What a password manager is and why it’s a good idea

Having a strong, complicated and unique password for each of your online accounts is super important, but also super difficult if you’re relying on remembering all of those passwords yourself. Writing them down is an option, but there are lots of caveats with that, which I explain here. Writing passwords down is only a good idea if you only need them in the house, never when you’re on the move or at work, and if you completely trust everyone you live with.

Enter password managers. Password managers act like a vault: you just need to remember one complicated password (do make it a good one!) for the password manager itself, and then you store all of your other passwords in the ‘vault’. This means you can have incredibly long, complicated passwords that offer high levels of security and you don’t need to try to remember them. You can use the password manager to suggest new passwords for you and they generally have copy and paste features so you don’t even have to type the password out when you go to log in to a site. Password managers also allow you to sync your passwords across your devices and so they are available to you when you’re on the go. Finally, password managers make it really effortless to change a password, which comes in handy when a site gets breached and you realise you were using an old password there which you may have used elsewhere. Read More

Cyber Security: top tips to better protect yourself

There are some simple things you can do, as an individual, to better-protect yourself online.

Look After Your Accounts

  • Take care of your passwords. Make them strong and don’t use the same password across different websites. You might want to look into using a password manager; the UK government has provided some helpful information on that here.

For a home computer user, you can also consider writing your passwords down in a book and storing that book in a safe place. Bear in mind: what is the worst thing that can happen here? People you share the house with may find the book and use the passwords to get into your accounts. If that would be a problem for you, then don’t do it. But if this risk doesn’t pose a threat to you, then you can use complicated passwords without having to remember them or use a password manager, and just keep them in the book. Someone is more likely to break a weak password over the internet than they are to break into your house and steal your book of passwords as a way of getting into your accounts. This approach is fine for most people at home, but not for people who live with those they cannot trust and not for use in an office.

  • Don’t just rely on one password for each account. Setting up two-factor authentication adds a second layer of security to your accounts, which is important in case your password gets compromised (for example, if it is stored insecurely by the service provider and a criminal accesses it, as happened to Yahoo). It’s pretty easy to set up and use two-factor authentication and there is some really helpful guidance on setting it up for many popular sites and apps here.

Read More

When Policies and Training are Unhealthy

Today I went to register for a new GP practice. In order to register I was told that I needed a photo ID ✅, two utility bills with my name and address on ✅ and my NHS number ❎. I have never needed to know my NHS number before, but I was told it was the policy of this surgery that people provide them when they register so that they can verify the individual’s identity. I was surprised and a bit irritated, because my passport and utility bills should be sufficient, but it seemed non-negotiable. I was told if I rang my old GP surgery they would provide me with my NHS number 🤷‍♀️.

I dutifully rang my old GP surgery with my request. The receptionist who answered told me that I needed to put my request in writing as they cannot give out personal information over the phone. I pressed her on this and she explained it was for “data protection” as she could not verify my identity over the telephone (“you could be anyone”). I was told that if I sent an email, they would reply with my NHS number. The rest of the conversation went roughly like this: Read More

Perception is Truth: Trust and Reputation in Cyber Security

Perceptions of trust

A piece of research published recently by Ponemon Institute has found that consumer trust in certain industries may be misplaced:

  • 68% of consumers say they trust healthcare providers to preserve their privacy and to protect personal information. In contrast, only 26% of consumers trust credit card companies
  • Yet, healthcare organisations account for 34% of all data breaches while banking, credit and financial organisations account for only 4.8%. Banking, credit and financial industries also spend two-to-three times more on cyber security than healthcare organisations

It is worth noting that the research was conducted before WannaCry hit the NHS: it would be interesting to see whether the perception of trustworthiness in healthcare providers has been impacted by that high profile incident. Read More