Some people say that because of innovations in information security, password protection is yesterday’s news, but I would argue that it is still our first line of defense. Think about it: many encryption solutions require the use of a password or PIN to encrypt/decrypt items; you have to enter a password to access your email or online account; if you’re cognizant you probably also use password protection on your computer or smartphone.
So why is it that so many of us still disregard the importance of a strong password and resort to bad habits?
At eCrypt we’re proponents of good password habits, and try to instill in people that using a weak password is like locking your home with a suitcase lock. We can spend all the money we want on security systems, but if we don’t securely lock the door, what do we really accomplish.
But don’t take just my word for it,click here for the Twitter story.
One tidbit of advice that I urge you to take with a grain of salt, is the use of hosted password store services…primarily because I do not believe that entrusting someone else with that kind of data is very secure (regardless of claims).
I believe that unless YOU have control, you DON’T have privacy.
Remember the Data Locking Company? They charged a premium for a service that was supposed to ensure “that [user’s] private communications remain private”, and yet, that proved to be a grave untruth.
Remember Hushmail? They are well known for providing a free encrypted email service, with a client side encryption plug in (that means that the data was encrypted on the user’s browser before being saved to Hushmail’s server). Hushmail advertises that not even Hushmail employees can see your data. But it has been revealed that with a click of a key they are able to access this private data in plaintext.
Mandate alone can’t prevent an immoral person from exploiting you, or your information. We need to adjust our habits and put up effective technical blocks.
Heed the warning – don’t make yourself an easy target.