Since a few years back, I’ve started to take a great interest in IT security. I’ve known that I should create not only strong password, but they should be unique to each site. After the Gentoo hack, I realized that I am not capable of doing this. I find this article describing the various aspects of bad password habits to describe my own, and other people I’ve talked to, experiences, behaviors, and justifications. I am guilty of having a system way back when creating passwords. Since a few years ago, I’ve however started using a custom script to generate the passwords for me. One step in a better direction, but still not good, as it was very cumbersome due to the script requiring a computer.
I’ve therefore started using a password manager both at work and in private. The backtracking of existing accounts on websites was both a trip down memory lane (hello Last.fm!) and the start of feeling more calm about my security practices. Now I can create complex, random, and unique password whenever I need it.
The next step after having a good password practice, is to start using 2FA. Yesterday, I tried to secure my Google account further. I wished to start use the Google Authenticator, but when I followed the official guide, I could not see any mention of the authenticator app. After an hour of frustration, I finally found the steps describing how to enable this feature. You need to choose a standard 2FA mode, and THEN set it up as an alternative second step!