Archive for April, 2010

Identity theft and the average Joe

Monday, April 19th, 2010

I’d like to see the next security survey include a follow-up question to the ‘are you afraid of identity theft’ question. Something along the lines of: ‘do you know what identity theft is and how you can protect yourself?’

I’m not trying to belittle the issue of identity theft. But my own experience is that most people simply repeat the phrase because they’ve heard it so many times on TV and the radio. They don’t understand it and therefore they don’t take even the most basic of precautions to protect themselves.

It’s kind of like the idea of ‘panic rooms’. After the release of the Jodie Foster film (2002), it was all the rage to talk about ‘safe rooms’ and all sorts of new fangled security systems. But do you know anyone who actually did anything to increase the security of his or her home? Lots of talk and no action!

With identity theft, the situation is worse because identity theft is something that can impact each and every one of us. If you have a social security number (in the US, or the national ID in other countries), or credit card, or a bank account, or utility bills you are at risk. Each one of us who is living in modern society is a potential target.

Make sure you protect your personal data. As far as computer usage is concerned, at the very least make sure that your computer software is up to date, including security patches. Make sure you have the basic security programs installed and running: anti-virus software, firewall, anti-spam, and a password manager. With email: don’t open it or click on it unless you KNOW who sent it! Be jealous of your privacy!

Do you know what identity theft is? How are you protecting yourself?

What would your answers be?

Peter L

Posted in General | 3 Comments »

Password stealing

Sunday, April 18th, 2010

I just ran across a little article about a school having its computer system compromised because of a password being swiped. It seems that a student in the 4th grade got the password from a teacher’s desk and then used it to fiddle with the district-wide computer ‘blackboard’ system. No long-term harm was done, but I’m sure the IT folks were scrambling for a while before they figured out what had happened.

Luckily, the alleged child culprit wasn’t prosecuted! While the 9-year old surely misbehaved, in my estimation, the offense doesn’t warrant a criminal punishment. Instead, it should be a call to the school to figure out why passwords are accessible to curious 9-year olds. (Aren’t all 9-year olds curious!?!)

What is missing from the article is any mention of the security policy of the school. Is it standard policy for teachers to write their passwords on post-it notes and to leave them on their desks? Why did this teacher have a password with administrator rights? Do all of the teachers have admin rights? Did the teacher follow procedures for keeping the password safe? Were there any procedures to follow?

We aren’t given any details, but would we be going out on a limb to conclude that the fault or breach is the fault of the teacher, if not the school or district for failing to follow an appropriate security policy for passwords?!

Peter L

Posted in General | 1 Comment »

Show off in Sticky Password style

Thursday, April 8th, 2010

You use Sticky Password because you appreciate the security and the elegant approach to password management and automatic form filling. Now you can add some of that pizzazz to your style. Show off with a cool Sticky Password t-shirt, or make everyone jealous while having a cup o’ joe in your handsome Sticky Password mug.

Visit the Sticky Password store on zazzle to order your very own Sticky Password t-shirts, mugs and other gifts – even doggie sweaters. New designs and merchandise will be added regularly, so make sure to check back to see what’s new.

Buy yours today and send us a picture of any Sticky Password product in your real life and we’ll post it on the Sticky Password facebook page.

Remember, it’s good to flaunt your Sticky Password, NOT your passwords!

Sticky Password securing your personal data in the big city!

Sticky Password securing your personal data in the big city!

Tags: , ,
Posted in General | 1 Comment »

Sticky Password in real life

Tuesday, April 6th, 2010

A bunch of you have already sent emails asking about the photos being posted on the Sticky Password facebook page. We’re starting a photo series on facebook that we’re calling ‘Sticky Password in real life’. The idea is for Sticky Password customers to submit pictures from all over the world showing how they use Sticky Password, or anything with the Sticky Password logo anywhere: near a landmark, under a waterfall, in your apartment or the local library, at your 2nd cousin’s wedding – anywhere! Or, even something simple like writing Sticky Password in the snow with pine cones. :-)

Join us by sending a photo showing YOUR real life with Sticky Password to photos@stickypassword.com. Don’t forget to include your name and where you took the picture so that we can toot your horn for you. (Legal stuff: by submitting your photo, you agree that Sticky Password can post the photo on facebook and use it in any way that we’d like to promote Sticky Password.)

We look forward to posting your photos!

Posted in General | 2 Comments »

When it comes to passwords, is your IT guy one of the bad guys?

Friday, April 2nd, 2010

Not intentionally, I hope – but the IT guy (or gal) is usually under a lot of pressure to fix something quickly so that the business of doing business can move on. And that can lead to shortcuts and encouraging bad habits.

When you call the IT guy, you’re the one who wants it done quickly; when he comes knocking with some sort of update or network issue, he’s pushing all the more to get you set up – because he has to repeat the same thing for all of your colleagues. Either way, whatever he is doing usually requires a password – one of your passwords.

He starts working with you standing behind him as you explain the problem over his shoulder. He moves aside to let you enter your password.

You BOTH know that the password is a secret – your secret.

You bend over the keyboard to enter the password as he pretends to be interested in some pictures on the wall of your cubical.

He resumes working with you standing behind him. There’s a little small talk. He looks up at you because he needs the password again.

You BOTH know that the password is not supposed to be shared.

You awkwardly enter the password, again.

You discover that standing behind him is boring and that you don’t want to chat with him anymore. You hope that it’ll be over soon. It doesn’t look like it: he needs the password again. You seize the opportunity and write your secret password on a post it note and tape it to the desk next to your keyboard. You leave your cubical in search of something better to do – like getting grilled by your manager about a missed deadline.

This ritual happens over and over in almost every company. It doesn’t matter whether you have an in-house IT team or outsource your IT support. The IT guys and gals have it tough: they’ve got a job to do and they know better than anyone the company password rules. Yet, they bend the rules so that you can get back to work and they can get to the next customer.

This is bad news for at least a couple of reasons. First, your password isn’t a secret anymore. The person to whom you’ve revealed your ‘princess1’ password has access not only to the specific account or application, but also has an idea of your password philosophy, which makes it a lot easier to crack other accounts. Second, and maybe even more important, is that this type of behavior reinforces the idea that passwords and security aren’t important. Somewhere, deep in your subconscious, you slowly start getting used to the idea that sharing passwords isn’t a big deal; you may start to reconsider whether it is even worth it to have different password for different accounts and websites, and pretty soon, you’re using ‘password’ as your password. It’s a slippery slope!

This is a call to IT guys – come on, make it hard on us! Don’t let us tell you our passwords. Make sure we know that that’s not acceptable.

Peter L

PS Check out IT Crowd for a great look at life on the IT rung of the corporate ladder.

Tags: , ,
Posted in News and Commentary, Passwords and Security | 6 Comments »