Take my personal data, please!

February 22nd, 2010

A site called Please Rob Me has been created to highlight the problem that most people don’t make the connection between personal information and security. People are putting way too much information online through twitter and social networks. Note that I said ‘information’ – not just stuff like credit card numbers and other private data. Announcing to the public that you are not at home is like having a ‘kick me’ sign on your back. It’s even worse, because you put the sign on back yourself!

A few years ago, there was a rash of burglaries in the Washington D.C. area. All of the burglaries happened in the fall during football season. It was discovered that all the homes that had been burglarized had received anonymous tickets to watch the Redskins play. Redskins tickets were really hard to get, so many of the people who got the tickets went to the game. The bad guys then watched the homes that had received tickets and waited as the homes cleared out for the afternoon. The bad guys figured out that paying even hundreds of dollars for each ticket was a cheap investment compared to what they could steal from the homes. Many people who should have thought twice about the free tickets, didn’t give it a second thought and opened themselves to being violated by the burglars.

Online security is about more than passwords and secure online ordering. YOU are responsible for your security. Pattern your online behavior after your face-to-face interactions and you’ll be safer.

Check out this article in the BBC.

Peter L

Tags: , , ,
Posted in News and Commentary, Passwords and Security | No Comments »

Good passwords and how to use them

February 21st, 2010

More and more, we’re seeing attention being given to passwords and personal security. It seems obvious that passwords are an integral part of securing your personal data, but that part of the security message seems to have been glossed over until recently. Ever notice the strange looks you get from your friends or even the IT guy when they see you taking precautions to not reveal your passwords? If so, congratulations, you’re ahead of the curve on this one.

A lot of the recent articles and blogs are about creating really good passwords. Many of the ideas are sound: create a string of characters and numbers that you will remember but that can’t be easily guessed – not even by people who know you. Your password shouldn’t be a word or a set of consecutive numbers or letters, or a date, like your birth date or anniversary. (Since your pet’s name is presumably a word, it’s ruled out by default!)

So, now you have a great password – great! But what about the rest of the passwords you need for all those online accounts and applications? What’s that? You only have a couple. Really?

When I ask people about the number of passwords they have, most folks say something like ‘only a couple’, or ‘around 10’. No one ever says 30 or 50 – BUT when you ask them to really think about the number of email accounts (hotmail, yahoo, gmail, etc.), banks, e-commerce sites (amazon, zappos, Barnes & Noble, online department stores, and on and on), travel sites (Travelocity, orbitz, priceline, expedia, etc.) local and other government sites, not to mention blogs and other special interest sites, people are surprised to discover that they really have quite a few. Even your list just keeps getting longer and longer.

Keeping them all straight is a big part of safe password usage. That’s where the password manager comes in. It is very difficult to manage in your head all of the good and unique passwords that you’ll need for all of the sites you visit. If you are stressing and spending lots of energy hiding passwords in your datebook or in spreadsheets, you should consider Sticky Password. You’ll have a strong, unique password for each site and you’ll have access to them wherever you go.

Follow sound rules and create a strong password that you won’t forget and that no one is likely to guess: use that as your Master Password in Sticky Password. Let Sticky Password create and manage all your other passwords.

Peter L

Tags: , , ,
Posted in Passwords and Security | 1 Comment »

Online security and relationships – a bad mix!

February 16th, 2010

I hope you all enjoyed Valentine’s Day! After reading the previous post, I hope that you all included a note to your beloved in that box of chocolates in which you announced that you’ve changed your shared gmail password. :-) Here are a couple of articles that came out recently that highlight the fact that feelings and security often don’t mix.

In Broken hearts put holes in wallets – the author stresses that “[f]raudsters know that trust is the key to profiting from love”. The bad guys know that people are very likely to share private info including passwords and other data once a ‘relationship’ is built. It’s a game that takes time, but the bad guys have all the time it takes to use social networks to build a sense of trust and then to get your data. (I picture the bad guys sitting at computers with all sorts of chats going on simultaneously like the guys in the park who play several games of chess at once with the punch clock.) Make it your policy to not share your personal data with anyone and you’ll be much safer.

Black hat hackers on demand is scarier. Here we find out just how easy it is for someone you know to pay someone to do the dirty work: your ‘ex‘ pays a few bucks and soon you receive an invitation where you have to enter your password yourself. They pay the money and get your password and access information. Here’s where your diligence comes into play. It takes discipline, but it’s up to you to make sure that before you click on anything or enter your access data anywhere that you know who it’s from. The bad guys in this scenario pretend to be someone you know. This makes it harder to resist the immediate click, but it’s worth waiting a few minutes to confirm who sent it. So much for instant gratification… but you’ll be safer for it!

Peter L

Tags: , ,
Posted in News and Commentary, Passwords and Security | 2 Comments »

Does sharing passwords mean you’re in love?

February 14th, 2010

Back in the 7th grade I had my first girlfriend. It was true puppy love: we were together constantly at school and we shared everything, including our locker combinations. Sharing locker combinations was the thing to do. Every once in a while you would hear about a breakup and that he or she had thrown her or his stuff out of the locker onto the hallway floor, and that was just about the worst that could happen. There wasn’t a risk that your personal stuff would be revealed and exploited by bad guys half way around the world.

Back then (I’ll just say that it was in the 1980’s :-) ), that was about the only ‘secret’ security information that a pre-teen had. ‘Online’ wasn’t even a word back then and bulletin board services were just starting up for the techie types.

Well, it’s not the 1980’s and you’re not in junior high, anymore. The Internet is a part of our lives and personal data security and identity theft are on everyone’s mind. Yet, I regularly meet adults who tell me that they share online passwords with their lover – they say it’s cute. I’ve actually had people tell me that sharing passwords is a stage in each relationship that has to take place! (We know that the third date can be pretty busy, so does password swapping come on the 4th date, or maybe the 5th!?!)

It’s not about trusting or not trusting, it’s about common sense. Go ahead and share all your emails with your loved one if you want, just don’t give him or her your passwords. Even if you’re ‘positive’ that he won’t reveal your password, by sharing your password with someone else, you’re increasing the risk that the information may get out by accident. It’s not worth the risk, keep your passwords private. Be safe with Sticky Password Manager.

Tell him you love him with a kiss, not with your passwords.

Tell her you love her with flowers and a diamond, not with your passwords.

Peter L

Tags: ,
Posted in Passwords and Security | No Comments »

Security you’ll use

February 2nd, 2010

The secret to just about all things in life: start with manageable or agreeable amounts and repeat.

What am I talking about?

New Year’s passed recently, so we still have resolutions ringing in our heads. How many friends do you have who loudly proclaimed on January 1, that they just joined a fancy new gym or bought expensive exercise equipment?!  (Or, maybe it was you who made the claim?) Are they still keeping up with the impressive exercise programs? Typically, most people fail in their exercise programs because they choose the wrong program. If Bob doesn’t like lifting heavy things on bars, or staring at a TV while sitting on a bike that doesn’t go anywhere, then he’s probably not going to be inspired to keep going to the gym to do it over and over, for weeks on end until he gets in shape – even though he bought a membership at that fancy gym. But if Sue signs up at the Y because she likes swimming, then she is more likely to keep up with a schedule. In the end, who’s likely to be more successful in attaining their health goals? Sue, not necessarily because of a super strenuous program, but because she found something that she could do in reasonable doses over and over.

So, great, you’ll go to the Y and start swimming, but what does any of this have to do with security?

Actually, a lot. The majority of people consider anything to do with security to be boring, or they don’t like it because it slows them down in what they want to do right NOW. These folks may have all sorts of imposing security hardware and software on their computers, but you’ll note that they often disregard proper usage. They simply ignore warnings from their firewalls by clicking ‘allow all’, that is, if they have their firewall turned on at all. And Microsoft security updates? Why should they bother? Strong passwords with some sort of solid approach to password management? Not likely! And all of these folks want to maintain their ‘health’ -  keep their identities safe online and their personal data secure.

The better approach is to have basic set of tools that you’ll use: an anti-virus program (many include anti-spyware), a firewall and a password manager – and perform those security updates from Microsoft. That’s the minimum. If you’ve read any of the earlier posts in this blog, or the general news, then you know that password and phishing exploits happen too frequently to ignore. A password manager is now part of the basic kit. Start with these few tools, and learn to use them. You’ll see that it doesn’t require any more effort to learn how to use them than it does to click on ‘allow all’ to break through your firewall!

Once you’ve built the foundation for your security health, add more tools in manageable amounts and repeat.

Tags: , , , ,
Posted in Passwords and Security | 1 Comment »

Taking passwords seriously

January 31st, 2010

A few recent articles have revealed (again) that most people don’t take their online security seriously. Maybe a better way of saying this is that most people don’t seem to connect the dots between their passwords (online logins) and how they help keep their personal data secure. At a time when everyone is talking about identity theft protection and personal data privacy, a huge number of Internet users still use very weak passwords (anything that is predictable or can be easily guessed) or repeat the same password in multiple accounts.

The purpose of passwords is to keep others ‘out’. By using predictable passwords, you’re making it easier for someone to get ‘in’. That doesn’t mean that someone will get in, or even that someone will try to get in, but you’ve made it easier for him. It’s worthwhile identifying two basic categories of wrongdoers: those we know and those we don’t know. When thinking about security, most people think about a threat that they can imagine. When I was about 10 years old, I had a safe in which I kept my allowance and a few small prized possessions (actually, it was a piggy bank with a very simple combination lock). My only concern at the time was to keep my sister out. I had no concept of other threats and so my security system focused on the threat I could picture in my mind. (Confident that she would never be able to guess it, I probably used something like my birth date as the combination!) With online logins and passwords – when thinking about threats at all – the picture of bad guys for most people is someone trying to access their account just as they themselves would: sitting at a computer and trying combinations of numbers and letters. That’s not always the case.

Most people are generally trusting and don’t think that their friends and family would try to access their online accounts: maybe they wouldn’t, but relationships do change and people are curious, so why open yourself to the risk!? In general, it’s because of the people who know us that we shouldn’t choose passwords tied to our children’s or pets’ names, birthdays, and other personal and family information that may be known by others. These people know your details and would probably start trying to get into your account with this info.

As for the other group – the guys who are usually dressed in black in the movies – people think that really bad guys aren’t interested in their accounts. But these are the bad guys that we all need to protect ourselves against. They don’t care who you are, they just want data – your personal data! These are the bad guys who use brute computing force to access, or hack, accounts. They don’t personally go from one account to the next – patiently trying to get into a specific person’s accounts. They have powerful computers that try millions of combinations of logins and passwords every hour all over the World Wide Web. And, here’s where strong passwords with combinations of numbers, letters (upper and lower case) and special characters come into play. Each little twist to a password makes it that much harder to crack. It doesn’t matter whether you think the info in your email account is valuable, someone out there does. He probably doesn’t want to read your email – but your login and password are $valuable$. Valid logins and passwords are worth more on the black market today than a valid credit card number!

It bears repeating: the purpose of passwords is to keep others out! Make sure you use passwords that will keep others out.

Tags: , , , ,
Posted in Passwords and Security | 4 Comments »

The going rate for a password

January 26th, 2010

I ran across write up of an interesting survey in a online Swedish newspaper. It seems that a good number of Swedes are more than willing to  reveal passwords and access info to websites to an unknown person in exchange for chocolate bars while answering questions during a survey. (I suspect that this lax approach to password security – really their online identity – isn’t limited to our friends in the frigid North.)

What strikes me about this experiment isn’t that anyone would ’sell’ his or her password for a chocolate bar – that’s not the point, at all – but that people STILL think that there’s no danger of anyone misusing their passwords. I don’t doubt that a good number of the people would have revealed the same amount of information even if no chocolate had been offered. After all, these folks didn’t think that they were selling their passwords; the chocolate made it seem like an innocent game, and without giving it much thought, they revealed more than they should have.

This is scary news. Part of the problem is that many people have a picture in their minds that their passwords don’t secure anything valuable, and why would anyone want to read their e-mails anyway?! Another component seems to be that most people don’t realize how interconnected everything can be on the Internet. A password on one site that is also used on another site may reveal more about the person than he realizes, and, in this world of ours, there is always SOMEONE who IS interested in your data!

Keeping your passwords secure is a critical component to keeping your personal information secure and your online identity safe.

Peter L

Posted in General | 1 Comment »

Bue Spring Manatee Festival

January 14th, 2010

Because there is more to life than just passwords (yes, we admit it!) and facebook and ‘official’ letters from the FBI, we’ll occasionally point out events and activities and all sorts of other things that excite the Sticky Password team.

The Sticky Password team has become very interested in helping Manatees in Florida. So much so, that we’re sponsoring the Save the Manatee Club. Even though no one on the team lives in Florida, we are able to help with contributions. Check out their site to see some neat videos and find out about these cool animals. The stuffed manatee you get for ‘adopting’ a manatee is well worth the price.

If you happen to be in the area (central Florida, north of Orlando) on the weekend of January 23-24, be sure to check out the 25th Annual Manatee Festival in Orange City, Florida.

Tags:
Posted in Events, General, News and Commentary | No Comments »

Personal Privacy and that ‘Interview’ with a Facebook Employee

January 12th, 2010

Yesterday, The Rumpus published an interview with an undisclosed Facebook employee. In the article the employee highlights a bunch of practices within Facebook that suggest that member data isn’t as private as we might think it to be. I’ve put quotes around the word interview in the heading, because it really isn’t clear whether the interview actually took place, or maybe rather, how much of the info is really the result of an interview with a real person and how much has been filled in by the author to cover his tracks or because the info intuitively fits into the picture.

After reading several articles about the interview, I keep returning to the same conclusion I had after reading the original article: everyone is responsible for his or her own privacy. It may seem that privacy is out of our control in this technological world, but there’s a lot we can do.

In the era of instant gratification and reality TV, everyone wants to be a star – and that, immediately. The Internet gives us our chance. We’ve grown used to putting anything and everything (pictures, biographical info, financial and other data) on the Internet with such trust – closer to complete lack of concern – that I am amazed that more harm doesn’t come of it. The anonymity that loosens our inhibitions to reveal intimate secrets blends very well with the voyeurism of the Internet generation.

We want everyone to see us in our full glory and yet we demand that we be granted privacy. We can’t have it both ways. The Internet is a tool that must be used with caution, just like any other tool. If you wouldn’t dance naked in your living room with the shades up, or provide your financial info to your neighbors, why would you think it’s OK to do it on the Internet?

Back to the article, nothing in it is really surprising. Regardless of the company, some employees always have access to customer data. That’s because they need to.  While it may be implementing them a little late in the game, I’m sure that Facebook has similar rules that other companies do. It’s what happens or can happen to the data that is important. Think of the government agents who have lost computers with tens of thousands of personal records. It’s not about new laws or regulations or restrictions, because there’s always the human element involved and that is why we need to think about what we can do to ensure that our personal data is secure. If nothing else, we control the information that we put out there on Facebook and other social networks.

Maybe this interview incident will be a wake-up call to people to think about what they are doing for their own security.

Peter L

Tags: ,
Posted in General, News and Commentary | 3 Comments »

The Ice Cream Man

January 11th, 2010

It was a good weekend – except for the cold or flu or whatever it is that has me incapacitated since Saturday afternoon. (How am I supposed to enjoy play off football when I’m not feeling well!?)

Earlier in the morning on Saturday, I ran into my friend the ice cream man at the crowded grocery store. Our wives were gathering in the isles while the men folk tried to look manly with nothing to hunt and only orders to follow.

Anyway, he came up to me all happy and said that everything was great! I looked at him and didn’t really register what he meant. “You remember,” he said, “ you told me to try Sticky Password.” Now I remembered. (see blog entry of December 15)

“I was really skeptical at the beginning. I thought that it was going to be another piece of software on my computer that would never get used. On top of that, I thought that I only had a couple of password accounts, so I didn’t think that I needed a password manager.”He went on: “I started using it and I found out that I have 37 password accounts. I had no idea! And all I have to remember is one. And the form filling stuff is cool! I’ve got my business info separate from my personal stuff and I get through stuff with just one click. Thanks – it’s really great!”

I told him to let me know when the trial ran out and that I would see about getting him a special deal on the license. He said that he bought 2 licenses the first week after he started using it: one for himself and one for his daughter at college.

As we were saying goodbye, I asked whether he still used the names of his favorite flavors as his passwords. He laughed and said that neither he nor Sticky Password would ever tell!

Peter L

Tags: ,
Posted in General, Passwords and Security | 1 Comment »

« Older Entries