Personal Information Spring Cleaning: Auth and Passwords

Posted by Jen Tong on May 12, 2017

Back in the olden times the custom of spring cleaning was about scrubbing the soot from your wood burning stove off of the walls. But we live in the 21st century, and our heaters don’t leave much soot behind. We do, however, leave bits and pieces of our personal information all over the Internet.

A couple of years ago I adapted the custom of spring cleaning to my Internet life. I do things like audit my passwords, delete abandoned online profiles, expunge embarrassing tidbits of angst-ridden teenage blogging, and generally tidy stuff up.

It’s a wonderfully cathartic practice, and it makes online life safer to boot. So, I’m going to share my spring cleaning regimen with all of you. It’s a grouped checklist, and it’s pretty long, so I’ve broken it up into a few entries.

This entry is all about user authentication and passwords: the gateway to your personal information.

Check for breaches

Data breaches happen constantly. I try to stay on top of them, but sometimes I miss one. Luckily someone else stays on top of them, and he runs a tool for checking your accounts: haveibeenpwned.com.

  • Enter your favorite email addresses and usernames.
  • If your accounts have been impacted, tend to those accounts first: delete them, or update logins and passwords.

Multi-factor auth

Multi-factor auth, also known as two-factor auth, is awesome. Are you using it wherever it’s available? You should be. It’s a wonderfully effective tool for personal info security.

When setting up accounts, favor the most secure option available. Generally, U2F hardware tokens are best, followed by mobile apps, and finally SMS.

  • Go through all of the providers on which you already use multi-factor auth. Can any of them be upgraded to a more secure option? If so, upgrade.
  • Scan the services listed on twofactorauth.org. Look for accounts where you can enable multi-factor auth, and do so.

Passwords

Strong individual passwords are important, but general password hygiene is even more important.

One of the tricky parts here is remembering all of websites on which you have accounts. I probably have hundreds. Here are places you can scan to jog your memory.

  • Your password manager
  • Your cookies: go into your web browser settings, and scan the domain names of your cookies.
  • Account confirmation emails: search your email for words like ‘registration’ and ‘verification’.

Once you have an idea of where all you have accounts, fix those passwords up.

  • Are you using a password manager? If not, get one. 1Password is pretty good, but there are free and open source options too, like Padlock.
  • Have you used the same password on any two websites? If so, fix that now.
  • Go though your most sensitive or important accounts (banks, email, cell provider), and change those passwords for good measure.

Conclusion

There, don’t you feel better already? That’s just step one. There’s still lots of cleaning to do, but that will have to wait for a future blog entry.