Tuesday, January 22, 2013
(I) Feb 1st - Change your password day - Gizmodo (snicker)
Hmmm a 'National Change your Password Day', would that really work?
First off, it's not your password that's bad, it's what you do with it, it's YOUR BEHAVIOR!!!!
If you have a crappy password aka short < 8 characters and use it everywhere, then changing it won't do you any good, it will still be a crappy password.
Now a 'National Manage your Credential Day' makes more sense. Really, October is Cyber Security Awareness month, but lets go with it... If you resolved to improve your credential management, that means the whole process of managing your usernames, passwords, accounts, sites you use, etc. then that would make sense.
We need to actually start managing our credentials before we change a password to really make a difference. How many of us in IT or InfoSec have a SmartPhone and use 2-factor Auth like The Google Authenticator App or a YubiKey? It's low I'm sure ;-(
Start by using a Password vault like LastPass or Password Safe (with YubiKey or Google Auth) and capture all the sites and credentials you use and start managing them. Then if some site you use gets popped (and it will) you can change your passwords quickly with a good long random password and be safer then you are now.
I guess Gizmodo didn't learn from being popped themselves.