Skip to main content

Password Management

The need to create, store and manage passwords is a huge responsibility in modern day life. So why is it that so many people do it so poorly? This is a loaded questions with answers ranging from people being uneducated, to lazy, to educated but not affective in their methods and many more. This blog is to help those (in some way even myself) around me strengthen their online security.

Why does it matter?

To answer this let's look at a few numbers. According to the US Department of Justice (DOJ)’s most recent study, 17.6 million people in the US experience some form of identity theft each year. Ok fine but that is identity theft that has nothing to do with password management. What is one way someone can start getting information about who you are? How do they get access to steal your money?

From Cyber Security Ventures 2019 report:
"Cybersecurity Ventures predicts that healthcare will suffer 2-3X more cyberattacks in 2019 than the average amount for other industries. Woefully inadequate security practices, weak and shared passwords, plus vulnerabilities in code, exposes hospitals to perpetrators intent on hacking treasure troves of patient data."

"Despite promises from biometrics and facial recognition developers of a future with no more passwords — which may, in fact, come to pass at one point in the far-out future — one report finds that the world will need to cyber protect 300 billion passwords globally by 2020."

What to do about it. 

While there are many things to do in this space we are focusing on password management in this article.

One of the first things you can do is see if any of your accounts have been hacked. If your account shows up on there change your password.

Befor you start changing all those passwords though let's talk about how to manage them. If you store all your password on a paper next to your desk or in a word document or you just have a couple passwords everthing shares STOP IT! I know it can be a pain to remember a bunch of different secure passwords. Not if you have the right tools.

Password managers

One of the keys to keeping secure passwords is using a password manager. There are a few great ones out there. I am not going to cover all these as it really comes down to price point and feature set you need. I use LastPass. The ability to share security passwords or other items with family members along with it'ssecurity check-ups is perfect for us.

Now some will say, why not just use the built in password managers of my browser? For me the main reason is access. I want access to my passwords when working in my browser but also on mobile apps or browsers. I also want to be able to organize and view my access data and share with others. I also want to be able to rebuild my computer and not worry about my passwords getting blown away.

Ok, don't take some random blogger's word for it. How about the UK's National Cyber Security Center. None of this means your passwords are 100% secure as nothing is 100% but it is better then what most people are doing today, which is not using a password manager.

There is a growing market out there for passwords. Just look at this published list of the price point for login information for different sites.

For those that are worried about the learning curve or that they are not technically savy enough. Stop putting your security at risk because of your worry. Most of these tools like LastPass have great getting started or how it works walk throughs. You just need to step out of the comfort zone for a little and start trying. If you run into questions reach out to the vendor you have chosen or to me. Comment on this blog.


Popular posts from this blog

Excel XIRR and C#

I have spend that last couple days trying to figure out how to run and Excel XIRR function in a C# application. This process has been more painful that I thought it would have been when started. To save others (or myself the pain in the future if I have to do it again) I thought I would right a post about this (as post about XIRR in C# have been hard to come by). Lets start with the easy part first. In order to make this call you need to use the Microsoft.Office.Interop.Excel dll. When you use this dll take note of what version of the dll you are using. If you are using a version less then 12 (at the time of this writing 12 was the highest version) you will not have an XIRR function call. This does not mean you cannot still do XIRR though. As of version 12 (a.k.a Office 2007) the XIRR function is a built in function to Excel. Prior version need an add-in to use this function. Even if you have version 12 of the interop though it does not mean you will be able to use the function. The

Experience Profile Anonymous, Unknown and Known contacts

When you first get started with Sitecore's experience profile the reporting for contacts can cause a little confusion. There are 3 terms that are thrown around, 1) Anonymous 2) Unknown 3) Known. When you read the docs they can bleed into each other a little. First, have a read through the Sitecore tracking documentation to get a feel for what Sitecore is trying to do. There are a couple key things here to first understand: Unless you call " IdentifyAs() " for request the contact is always anonymous.  Tracking of anonymous contacts is off by default.  Even if you call "IdentifyAs()" if you don't set facet values for the contact (like first name and email) the contact will still show up in your experience profile as "unknown" (because it has no facet data to display).  Enabled Anonymous contacts Notice in the picture I have two contacts marked in a red box. Those are my "known" contacts that I called "IdentifyAs"

Uniting Testing Expression Predicate with Moq

I recently was setting up a repository in a project with an interface on all repositories that took a predicate. As part of this I needed to mock out this call so I could unit test my code. The vast majority of samples out there for mocking an expression predicate just is It.IsAny<> which is not very helpful as it does not test anything other then verify it got a predicate. What if you actually want to test that you got a certain predicate though? It is actually pretty easy to do but not very straight forward. Here is what you do for the It.IsAny<> approach in case someone is looking for that. this .bindingRepository.Setup(c => c.Get(It.IsAny<Expression<Func<UserBinding, bool >>>())) .Returns( new List<UserBinding>() { defaultBinding }.AsQueryable()); This example just says to always return a collection of UserBindings that contain “defaultBinding” (which is an object I setup previously). Here is what it looks like when you want to pass in an exp

Sitecore EXM 9.1 Performance and Scale

When working with Sitecore EXM it seems like one question everyone has is what level of performance can you get out of it. As with most things, the answer is "it depends". However, there are a number of things that go into this and things to think through and adjust to try to get a high rate of sending. Sitecore Hacker has a good blog post on scaling EXM .  As I spent time trying to scale my own instance I wanted to break things down a little more and provide some more concrete examples on steps takes to performance tune and performance I have seen. Let's breakdown some specifics about the architecture to help you understand where you might stand. I am running in AWS with a dedicated Content Management server, a dedicated dispatch server, a dedicated xConnect Server and of course a dedicated database server. Here are the specifications for all. Content Management: 16 gb RAM, 2.3 Ghz 4 core processor. Dedicated Dispatch: 16 GB RAM 3.0 Ghz 8 core xConnect: 4 gb RAM