Security on the Internet.
There is a strong incentive for companies to continue to make the Internet safe. Rarely do I post concerns about various issues that arise. Many of you may have heard of the Heartbleed vulnerability on the news. We’ve done a posting on the issue on the tech blog I’m not a “the sky is falling” prognosticator, but the Heartbleed bug is a serious issue.
- The Chrome browser currently provides the best security. Please use it as much as possible.
- Please change you passwords. Seriously. Change your passwords (both for work and your personal ones).
- It is good practice to change your passwords regularly – but it is absolutely critical that you change passwords now. This bug has been in place for a while.
This follows the Target debacle of last year.
Passwords
Passwords are a necessary evil. Currently, we don’t have a better way to make sure that you are you. Although biometrics may be coming, they are not fully here yet. Best practice says that you shouldn’t repeat passwords (ie. you should have a different password for every site). However, remembering that many different passwords is impossible. Thus, people tend to pick really easy to guess passwords and use them everywhere. In reality, the pros tend to use a password management system. (Writing your password and “hiding” under your keyboard doesn’t qualify as a system). Here are a few:
- 1Password – this is a paid program (this is also the one that I personally use)
- LastPass – Free for individuals. There are premium features (such as mobile support) that are paid.
- KeePass – Free and open source.
All of the above work pretty much the same way. You have one secure password to remember that lets you create different passwords on web sites. These programs fill the passwords in on sites that you visit. These vary greatly in usability however. 1Password is the most expensive, but the easiest to use. KeePass is free but the least user friendly.
Most browsers will also offer to save passwords. This isn’t very secure as that file can be easily read.
Really. Change your passwords. This applies to your personal accounts as well.
Please note that your district password is the same for several sites, including Gmail for work. If you change your password at a computer, this will change your password for Gmail. That means that you’ll have to reenter the new password on your smart phone which checks your work email. Oh, and your iPad. And your Android tablet. And your home computer. ETC.
You can change your password by going to the Staff Resources page, Then Change your password under Productivity.
Where do you need to change your password?
Changing your password will not hurt anything – except for the inconvenience of entering and remembering it. The list of sites is changing daily. Mashable is currently hosting an updated list of sites with their current vulnerable status.
How about your work password?
We are moving to more secure passwords. This has been in planning for some time. We have tried to hold off to develop some training, but we will need to reevaluate this. We truly understand that this can be difficult, but it is important. More information will be provided via email.
The new password requirements will be as follows:
- Passwords must be different than your last 3 passwords.
- Passwords must be at least 5 characters long.
- Passwords must contain characters from three of the following four categories:
- Uppercase characters
- Lowercase characters
- Number (0 through 9)
- Nonalphanumeric characters: ~!@#$%^&*_-+=`|\(){}[]:;”‘<>,.?/