In a previous blog series, I described my fun, games and gripes at changing 40+ passwords. Soon after the blog was posted, it struck me – there are yet more to change…
As described, I used two factor authentication where it was available. But some applications are not designed to work with two factor authentication; they do not have a mechanism to ask for a secondary password. This is common issue in iPad apps, but also affects applications like Microsoft Outlook on Windows.
Most two factor authentication systems provide a mechanism to manage this – application specific, or single use passwords.
Where the password is single-use (for example Twitter), I’ve made the assumption that they did not need changing. (I’d welcome comment form any reader that thinks this is an invalid assumption).
Where the password is application specific, but re-usable, I set about changing them too.
- Google – Not sure totally necessary as Google helpfully tells me when they were last used.
- Microsoft Office 365
No real issue in doing so. Simply logon to the relevant web site, find the app password screen (usually well hidden), delete them, and re-generate. Then use the new password in the relevant app.
All in all, no real drama – the point being, that following the advice “change all your passwords” is not at all easy, and as pointed out here, there are some very important ones that you may easily forget about.