Posts Tagged ‘passwords’

Newer Entries »

Taking passwords seriously

Sunday, January 31st, 2010

A few recent articles have revealed (again) that most people don’t take their online security seriously. Maybe a better way of saying this is that most people don’t seem to connect the dots between their passwords (online logins) and how they help keep their personal data secure. At a time when everyone is talking about identity theft protection and personal data privacy, a huge number of Internet users still use very weak passwords (anything that is predictable or can be easily guessed) or repeat the same password in multiple accounts.

The purpose of passwords is to keep others ‘out’. By using predictable passwords, you’re making it easier for someone to get ‘in’. That doesn’t mean that someone will get in, or even that someone will try to get in, but you’ve made it easier for him. It’s worthwhile identifying two basic categories of wrongdoers: those we know and those we don’t know. When thinking about security, most people think about a threat that they can imagine. When I was about 10 years old, I had a safe in which I kept my allowance and a few small prized possessions (actually, it was a piggy bank with a very simple combination lock). My only concern at the time was to keep my sister out. I had no concept of other threats and so my security system focused on the threat I could picture in my mind. (Confident that she would never be able to guess it, I probably used something like my birth date as the combination!) With online logins and passwords – when thinking about threats at all – the picture of bad guys for most people is someone trying to access their account just as they themselves would: sitting at a computer and trying combinations of numbers and letters. That’s not always the case.

Most people are generally trusting and don’t think that their friends and family would try to access their online accounts: maybe they wouldn’t, but relationships do change and people are curious, so why open yourself to the risk!? In general, it’s because of the people who know us that we shouldn’t choose passwords tied to our children’s or pets’ names, birthdays, and other personal and family information that may be known by others. These people know your details and would probably start trying to get into your account with this info.

As for the other group – the guys who are usually dressed in black in the movies – people think that really bad guys aren’t interested in their accounts. But these are the bad guys that we all need to protect ourselves against. They don’t care who you are, they just want data – your personal data! These are the bad guys who use brute computing force to access, or hack, accounts. They don’t personally go from one account to the next – patiently trying to get into a specific person’s accounts. They have powerful computers that try millions of combinations of logins and passwords every hour all over the World Wide Web. And, here’s where strong passwords with combinations of numbers, letters (upper and lower case) and special characters come into play. Each little twist to a password makes it that much harder to crack. It doesn’t matter whether you think the info in your email account is valuable, someone out there does. He probably doesn’t want to read your email – but your login and password are $valuable$. Valid logins and passwords are worth more on the black market today than a valid credit card number!

It bears repeating: the purpose of passwords is to keep others out! Make sure you use passwords that will keep others out.

Tags: , , , ,
Posted in Passwords and Security | 6 Comments »

The Ice Cream Man

Monday, January 11th, 2010

It was a good weekend – except for the cold or flu or whatever it is that has me incapacitated since Saturday afternoon. (How am I supposed to enjoy play off football when I’m not feeling well!?)

Earlier in the morning on Saturday, I ran into my friend the ice cream man at the crowded grocery store. Our wives were gathering in the isles while the men folk tried to look manly with nothing to hunt and only orders to follow.

Anyway, he came up to me all happy and said that everything was great! I looked at him and didn’t really register what he meant. “You remember,” he said, “ you told me to try Sticky Password.” Now I remembered. (see blog entry of December 15)

“I was really skeptical at the beginning. I thought that it was going to be another piece of software on my computer that would never get used. On top of that, I thought that I only had a couple of password accounts, so I didn’t think that I needed a password manager.”He went on: “I started using it and I found out that I have 37 password accounts. I had no idea! And all I have to remember is one. And the form filling stuff is cool! I’ve got my business info separate from my personal stuff and I get through stuff with just one click. Thanks – it’s really great!”

I told him to let me know when the trial ran out and that I would see about getting him a special deal on the license. He said that he bought 2 licenses the first week after he started using it: one for himself and one for his daughter at college.

As we were saying goodbye, I asked whether he still used the names of his favorite flavors as his passwords. He laughed and said that neither he nor Sticky Password would ever tell!

Peter L

Tags: ,
Posted in General, Passwords and Security | 2 Comments »

Don’t be cute

Tuesday, December 15th, 2009

I met up with a friend from college last weekend. We hadn’t seen in other in quite a while, so we had a lot of catching up to do. I listened with interest as he told me that he owns a franchise of one of those ice cream parlors where you choose the fixin’s and they mix your ice cream in front of your eyes on the freezing countertop. (Does anyone remember the NY ice cream chain Zippy’s with the little baseball and football helmets?!)

I told him about Sticky Password and what I’ve been doing in online security over the past 10 years. He wasn’t familiar with password management programs, but he did have experience with passwords. He proudly told me that he had a great system for creating passwords for email and online accounts: you guessed it – he used his favorite ice cream flavors as his passwords! :-)

I smiled and asked if anyone knew what those favorite flavors were. He admitted that he was only too happy to share his favorites with his customers when they asked for recommendations. I suggested that he download Sticky Password and try the 30-day trial version and that he should contact me any time with questions or comments.

Of course, I’m not suggesting that all or any of his customers are going to be interested in trying to access or violate his online identity. The point is that most people are in the habit of being cute with their passwords. Whether using the names of their children or pets, or, in this case, an ice cream man using his favorite flavors, these are things that someone who knows you even very little might try if he wanted to sneak into your accounts. Using words like ‘password’ or ‘qwerty’ is even worse, because you are opening yourself up to strangers who start their hacking attempts with these standards.

If you are going to be cute, then I suggest being cute with your login or username. That way, at least, you’ll be able to show off your great login to the world – rather than hiding your idea in a password. Passwords need to be something that can’t be easily guessed. While strong passwords may be hard to remember, they are even harder to be guessed by others! By using a password manager you’ll have strong passwords and the tool to manage them for you (so you don’t have to remember them all).

I’ll let you know how it turns out with my ice cream man friend in 30 days!

Peter L

Tags:
Posted in General, Passwords and Security | 2 Comments »

Banks that can’t spell

Sunday, December 13th, 2009

Walk into any café, deli, or just about any place where you can sit down (for instance, the salon where my wife gets her hair cut), and you’ll probably be able to connect to a Wi-Fi hotspot or a wireless network. From my desk at home, I can detect 6 wireless networks. Including mine, only two of them are secure. If you wouldn’t allow someone into your home without introducing himself, then why would you give him access to your wireless network without having him at least get the password from you?

Just like the author of the recent article in Wired magazine, I really enjoy reading phishing emails. I like finding as many spelling and grammar mistakes and other abuses of the English language as I can. Do people really think that their bank was in such a rush to get the important email to them (contrary to popular belief, email is not a intended as real-time communication!) that they would misspell words and make other really, really basic mistakes?! Would you really do business with your bank if they couldn’t even send you a letter without making spelling mistakes? Even if you do miss the spelling mistakes and the more sophisticated tip-offs (such as the email of the sender and others that can be difficult to detect), simply follow the rule that no legitimate business is going to ask you for your login and password information in an email! If you have any doubts about a suspicious email, or anything that asks you to ‘confirm’ your private data, simply call the company to confirm that the message came from them. If the communication is legitimate, they will work with you to ensure that you are satisfied that the interaction is legitimate.

The way technology seems to permeate everything we do these days makes it very easy to forget about being careful. The latest posts in the news section emphasize nicely the importance of being aware (or alert or conscious) of what is and isn’t reasonable in terms of basic security.

Tags: ,
Posted in General, News and Commentary | No Comments »

Taking basic precautions

Thursday, December 10th, 2009

Not so long ago, I was VP at a rapidly growing anti-virus company. I was in sales and marketing, but I liked hanging out with the anti-virus gurus. Their jobs seemed so exotic and exciting as they were on 24-hour call saving the world! The more I talked with them, the more I understood that while the bad guys are very good at what they do, much of their success depended on average people NOT taking even basic precautions. The head of the anti-virus lab showed me a very simple slide that he used for his presentations. It showed that the major viruses in the early 2000’s spread only AFTER Microsoft announced the security patches that would protect customers. So, if customers acted reasonably quickly (meaning weeks and not months!), much of the damage that was created by viruses in the first half of this decade could have been avoided. (We can debate the pros and cons of the necessity of software security patches some other day.)

The following article reminded me of the importance of each computer user taking responsibility for his or her own security – nothing that would require huge technical knowledge, just taking care of the basics. Computer software and hardware are tools that can help keep you secure; we each need to use these tools appropriately, and not just forget about them and hope that everything will be OK. As is stressed in the article, basic precautions are necessary even with passwords:

“The statistics showed many people still using “admin,” or “administrator” as their username, suggesting that default usernames and passwords are still being used. Similarly, easy to crack passwords were being used “I23456″ was common as well as the simple phrase “password.” Default and easy to crack usernames and passwords combined with automated account credential tools make the process all too easy, Microsoft said.”

Peter L

Tags: ,
Posted in News and Commentary, Passwords and Security | 2 Comments »

Newer Entries »