Change Your Passwords!

It seems obvious, but it’s never a good idea to use the same passwords for different email accounts, domain registrar accounts, bank accounts…etc. Whenever you need to log on to an account online, it’s best to have different complicated login passwords. If you use the same password and that is stolen by a thief, they will have access to all of your private information and can easily log into your account and take control of everything:

From the Boston Globe,

“Using the same password for multiple Web pages is the Internet-era equivalent of having the same key for your home, car and bank safe-deposit box.”

Whenever it is offered, I strongly advise that you get a security fob to add an extra layer of protection to your accounts. I have a Paypal security key (which costs just $5.00), and I have recommended that at least one domain registrar implement this level of security to protect our digital assets.

Change Your Passwords It’s always a smart idea to change your passwords frequently,...
Keep Unique Passwords for Different Accounts (Email, Parking, Registrars, Forums…etc) Most of us have accounts at various domain registrars, maybe...
Kevin Ohashi Warning: Change Your Password Storage Policy or Be Publicly Named & Shamed I read an article on Kevin Ohashi’s blog, and if you...

Written by Elliot Silver on April 16, 2008
Posted in: Advice

Comments (9)

Mark R

April 17th, 2008 at 12:23 am

Hi Elliot,

That’s a great idea from a secrity standpoint and as a business idea, for anyone with the expertise to execute on it.

BTW, why didn’t you register Securityfob.com and securityfobs.com after you original post? They were registered along with securitykeyfob(s).com about a week after that post, and I just registered security key chain(.)com and security key chains(.)com. I’ll definatly cut you in if I ever sell them.

tempest

April 17th, 2008 at 1:43 am

great tip. i’m going to check out the paypal one, i never knew such a thing existed.

Conor Neu

April 17th, 2008 at 6:06 am

Agreed that a registrar needs to jump on board with the key fobs. Outside of banks, registrars probably hold some of the largest amount of simple digital assets in the world.

At some point these security companies need to take total controll of the business so that we can reduce the amount of fobs to carry around. I have several and it is a major pain in the ass as my keychain grows. If a registrar wants to do it right, they should contact the company that provides the Paypal security key and team up with them to use the same key. You just need to prove that you own both accounts and then you can use the same security fob. There is no risk between vendors because you would still need a seperate password for each vendor.

Anyone see anything wrong with this logic? I’m no security expert, but it makes sense to me that this is an industry where a monopoly (or maybe 2 players) should dominate the market.

Bahamas Hosting

April 17th, 2008 at 7:20 am

Elliot, that’s good advice. More online companies need to start using the security tokens from RSA. They are simple to use and very effective. They’re great for securing applications, VPN access etc.

- Richard

damir

April 17th, 2008 at 9:24 am

Great and Informative post

Bahamas Hosting

April 17th, 2008 at 10:17 am

@Conor

The way that one time tokens (that’s the industry term for them) work is that the site owner runs a key server on their back end that takes care of the verification of the token.

If companies were to team up to let customers use only one token, they would need to share or distribute the key server verification. I bet no one wants to share !

- Richard

Emil @KING.NET

April 17th, 2008 at 10:17 am

I’ve been using this security key from Paypal since they introduce this service, defitely a great security protecting your online account.

No just registrar, I don’t know why banks is not doing this practice.

Bahamas Hosting

April 17th, 2008 at 10:49 am

@Emil

Perhaps you should look for another bank. Many of the big banks and online brokerage firms are using one time tokens for logins and transactions like wire transfers and stock trades.

Heck, even some of the banks in the Bahamas use one time tokens !!

- Richard

FredAtMicrosoft

April 18th, 2008 at 7:53 pm