Archive for January, 2010

Taking passwords seriously

Sunday, January 31st, 2010

A few recent articles have revealed (again) that most people don’t take their online security seriously. Maybe a better way of saying this is that most people don’t seem to connect the dots between their passwords (online logins) and how they help keep their personal data secure. At a time when everyone is talking about identity theft protection and personal data privacy, a huge number of Internet users still use very weak passwords (anything that is predictable or can be easily guessed) or repeat the same password in multiple accounts.

The purpose of passwords is to keep others ‘out’. By using predictable passwords, you’re making it easier for someone to get ‘in’. That doesn’t mean that someone will get in, or even that someone will try to get in, but you’ve made it easier for him. It’s worthwhile identifying two basic categories of wrongdoers: those we know and those we don’t know. When thinking about security, most people think about a threat that they can imagine. When I was about 10 years old, I had a safe in which I kept my allowance and a few small prized possessions (actually, it was a piggy bank with a very simple combination lock). My only concern at the time was to keep my sister out. I had no concept of other threats and so my security system focused on the threat I could picture in my mind. (Confident that she would never be able to guess it, I probably used something like my birth date as the combination!) With online logins and passwords – when thinking about threats at all – the picture of bad guys for most people is someone trying to access their account just as they themselves would: sitting at a computer and trying combinations of numbers and letters. That’s not always the case.

Most people are generally trusting and don’t think that their friends and family would try to access their online accounts: maybe they wouldn’t, but relationships do change and people are curious, so why open yourself to the risk!? In general, it’s because of the people who know us that we shouldn’t choose passwords tied to our children’s or pets’ names, birthdays, and other personal and family information that may be known by others. These people know your details and would probably start trying to get into your account with this info.

As for the other group – the guys who are usually dressed in black in the movies – people think that really bad guys aren’t interested in their accounts. But these are the bad guys that we all need to protect ourselves against. They don’t care who you are, they just want data – your personal data! These are the bad guys who use brute computing force to access, or hack, accounts. They don’t personally go from one account to the next – patiently trying to get into a specific person’s accounts. They have powerful computers that try millions of combinations of logins and passwords every hour all over the World Wide Web. And, here’s where strong passwords with combinations of numbers, letters (upper and lower case) and special characters come into play. Each little twist to a password makes it that much harder to crack. It doesn’t matter whether you think the info in your email account is valuable, someone out there does. He probably doesn’t want to read your email – but your login and password are $valuable$. Valid logins and passwords are worth more on the black market today than a valid credit card number!

It bears repeating: the purpose of passwords is to keep others out! Make sure you use passwords that will keep others out.

Tags: , , , ,
Posted in Passwords and Security | 6 Comments »

The going rate for a password

Tuesday, January 26th, 2010

I ran across write up of an interesting survey in a online Swedish newspaper. It seems that a good number of Swedes are more than willing to  reveal passwords and access info to websites to an unknown person in exchange for chocolate bars while answering questions during a survey. (I suspect that this lax approach to password security – really their online identity – isn’t limited to our friends in the frigid North.)

What strikes me about this experiment isn’t that anyone would ’sell’ his or her password for a chocolate bar – that’s not the point, at all – but that people STILL think that there’s no danger of anyone misusing their passwords. I don’t doubt that a good number of the people would have revealed the same amount of information even if no chocolate had been offered. After all, these folks didn’t think that they were selling their passwords; the chocolate made it seem like an innocent game, and without giving it much thought, they revealed more than they should have.

This is scary news. Part of the problem is that many people have a picture in their minds that their passwords don’t secure anything valuable, and why would anyone want to read their e-mails anyway?! Another component seems to be that most people don’t realize how interconnected everything can be on the Internet. A password on one site that is also used on another site may reveal more about the person than he realizes, and, in this world of ours, there is always SOMEONE who IS interested in your data!

Keeping your passwords secure is a critical component to keeping your personal information secure and your online identity safe.

Peter L

Posted in General | 1 Comment »

Bue Spring Manatee Festival

Thursday, January 14th, 2010

Because there is more to life than just passwords (yes, we admit it!) and facebook and ‘official’ letters from the FBI, we’ll occasionally point out events and activities and all sorts of other things that excite the Sticky Password team.

The Sticky Password team has become very interested in helping Manatees in Florida. So much so, that we’re sponsoring the Save the Manatee Club. Even though no one on the team lives in Florida, we are able to help with contributions. Check out their site to see some neat videos and find out about these cool animals. The stuffed manatee you get for ‘adopting’ a manatee is well worth the price.

If you happen to be in the area (central Florida, north of Orlando) on the weekend of January 23-24, be sure to check out the 25th Annual Manatee Festival in Orange City, Florida.

Tags:
Posted in Events, General, News and Commentary | No Comments »

Personal Privacy and that ‘Interview’ with a Facebook Employee

Tuesday, January 12th, 2010

Yesterday, The Rumpus published an interview with an undisclosed Facebook employee. In the article the employee highlights a bunch of practices within Facebook that suggest that member data isn’t as private as we might think it to be. I’ve put quotes around the word interview in the heading, because it really isn’t clear whether the interview actually took place, or maybe rather, how much of the info is really the result of an interview with a real person and how much has been filled in by the author to cover his tracks or because the info intuitively fits into the picture.

After reading several articles about the interview, I keep returning to the same conclusion I had after reading the original article: everyone is responsible for his or her own privacy. It may seem that privacy is out of our control in this technological world, but there’s a lot we can do.

In the era of instant gratification and reality TV, everyone wants to be a star – and that, immediately. The Internet gives us our chance. We’ve grown used to putting anything and everything (pictures, biographical info, financial and other data) on the Internet with such trust – closer to complete lack of concern – that I am amazed that more harm doesn’t come of it. The anonymity that loosens our inhibitions to reveal intimate secrets blends very well with the voyeurism of the Internet generation.

We want everyone to see us in our full glory and yet we demand that we be granted privacy. We can’t have it both ways. The Internet is a tool that must be used with caution, just like any other tool. If you wouldn’t dance naked in your living room with the shades up, or provide your financial info to your neighbors, why would you think it’s OK to do it on the Internet?

Back to the article, nothing in it is really surprising. Regardless of the company, some employees always have access to customer data. That’s because they need to.  While it may be implementing them a little late in the game, I’m sure that Facebook has similar rules that other companies do. It’s what happens or can happen to the data that is important. Think of the government agents who have lost computers with tens of thousands of personal records. It’s not about new laws or regulations or restrictions, because there’s always the human element involved and that is why we need to think about what we can do to ensure that our personal data is secure. If nothing else, we control the information that we put out there on Facebook and other social networks.

Maybe this interview incident will be a wake-up call to people to think about what they are doing for their own security.

Peter L

Tags: ,
Posted in General, News and Commentary | 4 Comments »

The Ice Cream Man

Monday, January 11th, 2010

It was a good weekend – except for the cold or flu or whatever it is that has me incapacitated since Saturday afternoon. (How am I supposed to enjoy play off football when I’m not feeling well!?)

Earlier in the morning on Saturday, I ran into my friend the ice cream man at the crowded grocery store. Our wives were gathering in the isles while the men folk tried to look manly with nothing to hunt and only orders to follow.

Anyway, he came up to me all happy and said that everything was great! I looked at him and didn’t really register what he meant. “You remember,” he said, “ you told me to try Sticky Password.” Now I remembered. (see blog entry of December 15)

“I was really skeptical at the beginning. I thought that it was going to be another piece of software on my computer that would never get used. On top of that, I thought that I only had a couple of password accounts, so I didn’t think that I needed a password manager.”He went on: “I started using it and I found out that I have 37 password accounts. I had no idea! And all I have to remember is one. And the form filling stuff is cool! I’ve got my business info separate from my personal stuff and I get through stuff with just one click. Thanks – it’s really great!”

I told him to let me know when the trial ran out and that I would see about getting him a special deal on the license. He said that he bought 2 licenses the first week after he started using it: one for himself and one for his daughter at college.

As we were saying goodbye, I asked whether he still used the names of his favorite flavors as his passwords. He laughed and said that neither he nor Sticky Password would ever tell!

Peter L

Tags: ,
Posted in General, Passwords and Security | 2 Comments »

Your online identity – dead

Tuesday, January 5th, 2010

I just found about the web 2.0 suicide machine. Wow! That’s what I call finding a need and filling it.

Once you get past the gallows humor – and, even though it is really only one graphical page, it took me a good while to do so, because they’ve done a great job of playing on the theme in the look and feel of the site.  The terminology used (‘sign out forever’, ‘commit’, ‘resting in a better a life’, etc.) and using a noose as the main graphical element are used consistently without overdoing it. The site gets the message across without being morbid: like watching the Addams Family, but with a moral.

Anyway, once you get past all that, you discover that they are serious about providing a service: they disconnect or ‘kill’ your online connections is various social networks (LinkedIn, Twitter, etc.). As far as I can tell, they aren’t doing anything that any of us couldn’t do on our own. They are simply automating the process for us. That seems legitimate to me. In fact, even if they were doing something that we couldn’t do ourselves (because of our own limited know-how, or time, or even because of EULA restrictions from the social networking sites), I think it is legitimate that we be able to own our information and identities online, and do with them what we want. And that is the underlying concept to all of this. It is a serious matter that companies and organizations can claim or suggest that they own information that is personal to us.

Kudos to web 2.0 suicide machine for helping us take a stand on our own behalf!

And they’ve scored quite a marketing coup: the web 2.0 suicide machine service has been banned from Facebook. Visit their website and see the great banner ad they’ve posted on their site. Other than Oprah promoting them on her show, I can’t think of a more powerful marketing tool at this early stage of their existence.

Did I mention that I really like the way they’ve designed their site!?

Peter L

Tags: ,
Posted in General, News and Commentary | 3 Comments »

New Year’s Resolutions

Saturday, January 2nd, 2010

While visiting my parents during the week between Christmas and New Year’s, I cleaned up my dad’s computer a bit. I try to do this for him every couple of months. The last time I was able to do it was at the beginning of August, so things were a bit ‘messier’ than usual. My father is the type of computer user who clicks on just about everything that appears on his monitor. He doesn’t spend much time figuring out whether it’s a system message, spam, a phishing attempt, or some other unscrupulous attempt to entice him to click the link and submit info. He’s been using a computer since 1985 and the Internet since the early 1990s, so you might think that he’d be more savvy to what lurks on the Internet, but as far as his clicking habits are concerned, I think he is pretty average in accepting just about anything that appears. A big problem is that while programs and applications have become more user-friendly (while not perfect, everything from games to business applications really is plug-and-play), system messages and legitimate warnings are still cryptic. So people ignore them. An example of this is the typical firewall, without thinking most people have gotten used to simply clicking ‘OK’ on any message that they think is delaying them in whatever it is they are doing. Instant gratification must never be more than a click away.

After cleaning everything up and updating all of my dad’s software, I added two new elements: Sticky Password and a remote access program. I know, I know, how is it possible that my father wasn’t using Sticky Password, yet!? Remember the saying about the cobbler’s children having no shoes? Well, in this case it was the cobbler’s father – that is, my father who was doing without. He’s been saying that he just didn’t have enough password-protected accounts to make it worthwhile. He has exactly 8 accounts, which seems like a manageable number, but every month he would have to reset passwords for a couple of the accounts, or ask me what his login was for this or that account. (And, no, I don’t recommend telling your passwords to others.) Somehow, all of this activity didn’t register with him as meaning anything – but it adds up and makes it just about impossible to make any sense after all the login resets! (In addition to claiming that he didn’t have enough accounts, I suspect that he wanted some hand holding for the installation. :-) )

I downloaded the Sticky Password installation package and clicked on it to launch the installation on his Windows XP system. I told him to get started while I sneaked off to get some coffee and cookies. When I returned, he was grinning like a Cheshire cat: he had installed Sticky Password all by himself! After 2 minutes of training – most of which consisted of me convincing him that all he had to do was remember his master password – he was happily visiting his favorite sites. A week later and he hasn’t had to reset any accounts and he is still clicking away – happily and SAFELY!

The other element I added was try remote access software. I’m testing LogMeIn, which seems to be a simply service to use and manage. So far, so good! If anyone has any experience or recommendations with this or other packages, I’d be interested in hearing from you.

Now to the New Year’s resolutions: let’s see, all the standard ones – more exercise, eat healthy, get more sleep, read at least one book every month, my dog needs to learn a few more tricks (I’m not sure if that counts as a resolution for me or him)… and, to help my dad keep working efficiently and safely on his computer, a task that will be easier thanks to Sticky Password.

Happy New Year!

Peter L

Tags:
Posted in General, Passwords and Security | 2 Comments »