Over at CSO Online, there’s a nice war story about tracking down and resetting 300 passwords.
I could pick nits at a few of his details, but that’s annoying and counterproductive. His overall advice is very good–manage your passwords, set them to something random, keep in mind that some sites just won’t allow for a very strong password so do the best you can, and protect your main e-mail password and your password management system password with all the diligence you can muster.
It’s sound advice from a guy who’s done something that I admittedly have only barely started doing myself. I’ve reset my most important passwords and collected them into a password manager, but nowhere near all of them.
I think it is extremely important to use random passwords on most sites, because if you use a pattern, it may be possible to deduce your pattern if that password is breached, which then might allow someone to steal a more important account. Over the years I’ve registered at a large number of forums that most likely aren’t terribly diligent about their security–I have to assume those passwords will get stolen if someone ever bothers to try.
David Farquhar is a computer security professional, entrepreneur, and author. He started his career as a part-time computer technician in 1994, worked his way up to system administrator by 1997, and has specialized in vulnerability management since 2013. He invests in real estate on the side and his hobbies include O gauge trains, baseball cards, and retro computers and video games. A University of Missouri graduate, he holds CISSP and Security+ certifications. He lives in St. Louis with his family.