Before my move into digital public affairs, I spent 13 years working in information security, risk management and privacy. I designed, implemented, tested and supported trusted networking environments for high tech companies, financial services institutions and banks,  military and government departments. It sounds very impress

Good password design was just as important back then on those projects as it is now on everything ranging from social media to online banking to managing eCommerce systems. And, the advice really hasn’t changed substantially. Tips usually include:

  • Immediately change any default or service-provided passwords
  • Use passwords of no fewer than eight characters
  • Use mixed-case letters, numbers and special characters (punctuation)
  • Don’t share your password with anyone
  • Don’t post your password anywhere obvious (like near your computer)
  • Use unique passwords for each login

It was much harder to keep passwords for multiple systems (think 30 or 40 systems for work, alone) organized in our heads back then.

As I noted in my toolkit 2014 post earlier today, I’ve come rely on 1Password to create and manage unique, complex passwords for each of my online personal, professional and client accounts. There’s apparently around 150 of them now. And, I only have to remember one complex password to manage the tool. It’s a single point of failure, to be sure. However, it simultaneously also allows me to distribute my risk.

News broke earlier today that popular crowd funding site Kickstarter has been hacked. The good news is the site apparently doesn’t store credit card information. The information leak has allegedly been restricted to user names, real names, mailing addresses, email addresses, phone numbers and encrypted passwords.

By today’s standards, that’s a pretty low grade exposure. My Kickstarter password is complex and unique. Anyone getting a hold of that password of mine won’t be able to access any Of my other accounts. Nevertheless, I’ve already hopped in to my account and changed my password.

I guess I’m saying it’s worth getting a password manager like 1Password and taking a few hours to go through all of your online accounts, updating them with new, complex and unique passwords.

By the way, check out the image below to see the email Kickstarter CEO Yancey Strickler sent at 4:17amET today to announce the hack, respond to obvious concerns and provide guidance on how users can change their passwords. This email — its timing, substance and sentiment — should serve as a template for companies which find themselves in a similar situation.

Kickstarter-hack-email