by Gerry Schneggenburger
Chief Operating Officer, NWIRC

What do the following have in common: Yahoo, Marriott, Equifax, Capital One, and Facebook? Personal data, like customer name, address, birth date, and even social security numbers, were stolen from these companies’ repositories. Which corporation or government agency is next is anyone’s guess, but you personally can take a strong first step to fortifying your personal data defense. How?

  1. Use passwords at least 12 characters or longer, varying cases and utilizing numerical and special punctuation characters where possible. Know that password length always trumps complexity – so if you have to weigh the two, choose a longer one!
  2. Use unique passwords for financial websites or sites requiring personal data. It can be acceptable to re-use the same password for websites which don’t store your personal data, however, do not cross-use them for data sensitive sites.
  3. When given an option for two-factor authentication, in addition to a username and password, take it!
  4. Consider using a password manager like LastPass, DashLine, or 1Password.
  5. Finally – use a Master Password within your browser so prying eyes won’t see your list of saved passwords! For example, in Firefox go to: Options; Privacy & Security; Logins and Passwords; Use a Master Password; then follow the directions. If not used, prying eyes can view your password list via the ‘Saved Logins’ option. For websites holding financial and/or personal data, it’s advised that you decline the ‘save password’ option to keep it off the login list altogether.

Do I personally follow these rules? Yes – except I haven’t adopted a password manager. Like others, I struggle with security versus convenience. Due to the complexity of dozens of passwords I keep, and while it may not be a best practice, I physically write a list of financial and personal websites with user-ids and passwords on paper, take a picture of it to be viewed on my secure iPhone when I need to enter a password [but not uploading the pic to the cloud], and also place the paper list in a safe.

Regardless of tactics, please consider how you’re managing sensitive website application passwords versus those websites with less personally intensive data.

Gerry Schneggenburger has 30 years’ experience in business operations, IT systems development and engineering, database administration, and IT lean continuous improvement.