To me the bottom line with these data breaches is twofold. One: The biggest vulnerability is ourselves, unfortunately. We make bad passwords, we write our passwords down, we make weak passwords. And until all these websites that we access and such enforce strong password integrity rules, you’re going to continue to see these breaches. But on the other side I think there’s a responsibility of those companies to do their due diligence to actually report that there’s been a data breach, not wait three months, six months down the road, as we saw what a number of companies here in 2017 and even here into 2018. We hear months later that our passwords have been breached.
There’s a number of different areas that they have to look at. It’s not just the handheld device, your laptop, you also have to think of your social media presence and what you’re sharing online. And in everything I’ve seen, unfortunately, most folks share way too much information.
What do I mean by sharing too much information? Those little quizzes that folks will send you, you know “share this information”—what is your mother’s maiden name, what is your father’s first name? Well, if you really think about it, what are those really asking? Those are password reset questions. So if somebody is able to get your email address along with a list of those types of questions, they can access your account and brute force your account and gain access to your email by resetting your password.
I’m not a fan of storing them physically on a computer, like when you use a browser like Firefox, Chrome, IE, it will say, “save your password.” I’m not a fan of saving them in the browser because they’re not encrypted. A password-managing tool like LastPass and KeePass actually encrypts the password, so if somebody was to steal your laptop they actually cannot gain access to all your accounts.