Over the past several weeks I have been practicing what I preach about password protection. I changed all my passwords to each of my online accounts to a unique password with a minimum of 20 random characters. I thought this would be a fairly simple thing to do. I decided on a common password manager, and started by importing my Google Chrome and Firefox password repository.
Looking through the list once it was imported, I saw 80% out of the 192 personal and business online account passwords where duplicates and the remaining were very close. I have to admit I was appalled and concerned in my actions given what I do. Never the less I hunkered down and began the arduous effort in securing my life.
After many days of changing passwords, purging existing password repositories, tracking down old logins, switching to two-factor, and configuring each of my mobile devices and browsers my journey was complete. I have to say it was not simple. Maintaining online accounts requires vigilance and attention to detail.
I found how important password managers in browsers or specific applications are given the sheer scope of my online presence. I used this experience as a training moment for myself so I can pass it along to the members of my team.
What I discovered first hand is the security industry and “security providers” do not make things simple. In fact if we take an average person, and lets use my parents as an example, they would not be able to manage their online presence very easily because of how far along they are in their online presence. Having them enable two-factor, then configuring the text based authentication or an authenticator app, then configuring a random password would put them over the edge. It would cause them to revert back to using the same weak password because it’s the path of least resistance.
While its awesome to be able to use pass-through authentication from Google, or who ever, to access Twitter, LinkedIn, or Facebook, and while this is pretty secure, the fact is its a single point of entry if the machine is comprised. I know end-point protection is a must, but end-point protection is only as good as what they know, and historically speaking isn’t the most reliable.
While security is better, I could write an incomplete book on the different vectors attacks and data breaches. We still are very far away from where we need to be. All I can say is that attacks can come from anywhere, even your parents cable network to trusted vendors. Assume no path to your data is safe. Build your network security with this in mind and be safe out there.