Changing 40+ Passwords: Supplementary

22 Jul

In a previous blog series, I described my fun, games and gripes at changing 40+ passwords. Soon after the blog was posted, it struck me – there are yet more to change…

As described, I used two factor authentication where it was available. But some applications are not designed to work with two factor authentication; they do not have a mechanism to ask for a secondary password. This is common issue in iPad apps, but also affects applications like Microsoft Outlook on Windows.

Most two factor authentication systems provide a mechanism to manage this – application specific, or single use passwords.

Where the password is single-use (for example Twitter), I’ve made the assumption that they did not need changing. (I’d welcome comment form any reader that thinks this is an invalid assumption).

Where the password is application specific, but re-usable, I set about changing them too.

  • Google – Not sure totally necessary as Google helpfully tells me when they were last used.
  • Facebook
  • WordPress
  • Microsoft Office 365

No real issue in doing so. Simply logon to the relevant web site, find the app password screen (usually well hidden), delete them, and re-generate. Then use the new password in the relevant app.

All in all, no real drama – the point being, that following the advice “change all your passwords” is not at all easy, and as pointed out here, there are some very important ones that you may easily forget about.

4 Responses to “Changing 40+ Passwords: Supplementary”

  1. kevin July 22, 2014 at 08:16 #

    Geez, those are a lot of passwords to change, i wish you luck with that.
    You should really use a secure tool to keep track of them, like WISeID, best its free 🙂
    Cheers
    Kevin
    — Secure Your Passwords & Personal Life —
    http://www.wiseid.com

    Like

  2. Dave Walker July 27, 2014 at 14:12 #

    There’s been some interesting revelations recently, involving security issues in password managers; there’s a useful summary and link to the original paper at http://arstechnica.com/security/2014/07/severe-password-manager-attacks-steal-digital-keys-and-data-en-masse/ . In addition to the Dark Reading pointer above, any thoughts on this?

    Like

    • Kevin July 27, 2014 at 16:42 #

      Storing passwords and form filling them through a browser extension is inherently dangerous, especially since they are usually JavaScript based. I don’t think there is any completely safe way to do that. Best is to keep full control of your encrypted DB of passwords, and don’t allow it to be queried over a network. You can store an encrypted blob of the entire DB somewhere else to be safe, without any plain text information (website URL, your name, usernames, etc) being exposed.
      It’s certainly not as convenient without automatic web filling, but it’s more secure.

      Like

Please join the discussion, we welcome your views...

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: