Over at CSO Online, there’s a nice war story about tracking down and resetting 300 passwords.
I could pick nits at a few of his details, but that’s annoying and counterproductive. His overall advice is very good–manage your passwords, set them to something random, keep in mind that some sites just won’t allow for a very strong password so do the best you can, and protect your main e-mail password and your password management system password with all the diligence you can muster.
It’s sound advice from a guy who’s done something that I admittedly have only barely started doing myself. I’ve reset my most important passwords and collected them into a password manager, but nowhere near all of them.
I think it is extremely important to use random passwords on most sites, because if you use a pattern, it may be possible to deduce your pattern if that password is breached, which then might allow someone to steal a more important account. Over the years I’ve registered at a large number of forums that most likely aren’t terribly diligent about their security–I have to assume those passwords will get stolen if someone ever bothers to try.
David Farquhar is a computer security professional, entrepreneur, and author. He has written professionally about computers since 1991, so he was writing about retro computers when they were still new. He has been working in IT professionally since 1994 and has specialized in vulnerability management since 2013. He holds Security+ and CISSP certifications. Today he blogs five times a week, mostly about retro computers and retro gaming covering the time period from 1975 to 2000.