The password audit

Over the past few years, I’ve made an audit of our passwords a part of the end-of-year check in routine. I’ve gone through 4 stages:

1) Ensure all important accounts have strong passwords. Strong passwords = lower case letters+ upper case letters + numbers + symbols. The most common passwords found in data breaches are still variants of 12345, password, qwerty, iloveyou. So, strong passwords are a good first step.

2) Set up password breach monitoring. I have set up breach monitoring across multiple services and have found Spycloud (free) to be the best so far.

3) Set up 2 factor authentication across all important accounts. 2 factor authentication adds an extra layer of protection in case of breaches.

4) Stop reusing passwords across accounts. As steps 1-3 focused on key accounts, I was still stuck with nearly a hundred old internet accounts with reused passwords. Lastpass reminded me of this a few months ago and I started a weekly routine of cleaning up 10 accounts/passwords at a time.

This was an eye-opening exercise. I ended up closing ~50 defunct accounts and cursing another 15 services profusely for making it very hard to close accounts (requirements include live chatting or calling) before closing them anyway. I also cringed a few times when I saw how often I reused passwords. I’m glad to have done it and became a Lastpass “Security Dashboard” fan* as part of the process.

None of these steps ensure complete safety. But, in the event of a worst case scenario such as a breach or a scam, these are steps we can take to make sure damage is limited.

*This feature was free when I started on this journey. Mid-way through, it became a premium feature ($36/year). I wasn’t sure if this was in response to how often I was using it. If it was, hat tip to a smart paywall!