IM basics – use protection – passwords


LastPass secure passwords

You will probably be joining (or you may already belong to) dozens of sites. At the time of writing I belong to approximately 150 mailers and a similar number of Traffic Exchanges (Why? All that free advertising for your product or service!). One thing that it is absolutely imperative is to ensure that you do not use the same password on every site. And, very definitely, do not use usernames and passwords that you use outside of Internet Marketing. For example, your online banking password should never be used for anything other than your online banking. But you already knew that, didn’t you?

So, how do you manage all those passwords? I use and recommend LastPass (free for individuals across multiple devices). Clicking on their logo (above) will take you to their site where you can read about the features. Briefly, it is a browser add-on that will allow you to securely save your username and password for each site. It will, if required, also generate secure passwords. The passwords are stored on their server encrypted with all encryption & decryption occurring in your browser, so in the unlikely event of the LastPass database being compromised, your usernames and passwords are perfectly safe.

And why is this necessary?
Contrary to the beliefs of some site owners, the internet is full of individuals who get their kicks by intercepting internet traffic to find email addresses, usernames and passwords. There is a ready market for email addresses, but user name & password combinations are gold. And far too many site owners include login details in every email they send.

It’s like there’s a great big public toilet wall out there with your username and password blazoned across it.

passwords on public toilet wall

In most cases it is just a lack of knowledge on the part of the owner and a support ticket requesting the removal of the password from all communications should get the password removed. After all, there is generally a password recovery option on the login screen, so there is rarely a need to send a password via email – particularly multiple times. If they won’t remove it, I would strongly recommend that you cancel your account with them – but at the very least, definitely don’t promote the site. If you promote a site where the owner shows no concern for the security of their members, you’re not presenting yourself as trustworthy.

Also, the inclusion of passwords in emails advertises the fact that passwords are not encrypted in their database, which makes their database an attractive target to hackers.