Surevine don’t exist in a bubble, we need to do business with external companies and people. And to do business, we need to share information that we would quite like to keep between ourselves.

While we have a carefully crafted IT policy (and some very clever security folk) to help prevent any leakage of information internally, we have no real control over our eco-system, the third party.

So we drafted some guidance to give them the opportunity to make informed decisions about IT security alternatives. And because this is just how we do things around here…

So we decided to be open about the advice and guidelines we share with our eco-system. This is not an exhaustive list of our mandatory requirements, because sooner or later one of those requirements will not be able to be met exactly as written.

But it is some pretty helpful advice…

This is the first instalment in a series of blogs we will be publishing each week, all under the title “Keep it safe: Sharing with Surevine”.

Our theme this week is…

Passwords

Passwords are the bane of many people’s lives. People forget them, people are confounded by complicated password requirements, or passwords get guessed by hackers and need changing. To solve this problem, we use a password manager. We’ve chosen LastPass because it has a very useful “sharing” feature but there are many other similar apps available.

Password Storage

If you can remember hundreds of random 16 character passwords, then you don’t need this section, but what are you doing here? Why aren’t you making your fortune in Vegas counting cards?

If like the rest of us, the thought of forgetting a critical password worries you, then you’ll store your passwords somewhere. Here is a list of options with some pros and cons.

• Password Manager
  • Pros : Can generate random passwords, very good security, can store any type of password
  • Cons : One password forgotten means a lot of work, some apps don’t integrate well
• Browser
  • Pros : Easy to use, integrates well
  • Cons : Has no generator, only works for web site passwords, no sharing, limited safety
• Encrypted file
  • Pros : Good security (if your encryption and password are good)
  • Cons : Risk of “shoulder surfing“, no integration with anything, no sharing, no generation
• Post-it
  • Pros : Can store any type of password, can be used for lunch choices or phone numbers, can easily be shared but hard to get back
  • Cons : Can be seen by visitors, could be destroyed by the cleaner, need to retype password every time, need neat handwriting
• Brain
  • Pros : Can’t lose it, can’t be hacked, can store all password types
  • Cons : Can’t remember many complex passwords, occasionally forgets passwords

OK, so only the first 3 are going to be used by most people. Right now, a lot of you are probably reliant on your browser’s password storage mechanism. The browser’s store may be read by someone with access to your computer.

Hopefully nobody ever does.

And that’s us for this week! Next week we are talking Password complexity…