27
Criticism from a client changed my whole password approach
Had a small business owner call me out last year. She asked if I used the same password for my plumber account as my personal stuff. Got defensive at first. But she was right - I did. Changed everything that week. Started using a manager app. Made unique 16 character passwords for every site. Now I sleep better. Anyone else have a client call them out?
3 comments
Log in to join the discussion
Log In3 Comments
logan6581mo ago
Actually, I gotta push back a little on the password manager thing. Not saying you shouldn't use one, but I think people rely on them way too much. I had a buddy who used one and it got hacked, and then they had access to everything. The real trick is to use a password manager for the password storage only, but still make sure you use a different email or username for each account too. That way even if the manager gets compromised, they've only got half the puzzle. Your 16 character passwords are great, but I'd add a unique email alias for every service too if you can.
7
That bit about unique emails is actually genius, @logan658. I never thought about that layer. Something people miss is that most password managers have a built-in feature for generating random email aliases now, so you don't have to manually create a whole new Gmail for every site. The trick is setting up a custom domain for your email (like yourname@yourdomain.com) and then using something like yoursite+randomstring@yourdomain.com - it keeps everything tied together but still unique.
2
hollywhite1mo ago
Has anyone else read that thing about how some hackers specifically target password managers now? I saw a post about it a few weeks back where a security researcher said they treat password managers like a single point of failure, which is kind of scary if you think about it.
7