Treat your password like your toothbrush. Don’t let anybody else use it, and get a new one every six months. — Clifford Stoll
We all have numerous passwords that we count on in our daily lives, but how safe and secure is that password? Have you shared it with anyone? Were you aware that a federal court has made sharing passwords illegal? Do you use a password manager? Today I saw news of a zero-day vulnerability on Lastpass.
We must be ever-vigilant with our passwords and password managers as well as two-factor authentication (2FA) (see links for more). Despite a federal ruling on sharing passwords, one of our presidential candidates asked their potential VP and his entire family, including grown children, to share all of their social media passwords with the campaign. California has ruled in favor of employers demanding the social media passwords of employees (long-standing ruling). There are numerous other examples of overreaching attempts at circumventing your privacy and security, so we all must be fully aware of what is and is not legal as well as what we will and will not allow when it comes to our data and privacy. It is best practice to use a password manager, 2FA, secure passwords, unique passwords for each and every location that requires a password, and to change passwords on a regular schedule based on the data that is being protected. It is also a good idea to make sure you are aware of the latest issues and/or updates for your password manager of choice.
It is your security that is at stake and you must take every reasonable step to protect it in this ever-changing digital landscape.
NIST Says SMS-Based Two-Factor Authentication Isn’t Secure
ACCESS TO SOCIAL MEDIA USERNAMES AND PASSWORDS