My new password strategy
A few weeks ago, I was notified by my credit card company that they had detected fraudulent charges on my credit card. I was surprised because I use that card like 2-3 times a year and it had not been used for almost 6 months, but knowing that they would reverse the charges without any hassle, I didn’t really think much of it. But then they also told me that the person who did this had enough information on me to call them, answer correctly to the standard security questions and have my address changed in their system. That freaked me out.
I have no idea how they got that information. Was it a malware on my computer? As far as I know, my computers are clean. Did they break into one of my online accounts and got a bunch of information? Did they hack an online store where I had purchased stuff before? Who knows. That also freaks me out. Especially since I use the same 3-4 passwords everywhere.
So I decided to blow the dust off good old KeePass, which I had tried before. I generated new random passwords for all of my banking accounts, email accounts, eBay, PayPal, Facebook, Twitter, etc. I installed MiniKeePass on my iPhone/iPad so I can access my accounts when I’m on the go. Synchronizing the master file between my computer and the iPhone/iPad isn’t as easy as it should, but it should be improved in an upcoming version.
That is now the most important file on my computer and needs to be backed up religiously. It’s automatically backed up to my NAS, but I’m screwed if the whole house catches on fire. So I configured Syncplicity to backup that file as well. But again, what happens if my house burns down – I need my KeePass file to retrieve the password to access my Syncplicity account to retrieve my file! So I’ve scheduled a daily backup to a server at work. Our sysadmin will send me back my file if I ever loose everything else.
Am I missing something? What’s your strategy?