Managing Passwords In an Unsafe World
I used the same password for years—for everything requiring a password. Of course, back then I only had a few accounts requiring passwords—Windows didn't require me to log in and the Web hadn't taken flight yet. Over the years, the number of accounts grew but I continued to use the same password.
A few accounts tried to change my errant ways by placing strict requirements on the passwords I used, expiring passwords on a regular basis, and so on. However, it took a bigger event to change my old habits, namely a compromised server.
When one of my servers was compromised, it made me think about the amount of data the hacker had access to. Because most of my passwords across the server (and connected network) were identical, once inside, the hacker could have accessed almost anything on the network. If the hacker could also ascertain which web sites I frequented, my banking, credit card, and other financial accounts might also be in jeopardy of being hacked. It would be even worse if I misplaced my laptop, on which I do about 80 percent of my work and play. It was time to change my ways.
The security problem facing today's computer users is threefold:
Many local and online (Internet) resources require a password that complies with the resource's self-imposed rules. (My online bank account, for example, requires a password with at least "one upper-case letter, one lower-case letter, one number, and one non-alphanumeric character.")
A lot of data is now stored on mobile devices, which tend to be targets for thieves of all levels. Losing your laptop could compromise your employer's data as well as your personal data.
The recent rise in computer and identity theft places even more emphasis on using secure passwords: No more spouse names, pet names, or birthplaces!
In short, users should employ many unique passwords for each resource that needs protection.