Updated 20-Sep-2023
> This is as true today than it was more than five years ago when first posted. Due to the ongoing hacking of accounts and passwords on popular web services, it is a good time to consider the following suggested security practices. If you feel you do not have the time to deal with this, think again...
Suggested Security Practices
- Have one unique password per site/account
- Have a special account not normally used, which is for administration of accounts (again, per site/account)
- Generate and manage passwords with an encrypted password management tool, e.g., KeePass and others of its ilk.
- Keep backup of the encrypted password management tool in the cloud (some kind of cloud-based backup). There are many options for cloud storage, and we ourselves are on our third cloud provider, with likely a fourth on the horizon. First it was Dropbox, then Google Drive, and now the highly functional Yandex Disk, with an eventual migration to Amazon WorkMail and WorkDocs, once there is functional parity, later in 2017 or 2018.
- Encrypt files/drives which contain confidential information, so that in the event of intrusion, the files/drives will not be accessible, using strong encryption, e.g., VeraCrypt
- Get in the habit of deleting email that has confidential information, such as passwords.
- Force the use of SLL for all website browsing, when possible, especially for email and other sites with sensitive information.