can do. You can start by changing your passwords, though. That may not be much but it’s something.