Is Changing My Password Enough?

I regularly hear from people who’ve had their email or other online account compromised, are able to recover access to it, and change their password, only to have the account stolen again almost immediately.

The problem is simple, but the solution is a bit of work.

First, you have to realize that while someone else has access to your account, they have access to everything related to that account.

As a result, changing your password just isn’t enough. You need to do more.

Read moreIs Changing My Password Enough?

I see lots of failed attempts to login to my account, should I do anything?

//

Hi, Leo. I was changing my password tonight on Hotmail and went into a section I never noticed before called recent activity. I was shocked to see that in the past two weeks there were a ton of failed attempts from nearly every country on the map that had tried to login to my Hotmail account. Is this normal? Should I be scared? Should I close the account? I’ve had this account since 1997 so it has lots of information about me in different folders. Thanks.

Honestly, what you’re seeing doesn’t surprise me. I do have some suggestions on what you should do, but closing your account isn’t one of them.

Read moreI see lots of failed attempts to login to my account, should I do anything?

Is application-provided encryption secure?

//

Hi, Leo. I searched your site and several other websites but could not find the exact explanation that I’m looking for. I’ve been keeping all of my personal financial information and website passwords in an Open Office spreadsheet that is saved with a long, complex password. From what I’ve been reading from your site and others, that spreadsheet is maybe not a secure as I think it is.

My question is – can anyone using sophisticated hacking software see the data in my file without breaking the password? In other words, if I have a relatively complicated password, shouldn’t I trust that as being secure? I find it very convenient to copy and paste login information from my spreadsheet. However, if I someday lose my portable backup drive or it’s stolen or if someone breaks into my home when I’m away, then could someone easily see the data in my password protected spreadsheet file? I assume, of course, part of this equation is how sophisticated the potential thief is and how much of a target I am perceived to be?

There’s a part of me that really wants to say that you’re safe.

In general, I’m not a big fan of using spreadsheets for passwords, but I know a lot of people do for saving that kind of information. And with a complex and lengthy password like you’ve said you’re using, in general, it should be safe to use a password-protected spreadsheet in a utility like Open Office, Microsoft Office, or any of a number of other applications that provide password protection for their documents.

want to say that is safe.

Unfortunately, history does not really bear that out too well.

Read moreIs application-provided encryption secure?

Why are sites making it difficult for password managers?

//

Following your advice, I use a password manager so I can use long, secure passwords and simply copy-paste into websites. Recently, however, it seems more sites use a technology that prevents this. The temptation now is to use shorter passwords, making them less secure so copying and typing them is easier. Why are sites doing this?

I haven’t seen a site that actually prevents pasting a password in the Password field, but I definitely have seen sites that either intentionally or unintentionally make password managers more difficult to use.

It’s backwards thinking, if you ask me.

Read moreWhy are sites making it difficult for password managers?