Skip to main content


Showing posts from March, 2013

On Accounts and Passwords

I have some well-formed opinions on account security.  They have evolved over time as I have better understood the risks.  Unfortunately, I think the following list is good for all users everywhere.

The basic principle is to assume that nothing is secure.  Even if you keep your username and passwords secure doesn't mean that your bank, ISP, or Email provider keeps its systems secure.

Login Practices Always check for proper HTTPS/SSL security.Never use a link published in an email.Use disposable accounts whenever possible.  Your account for your knitting forum shouldn't have any relationship to your account for your bank.Only access sites with a good reputation, and a reputation that they need to uphold.
Password Practices

Never use the same password more than once.   If a hacker steals your password from DumbCo, you don't want that hacker to try that password at BigBucksBank.Change your passwords.  People steal encrypted passwords.  Over time, they could crack those encrypted…