Tuesday, April 22, 2014

HASA How-to April 2014: password security

As you no doubt have read, a major vulnerability in SSL (the secure channel used for HTTPS) has been detected recently, affecting many web sites.
We are pleased to confirm that HASA was NOT affected by this vulnerability.

However, this is a good time to review your password security. Good password security practices include:

  • Using a password manager, such as for instance LastPass
  • Change passwords every six months to a year
  • Never reuse passwords
  • Make sure passwords are at least 10 characters in length, include upper and lower case letters, have numbers and (if the site allows it) use non-alphanumeric characters.

At the very least:

  • Do NOT use your Facebook password on other sites. You can use an integrated login (if you are told "Log in with your Facebook account") because the other site is handing the information back to Facebook, no storing it locally, but don't reuse that password anywhere. Change it at least very six months - set a reminder on your calendar.
  • Use different passwords for each financial site you use (your bank, PayPal, credit card site, etc.)
  • Password protect your phone!
  • Let XKCD show you how to construct a super-secure password that is easy to remember

Safe browsing!

No comments: