2011 has been a hostile year here on the net. More so than any before it, as far as I'm concerned. Spammers and scammers started focusing on fora far more than they ever had before, exploitation of holes in common blogging software packages were regularly abused. We suffered injection attacks from November through March here (it was a frustrating and demoralizing issue to deal with), we saw sites like MGoBlog and ScoutingOhio get hit with malware and viral infestations as the result of attacks. Another site upstream of us is getting hit with a denial of service attack as I type this, resulting in some little hiccups for us. Sony was famously hacked. PBS and others as well. It seems every week brings a new email from a large company apologizing for unauthorized access to passwords, email addresses, and other personal information -- even OSU itself had to acknowledge as much recently.
While I don't want to get into a philosophical discussion about all of that, I do want to take a moment and reinforce how important and effective it is to have unique and complex passwords at every site you visit. This is even more important anywhere money is even tangentially involved. Wherever and whenever possible, your passwords should be at least 14 characters long, and a mix of uppercase letters, lowercase letters, numbers, and special characters (!@#$%^&*+'). Obviously that's far less convenient than just using the same thing over and over again (for years in the distant past I just used my Parris Island rifle number everywhere, for example), but it will make a huge difference if and when your information is exposed somewhere -- and that can happen anywhere. If 2011 has proven anything, security and true privacy is a myth.
I use, personally, and *highly* recommend KeePass as a password management and generation solution. It is free, open-source, has a long and celebrated history, and has a number of branches that offer mobile solutions as well (can't speak to those, since I'm not particularly mobile). It's available at http://www.keepass.info
There are other (perhaps better) solutions, and I invite people to post their own suggestions here. It's well established that I am in no way a 'tech' type, and perhaps our tech/security-minded folk have some good ideas about how to really protect yourself and your information online.
Use strong passwords, change them periodically, and make them unique at each location. That's a definite start.
While I don't want to get into a philosophical discussion about all of that, I do want to take a moment and reinforce how important and effective it is to have unique and complex passwords at every site you visit. This is even more important anywhere money is even tangentially involved. Wherever and whenever possible, your passwords should be at least 14 characters long, and a mix of uppercase letters, lowercase letters, numbers, and special characters (!@#$%^&*+'). Obviously that's far less convenient than just using the same thing over and over again (for years in the distant past I just used my Parris Island rifle number everywhere, for example), but it will make a huge difference if and when your information is exposed somewhere -- and that can happen anywhere. If 2011 has proven anything, security and true privacy is a myth.
I use, personally, and *highly* recommend KeePass as a password management and generation solution. It is free, open-source, has a long and celebrated history, and has a number of branches that offer mobile solutions as well (can't speak to those, since I'm not particularly mobile). It's available at http://www.keepass.info
There are other (perhaps better) solutions, and I invite people to post their own suggestions here. It's well established that I am in no way a 'tech' type, and perhaps our tech/security-minded folk have some good ideas about how to really protect yourself and your information online.
Use strong passwords, change them periodically, and make them unique at each location. That's a definite start.
Last edited: