This is the first post in a series focusing on security practices. We’ll initially focus on storing sensitive information (especially passwords), then we’ll turn our attention to secure ways of transmitting that sensitive information. A third posting is scheduled to tackle some simple steps that every website admin can take to be more secure, and a fourth will address steps that can be taken on an individual level.
Data security has been an increasingly hot topic since the massive security breach experienced by Target in December, Adobe in October, and White Lodge Services Corp more recently. These very public data losses are (hopefully) causing every industry to take stock of their security practices.
It’s important to take stock of our personal habits around data security as well.
There are many practical ways that you can make your data more secure without spending a fortune or becoming overwhelmed by the complexity of the issue.
Everyone knows the basics by now, right?
(1) Do not use the same password for every website and / or service.
(2) Do not use easily guessed passwords like your pet’s name, your date of birth, your mother’s maiden name, your third grade teacher, etcetera.
(3) You password should be a minimum of 8 – 10 characters long.
(4) Never use your username as your password.
(5) Never use your own name as your password.
(6) Use at least one numerical digit in your password, and preferably other special characters, too.
How are you storing your sensitive data?
If you’re like a lot of people, or even a lot of small businesses, you might be storing usernames and passwords in a plain text file or spreadsheet. This is a very bad idea since anyone who gains access to your computer, either physically or remotely, will be able to see all of the information in its full glory. If this is how you or your business are currently storing sensitive information, you should probably stop.
If you’re a bit more cautious about your data, you may be storing your information in a password protected documented. Both Microsoft Office and Mac’s iWork suite offer the ability to put a password on individual files. This is certainly better than using plain text! However, both MS Office and iWork use an AES 128-bit encryption key. This means that your neighbor probably can’t access the information in your file (assuming that your neighbor isn’t a hacker or working for the NSA) without guessing your password, but others with the right knowledge (or software) may be able to. Some people consider 128-bit AEK key to no longer be considered truly secure.
If you’re a smarty pants you are probably using an application specific to storing sensitive information. There are many (oh so many) applications out there that want to help you keep your data safe. If you’re unsure of where to start, I’ve compiled a brief list of links to some of the most popular applications*.
Secure Storage Applications
This is an amazingly popular product that works on both Macs and Windows operating systems, as well as iOS and Android. It also integrates with all major browsers. It is also the most expensive application on our list. A single user license is $49.99 and a family license is $69.99. Upgrade licenses sold separately.
This application has several subscription options: there is a free and premium version for individuals, and enterprise for business users. The premium version costs a mere $12 per year, while the enterprise version is based on a per user scale that starts at $24 per user per year. LastPass is compatible with Windows, Linux, and Mac and integrates with all major browsers.
KeyPass is a free, open-source password application. Officially it only supports Windows OS, but unofficially there are ports for Mac, Linux, iOS, and Android. It’s hard to beat free, but it doesn’t come standard with many of the options the other applications on this list have. Despite that, it’s worth checking out.
OneSafe has a nice interface and drag and drop capabilities, for those who like to keep it simple. The application is available for Mac OS, iOS, and Android. The Mac version will run you $9.99, the iOS app is $5.99, and $5.99 for Android. There is also a “leaner” version available for the iPhone that is $1.99.
Keeper works on a very wide variety of platforms: Windows, Mac, all iOS devices, Windows phones, Kindles, Nooks, and plays nicely with the following browsers: Safari, Internet Explorer, and Chrome. The price tag is a bit steeper than some of the others, though. A license for a single user with a single device is $9.99 per year. A single user with multiple devices is $29.99 per year. Lastly, for business or families a multi-user multi-device license is $59.99 per year, which seem like a pretty good deal.
No matter what system you use, don’t forget to choose a secure master password (i.e. the name of your pet or your third grade teacher probably doesn’t cut it).
What We Do to Keep our Data Safe
At Pallas Web Development we use a secure storage application that stores all sensitive information with a 256-bit encryption key. We take your privacy, and the security of your data, seriously.