Holiday Security Chores

December 21, 2011 by Gabe | [mmd] |

I’ll be taking advantage of some vacation time over the holidays to do a clean sweep of my secure credentials. I’m a 1Password user, so it’s pretty easy. However, it’s still time consuming. The first step for me is to make a list of the accounts to update. I keep a text list of the services I frequent but there are still a lot that gather dust. For example I have an Amazon S3 account that I almost never need to login to. There are also services that may contain sensitive information like Simplenote, Dropbox and Pinboard that need some attention too.

I try to update all of my primary accounts like bank and email login every 60 days, but I also want to clear out all of those old passwords for services I forgot about, like user forums or web app trials. It’s tedious, but tedium is better than panic.

Of course 1Password makes it all easy:

  • Search for a password to find all sites that share that password.[1]
  • Browse my list of encrypted disk images[2] to refresh my memory of all of the squirrel holes I store encrypted data.
  • Use smart folders to find passwords that have not been updated in the past year.

Old Passwords

  • … Or that are just plain bad passwords

Bad Passwords

  1. Yes, it’s bad to share passwords between sites. But for most of my day, I don’t have the luxury of keeping a 1Password plugin installed.

  2. You are using encrypted disk images for all of your confidential data, right? Especially on Dropbox and S3.