Posts Tagged ‘passwords’

« Older Entries

Security is manageable – passwords and more

Thursday, June 24th, 2010

Your security online is made up of little things that each and every one of us CAN manage. Much of protecting yourself involves paying attention and being aware of what you are doing when using your computer. Even the settings that you use for your computer and security programs are designed to allow you to make a reasonable decision based on the way you use your computer. The few minutes of paying attention while installing your security software can make all the difference. Know what the software is doing for you, so that you’ll be able to recognize when something strange is going on.

A password manager is there to do for you those things that take up your time and really are an effort. Creating strong passwords for each website and keeping them straight in your head isn’t easy. And it does take time to use them. We recommend Sticky Password, but whether you use a password manager or not, you should be aware of the basics of safe passwords: unique strings of letters and numbers that can’t be guessed for each site and purpose. And, of course, don’t share your passwords with anyone.

And, as has been written in this blog before, DON’T believe everything you read. That’s generally true, but on the Internet, you are likely to be overwhelmed by offers. If you wouldn’t accept the offer from someone on the street, then there is even more reason to reject it from a mysterious someone who wants to share riches with you. Your odds of winning the lottery are better than getting ‘your share’ of the millions of dollars.

Review these general security tips and you’ll see that protecting yourself is something that you CAN manage.

Tags: , ,
Posted in General, News and Commentary, Passwords and Security | 1 Comment »

A brief history of hacking

Wednesday, June 9th, 2010

Check out this abridged history of hacking.

The history of mankind: there is always someone out there who is interested in getting access to other people’s ‘stuff’. While many of the examples given in the post focus on government systems, that’s not the rule. Breaking into a military system is always a thrill (and embarrassment to the government), but breaking into company and personal accounts is more lucrative. Systems can be hacked, so it is YOUR responsibility to take care of your personal data. Strong passwords are a requirement for protecting your personal data.

Also very interesting is the type of people who are doing the hacking. You may not have seen your Aunt Sally in the list, but a lot of those teenagers and students could have lived just down the street from you. Make sure that you are securing your passwords.

Peter L

Tags: , , , ,
Posted in News and Commentary, Passwords and Security | 1 Comment »

Passwords, personal data and Identity Finder

Friday, May 14th, 2010

Here in Essex County, New Jersey, the county is promoting the annual computer and electronics recycling day (this Saturday, May 15), so when I saw the article about Identity Finder on ComputerWorld.com, I was in the right mindset to appreciate the problem.

What’s the problem? Your computer can end up in the strangest places.

Your computer = YOUR PERSONAL DATA

Whether you give your computer to a family member or donate it to a good cause, or someone steals it, all that stuff you put in there thinking that no one would ever see has a way of staying around a long time. And, for as long as the data is there, someone can get to it. (I know that computer recycling projects often claim to wipe all the data clean, but I wouldn’t count on someone else doing it for me.)

Identity Finder (cute logo!) does a deep scan of your computer to locate data associated with your identity – social security and credit card numbers, birthdays, unencrypted PASSWORDS, etc. If you’ve had your computer for any period of time, it is going to have information that you’ve forgotten about. Some of that data should not get into the wrong hands!

The author mentions that Identity Finder can ‘shred’ the files to ensure that the data is unrecoverable, which is very good. It brings up the question of whether Identity Finder can find the data in files that underwent a ‘standard’ delete and therefore are still technically accessible on the hard drive. THAT would be a great service to the average computer user.

All the passwords and personal data that are stored in Sticky Password are encrypted – so even if someone gets access to the computer, he won’t be able to get to your information. Passwords stored in your browser aren’t secure. Neither are passwords in that old Word or Excel file that you labeled with the mysterious title: mypasswords.doc. Knowing where your sensitive data are is a big step in protecting yourself.

I’ll be running Identity Finder scan on my computer this weekend!

My only question: what were all those social security numbers doing on the author’s computer in the first place!?!

Tags: , ,
Posted in News and Commentary, Passwords and Security | 5 Comments »

When it comes to passwords, is your IT guy one of the bad guys?

Friday, April 2nd, 2010

Not intentionally, I hope – but the IT guy (or gal) is usually under a lot of pressure to fix something quickly so that the business of doing business can move on. And that can lead to shortcuts and encouraging bad habits.

When you call the IT guy, you’re the one who wants it done quickly; when he comes knocking with some sort of update or network issue, he’s pushing all the more to get you set up – because he has to repeat the same thing for all of your colleagues. Either way, whatever he is doing usually requires a password – one of your passwords.

He starts working with you standing behind him as you explain the problem over his shoulder. He moves aside to let you enter your password.

You BOTH know that the password is a secret – your secret.

You bend over the keyboard to enter the password as he pretends to be interested in some pictures on the wall of your cubical.

He resumes working with you standing behind him. There’s a little small talk. He looks up at you because he needs the password again.

You BOTH know that the password is not supposed to be shared.

You awkwardly enter the password, again.

You discover that standing behind him is boring and that you don’t want to chat with him anymore. You hope that it’ll be over soon. It doesn’t look like it: he needs the password again. You seize the opportunity and write your secret password on a post it note and tape it to the desk next to your keyboard. You leave your cubical in search of something better to do – like getting grilled by your manager about a missed deadline.

This ritual happens over and over in almost every company. It doesn’t matter whether you have an in-house IT team or outsource your IT support. The IT guys and gals have it tough: they’ve got a job to do and they know better than anyone the company password rules. Yet, they bend the rules so that you can get back to work and they can get to the next customer.

This is bad news for at least a couple of reasons. First, your password isn’t a secret anymore. The person to whom you’ve revealed your ‘princess1’ password has access not only to the specific account or application, but also has an idea of your password philosophy, which makes it a lot easier to crack other accounts. Second, and maybe even more important, is that this type of behavior reinforces the idea that passwords and security aren’t important. Somewhere, deep in your subconscious, you slowly start getting used to the idea that sharing passwords isn’t a big deal; you may start to reconsider whether it is even worth it to have different password for different accounts and websites, and pretty soon, you’re using ‘password’ as your password. It’s a slippery slope!

This is a call to IT guys – come on, make it hard on us! Don’t let us tell you our passwords. Make sure we know that that’s not acceptable.

Peter L

PS Check out IT Crowd for a great look at life on the IT rung of the corporate ladder.

Tags: , ,
Posted in News and Commentary, Passwords and Security | 6 Comments »

Password survey results

Wednesday, March 31st, 2010

I ran across an interesting password survey conducted by Kevin Haley at Symantec. About 450 people answered his 9 straightforward questions. When thought about a bit, some of the results are pretty interesting.

The first question asked about the number of passwords. 33% of all respondents said that they have 10 or fewer password-protected accounts (networks, websites, etc.). Mind you that these folks took an online survey. As best as I can tell, they had to login to participate in the survey, which is entirely appropriate, but that would mean that that was one of their passwords – right?! My point is that most people severely underestimate the number of password-protected accounts they have. I’ve mentioned it in earlier blogs – stop someone on the street and ask how many accounts someone has and you’ll get an answer like ‘just a few’, ’maybe 10, or so’, or some small number. But when you think about most people (not technology geeks), you quickly see that even a basic Internet user will easily have 10 accounts, and probably more. Average users will likely have 20, 30 and more. Think about your own password-protected accounts:

1 free webmail (yahoo, gmail, hotmail, etc.)

2 email from your service provider (aol, comcast, earthlink, …)

3 facebook or other social network, maybe multiple networks

4 work

5 Amazon and other online shopping sites

6 Travelocity and other travel sites

7 online subscriptions (newspapers, magazines, newsletters, …)

8 just about any online blog to which contributions are made

That’s not to mention banks, credit cards and other financial stuff like retirement and investment accounts, government sites, libraries and local services, airlines, as well as cell phone accounts, utilities, and so on. This is interesting because a result of this underestimation is likely to be that many people entirely misunderstand the threat to their data, which should be protected by their passwords. If there’s no threat, then you don’t need to manage anything – right!?

The response to question 6 flows from the first: if you don’t think there’s a lot to remember (i.e. that you have only a few passwords), then you’re bound to think you can do it all in your head. 60% of people responding said that their ‘memory’ was their method for remembering passwords. I’ll bet a dollar to a donut that these folks’ passwords aren’t the strongest on the block. Still, quite a few (7%) admitted to storing theirs on post-it notes next to the computer.

Questions 2 and 3 were about choosing passwords. Just over eighty percent (80%) indicated that they recycled or duplicated their password to some extent. This would seem to contradict the 71% of respondents who selected ‘strength’ as one of the most important factors when selecting a new password. I thought the 9% who selected passwords because they were ‘fun or interesting’ were at least a little more aware of what was going on. (In general, this isn’t a good attribute in a strong password.) This is a big aid in remembering your password, but that also creates the temptation to share it with others. And then there’s the risk that others also know that your cat’s name is ‘Precious’.

The detailed results of the survey are worthwhile and so is Kevin’s commentary.

The failure of passwords is because of human nature: we are driven to make things easy for ourselves. Good passwords require the opposite.

Peter L

Tags: , ,
Posted in News and Commentary, Passwords and Security | 1 Comment »

Random happenings in the world of passwords

Tuesday, March 30th, 2010

Recently, I was in a meeting where several people gave presentations via a projector. As almost always happens, there were minor glitches in transitioning the projector connection from one notebook computer to the next. As part of her presentation, one unsuspecting person needed to log in to a site. Without looking at the screen to see what was actually being displayed, she ran through her login and password and clicked ‘ENTER’. She then looked up and saw that she had accidentally entered her password in the ‘NAME’ field. The result was that for several seconds, 9 strangers saw her full access credentials for the site. Nobody said anything. She cleared the fields and ran through the process again – this time successfully.

At the break, after talking about the material she presented, I quietly suggested that she change her password. “What do you mean?” When I explained that there were 9 additional people who now knew her information, she looked surprise. “Oh, that little slip when I started! I’m sure that no one here has any reason to do anything funny.”

We humans are a trusting species, especially when face-to-face contact is involved. Unless we have a specific reason to be suspicious of someone, we usually give people the benefit of the doubt about possible bad intentions. That’s fine and necessary for our daily lives: the local grocer and paperboy don’t want to rip us off; if we didn’t trust the other drivers on the road, then we would never be able to get anywhere. But we still have keys to lock up our stuff.

As for accidentally revealing all or part of a password, I’ve had it happen to me at inopportune moments in the past, and it’s not that uncommon to see it when working with people at a projector or a monitor. The people sitting around may or may not notice what happened, and they probably aren’t interested in your passwords. But you never know. And why would you take the risk? Next time something like that happens to you, make sure you double back at the first opportunity to change that password.

Peter L

Tags: , ,
Posted in Passwords and Security | 7 Comments »

Good passwords and how to use them

Sunday, February 21st, 2010

More and more, we’re seeing attention being given to passwords and personal security. It seems obvious that passwords are an integral part of securing your personal data, but that part of the security message seems to have been glossed over until recently. Ever notice the strange looks you get from your friends or even the IT guy when they see you taking precautions to not reveal your passwords? If so, congratulations, you’re ahead of the curve on this one.

A lot of the recent articles and blogs are about creating really good passwords. Many of the ideas are sound: create a string of characters and numbers that you will remember but that can’t be easily guessed – not even by people who know you. Your password shouldn’t be a word or a set of consecutive numbers or letters, or a date, like your birth date or anniversary. (Since your pet’s name is presumably a word, it’s ruled out by default!)

So, now you have a great password – great! But what about the rest of the passwords you need for all those online accounts and applications? What’s that? You only have a couple. Really?

When I ask people about the number of passwords they have, most folks say something like ‘only a couple’, or ‘around 10’. No one ever says 30 or 50 – BUT when you ask them to really think about the number of email accounts (hotmail, yahoo, gmail, etc.), banks, e-commerce sites (amazon, zappos, Barnes & Noble, online department stores, and on and on), travel sites (Travelocity, orbitz, priceline, expedia, etc.) local and other government sites, not to mention blogs and other special interest sites, people are surprised to discover that they really have quite a few. Even your list just keeps getting longer and longer.

Keeping them all straight is a big part of safe password usage. That’s where the password manager comes in. It is very difficult to manage in your head all of the good and unique passwords that you’ll need for all of the sites you visit. If you are stressing and spending lots of energy hiding passwords in your datebook or in spreadsheets, you should consider Sticky Password. You’ll have a strong, unique password for each site and you’ll have access to them wherever you go.

Follow sound rules and create a strong password that you won’t forget and that no one is likely to guess: use that as your Master Password in Sticky Password. Let Sticky Password create and manage all your other passwords.

Peter L

Tags: , , ,
Posted in Passwords and Security | 2 Comments »

Online security and relationships – a bad mix!

Tuesday, February 16th, 2010

I hope you all enjoyed Valentine’s Day! After reading the previous post, I hope that you all included a note to your beloved in that box of chocolates in which you announced that you’ve changed your shared gmail password. :-) Here are a couple of articles that came out recently that highlight the fact that feelings and security often don’t mix.

In Broken hearts put holes in wallets – the author stresses that “[f]raudsters know that trust is the key to profiting from love”. The bad guys know that people are very likely to share private info including passwords and other data once a ‘relationship’ is built. It’s a game that takes time, but the bad guys have all the time it takes to use social networks to build a sense of trust and then to get your data. (I picture the bad guys sitting at computers with all sorts of chats going on simultaneously like the guys in the park who play several games of chess at once with the punch clock.) Make it your policy to not share your personal data with anyone and you’ll be much safer.

Black hat hackers on demand is scarier. Here we find out just how easy it is for someone you know to pay someone to do the dirty work: your ‘ex‘ pays a few bucks and soon you receive an invitation where you have to enter your password yourself. They pay the money and get your password and access information. Here’s where your diligence comes into play. It takes discipline, but it’s up to you to make sure that before you click on anything or enter your access data anywhere that you know who it’s from. The bad guys in this scenario pretend to be someone you know. This makes it harder to resist the immediate click, but it’s worth waiting a few minutes to confirm who sent it. So much for instant gratification… but you’ll be safer for it!

Peter L

Tags: , ,
Posted in News and Commentary, Passwords and Security | 2 Comments »

Does sharing passwords mean you’re in love?

Sunday, February 14th, 2010

Back in the 7th grade I had my first girlfriend. It was true puppy love: we were together constantly at school and we shared everything, including our locker combinations. Sharing locker combinations was the thing to do. Every once in a while you would hear about a breakup and that he or she had thrown her or his stuff out of the locker onto the hallway floor, and that was just about the worst that could happen. There wasn’t a risk that your personal stuff would be revealed and exploited by bad guys half way around the world.

Back then (I’ll just say that it was in the 1980’s :-) ), that was about the only ‘secret’ security information that a pre-teen had. ‘Online’ wasn’t even a word back then and bulletin board services were just starting up for the techie types.

Well, it’s not the 1980’s and you’re not in junior high, anymore. The Internet is a part of our lives and personal data security and identity theft are on everyone’s mind. Yet, I regularly meet adults who tell me that they share online passwords with their lover – they say it’s cute. I’ve actually had people tell me that sharing passwords is a stage in each relationship that has to take place! (We know that the third date can be pretty busy, so does password swapping come on the 4th date, or maybe the 5th!?!)

It’s not about trusting or not trusting, it’s about common sense. Go ahead and share all your emails with your loved one if you want, just don’t give him or her your passwords. Even if you’re ‘positive’ that he won’t reveal your password, by sharing your password with someone else, you’re increasing the risk that the information may get out by accident. It’s not worth the risk, keep your passwords private. Be safe with Sticky Password Manager.

Tell him you love him with a kiss, not with your passwords.

Tell her you love her with flowers and a diamond, not with your passwords.

Peter L

Tags: ,
Posted in Passwords and Security | No Comments »

Security you’ll use

Tuesday, February 2nd, 2010

The secret to just about all things in life: start with manageable or agreeable amounts and repeat.

What am I talking about?

New Year’s passed recently, so we still have resolutions ringing in our heads. How many friends do you have who loudly proclaimed on January 1, that they just joined a fancy new gym or bought expensive exercise equipment?!  (Or, maybe it was you who made the claim?) Are they still keeping up with the impressive exercise programs? Typically, most people fail in their exercise programs because they choose the wrong program. If Bob doesn’t like lifting heavy things on bars, or staring at a TV while sitting on a bike that doesn’t go anywhere, then he’s probably not going to be inspired to keep going to the gym to do it over and over, for weeks on end until he gets in shape – even though he bought a membership at that fancy gym. But if Sue signs up at the Y because she likes swimming, then she is more likely to keep up with a schedule. In the end, who’s likely to be more successful in attaining their health goals? Sue, not necessarily because of a super strenuous program, but because she found something that she could do in reasonable doses over and over.

So, great, you’ll go to the Y and start swimming, but what does any of this have to do with security?

Actually, a lot. The majority of people consider anything to do with security to be boring, or they don’t like it because it slows them down in what they want to do right NOW. These folks may have all sorts of imposing security hardware and software on their computers, but you’ll note that they often disregard proper usage. They simply ignore warnings from their firewalls by clicking ‘allow all’, that is, if they have their firewall turned on at all. And Microsoft security updates? Why should they bother? Strong passwords with some sort of solid approach to password management? Not likely! And all of these folks want to maintain their ‘health’ -  keep their identities safe online and their personal data secure.

The better approach is to have basic set of tools that you’ll use: an anti-virus program (many include anti-spyware), a firewall and a password manager – and perform those security updates from Microsoft. That’s the minimum. If you’ve read any of the earlier posts in this blog, or the general news, then you know that password and phishing exploits happen too frequently to ignore. A password manager is now part of the basic kit. Start with these few tools, and learn to use them. You’ll see that it doesn’t require any more effort to learn how to use them than it does to click on ‘allow all’ to break through your firewall!

Once you’ve built the foundation for your security health, add more tools in manageable amounts and repeat.

Tags: , , , ,
Posted in Passwords and Security | 2 Comments »

« Older Entries