The hack last week of Alaska Gov. Sarah Palin's personal email has sparked a ton of commentary, but the best I've read so far is a column on Datamation.com.
The column, "The Security Lesson in the Sarah Palin Email Hack," by Adrian Kingsley-Hughes, points out what the biggest security problem is in such hacking cases -- it's the ubiquitous "Forgot Your Password" link.
Now, I don't know about you, but I detest all the passwords I have to keep in my grey matter. Lately, with the emphasis on social networking sites, I now have 10 more accounts I have to manage, in addition to the passwords I have to remember for my system, my work email, my personal email, my banking, my work applications, AT&T.com, Netflix, and on and on. You know the drill. One of my nightmares is this: I wake up, and I've forgotten all my passwords AND my ATM PIN.
I've tried many different ways of remembering passwords, short of tattooing them on my arm. I write them in my daytimer. Then I can't find my daytimer when I need a password. Or I create a folder on my desktop with certain passwords. That's great, unless I use a different laptop. I've tried writing them on my whiteboard, but that's no good when I'm at an Internet cafe.
Anyway, Kingsley-Hughes makes 8 strong points about how to protect and save your passwords. Numbers 3 and 8 are the ones I need to heed the most. They might be a good refresher for you too:
3.) Store all your passwords in a safe, secure location. I use a program called PasswordSafe which is free (open source), easy to use, secure, and allows you to make easy backups of the password database and even migrate the databases onto multiple systems. PasswordSafe will also generate secure passwords. Since you'll have all your passwords stored safely (and backed up), you'll never need to use the "Forgot Your Password" feature to get into your account.
8.) If you still want to use the "Forgot Your Password" features ... then consider using information that very few people would know. Your favorite color or the name of your first pet might not be known to many people, but be careful that you don't inadvertently post this information onto your Facebook profile, on MySpace or in a blog! Also, try to have a disconnect between your username and your real identity ... so timmyboy773@somethingorother.com is more anonymous than timothy_j_boyman@ somethingorother.com.
Comment and Contribute
