Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 

SQLAndy

I'm Andy Warren, currently a SQL Server trainer with End to End Training. Over the past few years I've been a developer, DBA, and IT Director. I was one of the original founders of SQLServerCentral.com and helped grow that community from zero to about 300k members before deciding to move on to other ventures.

Schedule Time To Review Your Passwords & Using a Password Manager

I use a password manager and it currently has more than 150 accounts in it, ranging from my checking account and other personal stuff to logins to MSDN, various client VPN’s, and more. Almost all of the passwords are unique. Ideally they would be unique, but sometimes I sacrifice ease of use for maximum security. Most of them are strong passwords, and mostly generated by the app. Earlier this week I spent an hour reviewing and pruning those accounts, deleting some that I no longer use and where possible deleting the accounts they were associated with as well. Next week I’ll do a check for duplicate passwords and fix ones I think need to be fixed. Password Managers are more than just a convenience. In the event that a web site you use is breached and credentials leak out, being able to quickly assess your risk level is important. You want to see what other places use the same password and you want to see where you’re using your email as your ID (probably a lot of places). No good way to do that without keeping the list as you go.

Plenty of options to pick from, free and paid, local and online:

I’m always aware of the risk embodied in such a central store. If it’s compromised someone would have basically unlimited access to everything – credit cards, checking account, retirement, phone, etc, etc, etc. In the scheme of things having the app is a risk worth taking, but choose your password manager based on how you see the world – do you manage it locally only, or use one with an online data store? Whichever path you take, get one that will automatically capture/enter credentials – it’s the only way it will get used often enough to be worth doing (in my view). Definitely check to see if there is an option to enable two-factor authentication. Finally, my rule is to never access the file on a computer I don’t trust – I trust my laptop at home, my laptop at work, and my phone.

Comments

Leave a comment on the original post [sqlandy.com, opens in a new window]

Loading comments...