"An unarmed man can only flee from evil, and evil is not overcome by fleeing from it." - Col. Jeff Cooper

Monday, June 14, 2010

A hard lesson learned about passwords

I have worked as an I.T. professional for the last 13 years. I understand strong passwords and have always used something that a dictionary attack could not touch. However, I learned last week that this is not enough.

I use gmail for my primary email address. I've move and changed internet providers enough to get sick of having to send out my new email address to everyone each time so it is just easier to use a web-based email address that doesn't change. I use a complex password, but I use the same password on everything that has any secure info, like on-line retailers that store my credit card or my bank or paypal, etc... I use a simpler one for stuff like forums and news groups. That way, I only have 2 passwords to remember.

Last week, my wife and I went out to enjoy the nice weather in her convertible. I'm out of work right now so I have my gmail account setup on her Blackberry so I can see if I get any emails from recruiters while we are out. About an hour after we left the house, my gmail account got flooded with postmaster undeliverable emails. Apparently, someone hacked my password and sent out spam to everyone in my contacts. I found the nearest public library, jumped on the 'net and changed my password and sent out a warning email telling everyone what had happened and not to click the link. When we got home that evening, I changed the password on ALL my accounts that used that password but it took forever to find one that fit all the different sites requirements.

I decided to do what I should have done years ago. I needed a unique, complex password for each site so that if one did get hacked, the others weren't in danger. To do that, I needed a good password manager application so I could remember them all. After some research, I downloaded a nice little free app called KeePass. It works great, and if you download the portable version you can keep a copy on a usb flash drive on your keychain so you always have it with you.

I just thought I'd share this so that maybe a few of you can learn from my mistake. There are lots of different free password manager apps out there. Get one and use it. Crap like this really does happen.

Stay safe out there and watch your six.
Posted by Sean at 11:33 AM 0 comments
Subscribe to: Posts (Atom)