Let me start by staying, getting your blog hacked sucks. Getting your blog hacked when you use the same password for your blog adminstration as you do for many other critical things on the Internet sucks even more. Last year, our http://goingeast.ca blog got hacked. The hacker ran some scripts on the system that messed up a whole bunch of our posts, and made our site impossibly slow. Once we discovered the problem, we had to take the site down, and go through the slow and painful process of checking every post (we have 100s) and ensuring that everything was clean. We also had to put in a few security measures to help avoid a repeat occurance.
As with any security measures – added security equals added pain. You don't get more security for free. The challenge is to find the right balance of pain and security. For now, I think I have a pretty good solution.
One of the most important things I now do is to have unique password for everything on the Internet (usually a randomly generated 14-16 character password). Yes, I mean it! Now, this is only possible because I use software to help manage this. I am now using 1Password. 1Password is an application that runs on all my devices, and stores all of my passwords securely. I only need to remember the 1Password – my super secret password that is not stored on the Internet. With my one super secret password I can unlock the password vault and retrieve any of my other passwords.
What makes this a feasible solution is that there is a 1Password plugin to each of my Internet browers (I use Chrome, Firefox, and Safari). The browser plugin also saves URLs so I don't need to bookmark things. I simply click the key in my browser, use my super secret password to open 1Password, search for the site I want, and click go. The 1Password pluging automatically logs me in. Whenever I create a new login, the 1Password plugin prompts me to include it within the 1Password vault. 1Password also provides a random password generator – so I don't need to think of random key sequences (and enter them twice successfully), I just click the generate button and the password field in the web browser is automatically populated with the randomly generated password.
Using 1Password on my iPad (and iPhone) is a little less convient then using the same password for everything. It means that when an app needs a password, I need to switch to 1Password, login, and copy the password I need. It is an extra step, but that extra step adds a huge level of security.
So, whenever I hear someone say that they are using the same password for everything, I cringe. I think, I need to get them setup with 1Password. It doesn't take long to setup, and provides a huge boost to your level of security.
Note: This is not a sponsored post. I have no financial interest in the company Agile Bits (the company that makes 1Password) – I just want to save my friends and colleagues from getting hacked!