The password audit

Over the past few years, I’ve made an audit of our passwords a part of the end-of-year check in routine. I’ve gone through 4 stages:

1) Ensure all important accounts have strong passwords. Strong passwords = lower case letters+ upper case letters + numbers + symbols. The most common passwords found in data breaches are still variants of 12345, password, qwerty, iloveyou. So, strong passwords are a good first step.

2) Set up password breach monitoring. I have set up breach monitoring across multiple services and have found Spycloud (free) to be the best so far.

3) Set up 2 factor authentication across all important accounts. 2 factor authentication adds an extra layer of protection in case of breaches.

4) Stop reusing passwords across accounts. As steps 1-3 focused on key accounts, I was still stuck with nearly a hundred old internet accounts with reused passwords. Lastpass reminded me of this a few months ago and I started a weekly routine of cleaning up 10 accounts/passwords at a time.

This was an eye-opening exercise. I ended up closing ~50 defunct accounts and cursing another 15 services profusely for making it very hard to close accounts (requirements include live chatting or calling) before closing them anyway. I also cringed a few times when I saw how often I reused passwords. I’m glad to have done it and became a Lastpass “Security Dashboard” fan* as part of the process.

None of these steps ensure complete safety. But, in the event of a worst case scenario such as a breach or a scam, these are steps we can take to make sure damage is limited.

*This feature was free when I started on this journey. Mid-way through, it became a premium feature ($36/year). I wasn’t sure if this was in response to how often I was using it. If it was, hat tip to a smart paywall!

A few notes on managing passwords and Lithium-ion batteries

We use passwords and Lithium-ion batteries (the batteries that power whichever device you are reading this on) a fair bit. I went on a best-practice gathering mission the other day on both. And here’s what I found –

Passwords – Lifehacker resource
– Use Lastpass or KeePass to create random passwords (available as extensions on chrome)
– Don’t use a password formula – e.g. Password123 – unless absolutely necessary

Suggested approach (based on reading suggestions across a few blogs)
Step 1: Use a password manager (i.e. lastpass) with a secure master password
Step 2: Create 2 tiers of applications – critical and non critical. For critical, set difficult passwords and ensure two-factor authentication is turned on.
Examples of critical applications
1. Email
2. Storage – Crash plan + Dropbox
3. Payments and credit card accounts – Amazon, iTunes, PayPal
4. Bank accounts
5. Social – Facebook + Twitter+ Tumblr + Linkedin
6. Any others For all others, just use a couple of generic passwords you will remember in case Lastpass isn’t at hand. They probably don’t matter that much anyway.

Lithium-ion batteries – Lifehacker resource
– Don’t worry about discharging the battery completely – just do it once a month (Old Nickel based batteries needed this. Li batteries don’t)
– Shallow discharges and charges or charging from 40%-80% are seen as ideal to prolong battery life and are much better than discharging to 0% and recharging to 100%
– One charge cycle is when you use the FULL 100% – so 40% + 40% + 20% discharge is just 1 cycle. Discharging to 50% results in optimum charge cycle usage
– If you plan on storing a battery away for a long time (e.g. your laptop’s), discharge to about 50% and keep in a cool place
– Always use the correct charger
– Don’t leave the battery plugged on overnight – causes overheating.

Hope this helps!