Since we’ve discussed the cloud and its pervasiveness (and it’s still in its infancy really) many times in this newsletter; we want to cover another subject which we’ve written about often in these pages: passwords.
We’ve received dozens of emails from people who are really afraid of what the cloud may bring in the way of security breaches and stolen sensitive information. And while that is a big concern, it doesn’t change the fact that the cloud is here to stay.
When the automobile became popular at the beginning of the 20th century, there were horse and buggy users who were sure that the automobile was the tool of the devil. There were dire predictions of death and destruction that would surely result if the car replaced the horse as the main form of personal transportation. All the craziness and all the worry didn’t stop the automobile from replacing the horse – and all the worry and concern about potential security risks with the cloud isn’t going to stop the cloud from eventually replacing our personal desktops.
The reason is convenience. It took folks day to travel hundreds of miles in a horse and buggy – but only hours in a car. It didn’t take a genius to figure out who would eventually win that battle. And it doesn’t take a genius to figure out that if you can access your programs, email, documents and the Web itself, from many different devices and operating systems, that it’s eventually going to win out over the Windows desktop computer tucked away in a room in your house. You have to go to your computer to access your files, programs, email, etc., whereas with the cloud, everything comes to you – wherever you are.
Those who operate cloud-based applications have made great strides in security – despite the occasional articles about data breeches. On thing that hasn’t changed are the people who have computers and who, either willingly or dragged kicking and screaming to it, will be using the cloud in the months and years ahead. They’re going to be using simple, crackable passwords for one reason – convenience. Most people use simple passwords simply because they’re afraid they’ll forget them if they make them too random or too strong. And they’ll love to blame the cloud if their account is hacked and their private data stolen. But it is far more likely that individual breaches that result in personal data loss will stem from weak, easily guessable passwords than from a server data breach.
It’s your data and it’s your job to protect it – not someone else’s. You lock your house when you’re not home and you lock your car when you’re not in it. It’s your job and your responsibility to lock your online accounts with a strong passwords. And if you’re one of those who use the same weak password for everything – you’re just asking for big trouble in this new age of the cloud.
We came across a really great article about passwords this week. It’s one of the best we’ve ever read. We’d like to share it with you – if nothing else it points out in plain English how quickly weak passwords can be guessed and breached. It’s not an article written to scare you – it is an article written to inform you. Please take a few minutes to read it:http://www.baekdal.com/tips/password-security-usability .
After you’ve read it – and if you’re convinced it’s finally time to do something about those weak passwords, remember there’s no easier or safer way to protect your accounts than using a good password manager with a built-in password generator. If you don’t want to pay for one, LastPass ( www.lastpass.com ) is a good choice. They offer a free version that works well. TC has been using LastPass on his Windows 7 laptop for well over a year. It does everything you need a password manager to do, it does it well, and it is easy to learn and to use.
An excellent article. Now all I need to do is learn how to impose penalties & time delays! TC or EB any suggestions?
I was wondering how to impose penalties & time delays as well. I’ll watch for an answer to this…thanks.
I am not sure what you mean by “impose penalties and time delays” in regard to passwords. Certainly Web sites are not going to assess penalties and time delays for weak passwords. We all have to take a certain amount of personal responsibility – and one of those responsibilities is to use strong passwords.
I am using Last Pass, so do I need to change my passwords for my Bank and other sites I have in my Last Pass Vault? Would Last Pass’ encryption of new and more complex passwords make me safer? Thank you so much for your seemingly tireless work you both put in to keeping us all safe and happy. Cheers, Thea.
It depends on the strength of your current passwords; if they’re 9-12 characters/numbers/letters then you wouldn’t need to change them. If your MasterPassword is weak – then you’re other passwords are vulnerable. So make sure your Master Password is strong.
Somewhere there is a site which allows one to test the strength of passwords. Would you be kind enough to give a direction for this. Had it but lost it (tee-hee)