Building a Care Automation System, Part 3: Random Passwords and 2FA
My Gmail password is %3B2HWW&fXcs
That’s no joke. That’s literally what it is right now. My username is troylar and my password is %3B2HWW&fXcs. I promise I won’t report you if you try to login. Why in the holy fucking hell would I post my Google username and password in a public blog right before I go to bed? We’ll come back to that. I’m going to sleep just fine, and no one will get into my account. Even though that is literally my username and password.
Troy’s First Law of Security: If you use the same password for more than one site, you’re doing it wrong.
First of all, if you look at my Google password, I’m crossing my fingers hoping that you realize I don’t sit around typing random passwords. I used a software program to create a random program. I clicked the Generate Random Password button and it was done. In fact, all of my web site passwords are completely random and different.
Why is this important? Because you and me–our passwords will be hacked on some site. It’s inevitable. It’s just a fact that sometimes poorly-built websites will expose our passwords and those passwords will be stolen. So at worst, they stole my single random password for that site. I’m not happy about it, but I know that they can’t log into any other sites with that password.
Troy’s Second Law of Security: If a website or service offers 2FA and you’re not using it, you’re a fucking idiot.
What the fuck is 2FA? It’s an abbreviation for two-factor authentication. This is why I can share my Google password.
Think about your car. Your front door. Your back door. I literally only need one key from your keyring to get access to any of those. If I physically get access to your front door key while you’re doing shots at the bar, I can make a copy of your key, wait three days and walk into your front door while you are at work and steal your entire cassette and CD collection. That is one-factor authentication–I only need one thing to get access to your stuff.
Now imagine if I got your front door key, but as soon as I put the key into the lock it sent you a text message to confirm. So while I’m trying to casually open your front door, you get a text message at work asking you to confirm that it’s OK to unlock to door. Yes, it’s a slight bit of a pain. but it would make your key absolutely worthless unless someone also had physical access to your phone (which I’m going to assume has a passcode, ahem). That is two-factor authentication.
Most every major web site has two-factor authentication including . . .
Our Nest Cameras
Ring Does NOT, but I’m sure they will
The point is, check your bank, email, credit card web site–any site that has a password and if they have a 2FA option, immediately turn it on.
Troy’s Third Law of Security: Every device in your network is a potential gateway to your personal data.
You need to make it really, really hard for hackers to access your personal data. Your Amazon account on your Amazon Echo devices should have a completely different password than your Roku account. Your Apple ID should have a completely different password than your Google account.
If someone were to get access to one password or one account, they may wreak havoc with your Apple account, but Apple can fix that. That shouldn’t also give them access to your bank accounts and your Amazon account.
Personally, I use LastPass.
LastPass is a really awesome password manager, especially for families. (DISCLAIMER: If you sign up with this link I get a free month). You can share passwords between family members, so no more texts WHATZ THE PWD FOR NTFLX
All of my passwords are stored in LastPass and I use the random password generator feature whenever I sign up for a new web site. Obviously, it also has an IOS and Android mobile app, so you can use those passwords on your phone as well.
This is prolific writing Troy, but I use the same password for every site. Where do I even start?
#1: Thank you for the compliment
#3: Go to Google and change your password and turn on 2FA.
#4: Gradually start changing all of your passwords to random passwords.
#5: When you change your passwords, check to see if they have a 2FA option.
#6: It seems like more work, but I promise you that using LastPass will quickly become part of your DNA.
#7: Pay for LastPass. It’s $24/year. I have no personal vested interest in this product, but software isn’t cheap and it’s less than one Starbucks per month.