30 March 2008
A friend and reader left some great questions in the comments section to a recent post. I’ve answered three of them today, and will answer the rest in a future post.
1) You mention that you change your online banking passwords every three months. What is your reasoning for doing this? If you have a high security password, is their an increased risk in it being broken the longer you keep using it?
I change my critically important passwords (banking and email) every three months just in case someone has figured them out. The biggest risk, as I see it, is from keyloggers. If keylogging software lodges itself in your computer even for a couple of days (in between virus scans, for example), it could steal your passwords and send them to a bad guy without tipping you off that anything is wrong.
2) Do you recommend having a different password for every different type of account you have? What are the risks in using the same password for multiple things?
I recommend having a different password for each of your important accounts. The risk of using the same password for everything is that someone who gets the password to one of your accounts gets access to all of them. Your bank probably does a good job of preventing people from getting into their databases, but shareyourpicswithfriends.com may not. If you were a hacker, how would you approach this problem, knowing that many people use the same password over and over?
Personally, I use the same password for accounts that would not cause me to weep if a criminal got access to them. I use distinct, strong, and frequently changed passwords for the rest.
3) I see the security threat in forgetting to logout of a email account, bank account, etc. at a public computer; someone could come on the computer after you and breach your privacy. Is there a threat of keeping accounts open for an extended period of time on a private computer?
I’m not very concerned about it. There is a danger that information sent from your computer to, say, your bank’s servers (and back again) is intercepted by some clever person, but there is little you can do about this. You can avoid wireless connections or avoid the internet completely, but most people (including me) would find this to be an unacceptable tradeoff.