Well maybe it is just the time of year, or maybe it's the time of man (extra points if you know what songthat is from), but password thefts are popping up all over. First, the Spyder Labs folks at Trustwave found a treasure trove sacked away on some server with over 2 million stolen account logins. They were stolen with the Pony Botnet for sites like Facebook, Google and even payroll provider ADP. Now comes word that Chase Bank suffered a breach which exposed the information and passwords for almost a half a million customers.
All of this points to why you should not wait. Go get a password manager and start using it right now. There are free ones you can use as well as ones that are reasonably priced. I have written about LastPass, which I've used before. Now the folks at Roboform, which I have used as well, are also offering their great product for free for a limited time.
The bad news is that analysis of the stolen passwords reveals that the most popular ones are still 123456 and password1. Too many of us pick ridiculously easy passwords so we can remember them. Of course, there are others who say no big deal if my Google or Facebook account is hacked, there is nothing valuable there. How many of those same people also use the same password for their online banking or work logins?
Even if you do use different passwords for different sites, a keystroke logger can record and steal all of them. Using many of the better password managers, your password can be automatically filled in so that a key stroke logger does not record it.
Password managers can automatically generate passwords that are both random and complex. You don't have to worry about remembering them as the password manager will do it for you. They are cloud-based and many work on mobile devices. There are no excuses any longer. Get a password manager and start using it right now.
The Roboform offer is pretty good. It is a full year free of their anywhere product that will work on laptops, desktops, mobile devices, even USB sticks.
So don't wait, get a Password Manager. Don't use the same passwords at multiple sites. Don't use silly passwords like 123456.
Your accounts are at risk. Whether you realize it or not, there is valuable data that you could be putting at risk as well. Do yourself, your company and your friends and family a favor. Get a password manager right now!
As co-founder and Managing Partner at The CISO Group, Alan Shimel is responsible for driving the vision and mission of the company. The CISO Group offers security consulting and PCI compliance management for the payment card industry. Prior to The CISO Group, Alan was the Chief Strategy Officer at StillSecure. Shimel was the public persona of StillSecure as it grew from start up to helping defend some of the largest and most sensitive networks in the world.
Shimel is an often-cited personality in the technology community and is a sought-after speaker at industry and government conferences and events. His commentary about the state of security, open source and life is followed closely by many industry insiders via his blog and podcast, "Ashimmy, After All These Years" (www.ashimmy.com). Alan is now also a regular contributor to The CISO Group’s security.exe blog and podcast. Follow him on Google.
Alan has helped build several successful technology companies by combining a strong business background with a deep knowledge of technology. His legal background, long experience in the field, and New York street smarts combine to form a unique personality.
Disclosure: The CISO Group sells a software-as-a-service PCI compliance application called SAQPro. The company is independent and does not represent any other vendor's products as a reseller.
Policy on comments: Respectful discussion is welcomed! However comments that use inappropriate language, consist of name calling or personal attacks, or include accusations of wrongdoing are not appropriate. Those comments will be deleted or edited.