Posts Tagged ‘Password’

Password Breaches: Don’t Panic, Be Prepared

Hey, look, there’s been another password breach! Is it time to panic? I decided not to. In fact, I decided to pretty much ignore the whole story. As a result of this breach, I only rotated one password, and frankly, it wasn’t because I was worried that this password had been compromised.

Wait, shouldn’t you panic? Based on a lot of the news stories I”ve read, that’s a popular option. However, there’s no need to freak out if you are doing things right to begin with, and that’s where you really should start.

Read the rest of this entry »

Chrome security and best practices

Many in the security community are all atwitter about the Chrome browser not encrypting passwords. They call this bad security; a lot of people disagree. I tend to agree with the latter group: putting a master password or otherwise putting some kind of encryption in Chrome’s password store wouldn’t materially increase security, and would give users false comfort. Many other software manufacturers feel the same way (see, for example, Pidgin).

Read the rest of this entry »

Passwords, Authentication, and Privilege

Gizmodo has decreed that today, February 1st, is “Change Your Password” day. I wholeheartedly agree, especially if you re-used passwords (which you shouldn’t!). In fact, I’d go further: change your password, and start using a password manager. Did I changed my passwords today? I did not, because I used said password manager. I don’t reuse passwords, and my passwords are all random. So even if one is revealed, it’s not going to make a difference outside of that one website.

Read the rest of this entry »

Zappos Data Breach

Zappos.com recently had a data breach. As data breaches go, it was not nearly as bad as it could has been: no full credit card numbers leaked, nor any plaintext passwords. What makes it special, then? It’s somewhat special to me, since it is, to my knowledge, the first time that I have been part of a data breach: I have a Zappos.com account, and I received the email about the breach. Notice I said “to my knowledge”; plenty of data leaks don’t get reported. I haven’t been a part of a major one, though, at least according to pwnedlist.com, where you can check to see if your email address or username has been leaked.

Read the rest of this entry »

Useful Computer Utilities: KeePass

Some time ago I blogged about the password manager I had been using for many years: Password Safe. It’s a great program, one that I recommend wholeheartedly. However, I’ve since switched to a new manager: KeePass. Like Password Safe, it is a pretty functional password manager that allows you to automatically generate and save passwords. Also like Password Safe, KeePass is open-source.

Why did I switch? Well, essentially because I like the interface and functions better in KeePass. The UI looks a bit better, and there is a graphical representation of how strong a password is. Other than that, though, it’s almost identical to Password Safe. Password Safe is even a bit easier to use for the novice, as it doesn’t have quite as many options to fiddle with as KeePass. One issue with KeePass 2.x is that is requires the .NET architecture, which isn’t always available, especially if you plan on using it on a computer that you don’t have control over.

I’d unhesitantly recommend either of the two for your password manager needs. Play with both of them and decide which one you like better. But pick and use some kind of manager. Using strong, random passwords is an important part of security, and password managers help make doing so simpler.

  • Current Mood: Cyber-educated

National Internet ID: A Bad Idea

The Obama administration is talking about creating a unique “Internet ID” for web users in the U.S. Commerce Secretary Gary Locke is quick to say it isn’t a national ID card, or even a government-controlled system, but private creation of “trusted digital identities”. Although there are plenty of times where the need for a trusted digital identity is real, I really don’t think e-commerce is one of those times. The benefits of such a system for e-commerce are far outweighed by the costs.

Read the rest of this entry »

Choosing a good password

Few things are as important in personal computer security than choosing a good password. A weak password can have ramifications from the merely annoying (it seems that every week one of my Facebook friends gets their account hacked) to very bad (such as when your bank accounts get hacked). Using the same password for all of your website logins is a very bad idea; I’ve blogged about a good solution before in the form of the software Password Safe, which can generate random unique passwords for all of your logins. But you still need to choose a good strong password to use as the master password to Password Safe!

Short passwords and passwords with words in the dictionary are two things to avoid when selecting passwords. Mixing in numbers and uppercase is always a good idea to make a stronger password, but you can go further. To really randomize things, and ensure that the password you choose doesn’t have any easily-guessable words, a very good trick is to take a line from your favorite song and string together the first letter of each word to form your password. It’s much easier to remember than random jumble of letters, and odds are that it will form a nonsense word that won’t be in any dictionary.

If you still can’t remember a strong-enough password without help, write the password down on a piece of paper and put it in your wallet. You are probably doing a pretty good job of keeping track of your wallet and making sure it doesn’t get stolen, so why not put your password in there? The risks are very low, especially if you use something like Password Safe: if they steal your wallet and get that master password, it’s completely useless to them unless they steal your password file from your computer as well.

These tricks will help you avoid getting your online accounts broken into, and who doesn’t want that?

  • Current Mood: Meh