Last week you learned about high-risk accounts and created a list of them. This week's task is to change your password on one of them to a strong, unique password (here's everything you ever needed to know about passwords). You can change more than one of course, but let's start small. The first one is the most challenging because it's not just about changing the password. You also should come up with a way to generate a strong, unique password that you'll be able to remember.
That's the challenge, isn't it? One way to do it is to install a password manager and have it generate the password. There are pros and cons to this technique which we'll discuss in a future prompt. This week I'm going to teach you a method for developing strong, unique, and memorable passwords.
Your data is valuable — in the wrong hands it exposes you to identity theft, fraud and privacy violations. If a business collects your data, they are expected to prevent that data from being lost, stolen or wrongfully accessed. We call this legal requirement “reasonable data security.”
This might all seem obvious, but we must remind ourselves of first principles as we worry about data breaches, vendors that sell insecure software, and vendors that are entrusted with sensitive employee, customer or student data. It can be easy to get lost in the weeds, but the ultimate goal of the regulators is not to police data security — it is to protect consumers.
Ryan Kriger is an Assistant Attorney General for the State of Vermont. He writes on privacy and data security and teaches about privacy, consumer protection and policy at the University of Vermont.