Monday, October 6, 2008
Good Article on Identity Protection
Consumer Reports has a great article outlining a few steps to make the online world a bit safer for your personal identity. We have discussed one of the points about maintaining a different password for each online account.
Labels: online safety, passwords
Monday, July 7, 2008
10,000 Laptops Lost Every Week
That's right. I wrote 10,000 laptops every week. Engadget has a story about the recent study. That is a lot of data. All I can see is really strong passwords and whole disk encryption.
Labels: laptop, passwords, portable, security
Monday, November 5, 2007
Web Site Password Management
Web site password management is more critical than ever. We are storing and accessing more of our information online and theives are getting evermore creative in how to steal that information. It is critical to have a good password management system for all of your financial-related web sites.
First it is very important to one a unique password for each web site that you use. Though not optimal it is probably all right to use a shared password for your myspace and NY Times web site access. Passwords for your bank, bill payment service, credit cards, and other financial sites should be unique to each site. Be sure to create a password that does not contain any personal information such as your birthday, age, address, social security number, or a dictionary word. A good password should be a random string of characters that meet the following criteria.
The problem is that with so many unique passwords it is impossible to remember them all, but various forms of recording them can be dangerous. Web browsers such as Internet Explorer and Firefox will offer to store your passwords, but this is not a good practice. You can fall prey to a trojan horse program on your computer that can read these passwords or someone could simply steal your computer. It is also not portable which is important today. The option of keeping them written on paper also has its obvious drawbacks.
I have discovered a program that I have used since version 0.5 that has served all of these criteria very well. The best features of the software are that it is free, portable, and very secure.
The program is the open-source Password Safe which is available at
http://passwordsafe.sourceforge.net. Bruce Schneier originally developed the program and then turned the code open source which allowed to develop the software. They have versions for JAVA, Windows, Mac OS, Linux, and even Pocket PC. The most developed version is for Windows.
When you run the installation program it will ask if you want to install it to your computer or to an external disk drive. This is where portability is available. I have run all versions of Password Safe from an inexpensive USB flash drive that I almost always wear. You could enhance security if you stored the program and database on a secure, encrypted USB flash drive. The price of these is coming down significantly as more enter the market. Just choose the disk drive that is your USB flash drive and it will install there.
Once you have installed the software, go to your USB flash drive and start the program. It will walk you through creating a password database. You can have more than one password
database in case you wanted a work-related database that you could share with coworkers. Yes, the password database has a password referred to as a safe combination. Be sure to create a good password for your database. The software will even prompt you if you create a password that is not sufficiently secure.
Once all of your usernames and passwords are entered, you simply need to click the proper database entry and then choose to copy the user name or password into your computer's clipboard. You can then paste it into a web site or other password-protected software.
You now have a portable and safe password solution. The software can moved from one computer to another and it does not leave any evidence of its usage on your friend's or work computer. The original version of the software did leave a small text file on the host computer, but their was no revealing information left behind. The newest version has eliminated that problem. The software even goes so far as to clear the computer clipboard when you close it in case you have copied a password or username there.
First it is very important to one a unique password for each web site that you use. Though not optimal it is probably all right to use a shared password for your myspace and NY Times web site access. Passwords for your bank, bill payment service, credit cards, and other financial sites should be unique to each site. Be sure to create a password that does not contain any personal information such as your birthday, age, address, social security number, or a dictionary word. A good password should be a random string of characters that meet the following criteria.
- Be sure that a word is not spelled in the password. i.e. rutabaga25
- Include at least two numbers
- Capitalize at least one letter
The problem is that with so many unique passwords it is impossible to remember them all, but various forms of recording them can be dangerous. Web browsers such as Internet Explorer and Firefox will offer to store your passwords, but this is not a good practice. You can fall prey to a trojan horse program on your computer that can read these passwords or someone could simply steal your computer. It is also not portable which is important today. The option of keeping them written on paper also has its obvious drawbacks.
I have discovered a program that I have used since version 0.5 that has served all of these criteria very well. The best features of the software are that it is free, portable, and very secure.
The program is the open-source Password Safe which is available at
http://passwordsafe.sourceforge.net. Bruce Schneier originally developed the program and then turned the code open source which allowed to develop the software. They have versions for JAVA, Windows, Mac OS, Linux, and even Pocket PC. The most developed version is for Windows.When you run the installation program it will ask if you want to install it to your computer or to an external disk drive. This is where portability is available. I have run all versions of Password Safe from an inexpensive USB flash drive that I almost always wear. You could enhance security if you stored the program and database on a secure, encrypted USB flash drive. The price of these is coming down significantly as more enter the market. Just choose the disk drive that is your USB flash drive and it will install there.
Once you have installed the software, go to your USB flash drive and start the program. It will walk you through creating a password database. You can have more than one password
database in case you wanted a work-related database that you could share with coworkers. Yes, the password database has a password referred to as a safe combination. Be sure to create a good password for your database. The software will even prompt you if you create a password that is not sufficiently secure.Once all of your usernames and passwords are entered, you simply need to click the proper database entry and then choose to copy the user name or password into your computer's clipboard. You can then paste it into a web site or other password-protected software.
You now have a portable and safe password solution. The software can moved from one computer to another and it does not leave any evidence of its usage on your friend's or work computer. The original version of the software did leave a small text file on the host computer, but their was no revealing information left behind. The newest version has eliminated that problem. The software even goes so far as to clear the computer clipboard when you close it in case you have copied a password or username there.
Labels: passwords, productivity, security, software
Thursday, October 25, 2007
Phishing - Now It Is Personal
I consider myself to be a careful computer user. I have do not remember ever catching a trojan or virus in at least the last seven years. I carefully surf the web on any of my production computers. Well, I got caught in a simple and easily-contrived phishing scam recently.
An email arrived indicating that the credit card used in my Yahoo pay-per-click advertising account was about to expire. I knew this event was going to happen soon, so I clicked the link and entered my user name and password in the very official Yahoo Marketing login page. The remainder of the process was odd, though. I was not taken to a page with my credit or account information. I chalked it up to a web oddity and made a note to check it out later.
Well later did not come soon enough. When I went back to log into Yahoo I was unable to do so. It all came together in my head - I had been scammed. A call to customer support at Yahoo quickly resolved the issue. The culprit had charged $500 to my credit card and proceeded to setup his keywords and such. Yahoo refunded the $500 and restored my account in just a couple of hours.
How to you prevent this. I now have a habit of not opening any notice directly from an email. I will open a link if a friend sends me a Youtube video or such, but I do not click on a link if it involves my bank, credit card, or any account with monetary value. If any link leads to a login page or any form that asks a personal question then I just close the browser.
Obviously we need to follow up on certain notices, though. The best method is to open a browser and enter the usual address that we use to access the service. Then look in the area of interest pointed out in the email.
This brings up a another valuable point. DO NOT use the same password for every web site. Using a unique password for each web site will minimize your exposure if you do get caught in a phishing scam. I do use the same password for non consequential web sites, but I use a different password for each and every financially related web site. I will follow up with more information about how to manage passwords easily and safely.
An email arrived indicating that the credit card used in my Yahoo pay-per-click advertising account was about to expire. I knew this event was going to happen soon, so I clicked the link and entered my user name and password in the very official Yahoo Marketing login page. The remainder of the process was odd, though. I was not taken to a page with my credit or account information. I chalked it up to a web oddity and made a note to check it out later.
Well later did not come soon enough. When I went back to log into Yahoo I was unable to do so. It all came together in my head - I had been scammed. A call to customer support at Yahoo quickly resolved the issue. The culprit had charged $500 to my credit card and proceeded to setup his keywords and such. Yahoo refunded the $500 and restored my account in just a couple of hours.
How to you prevent this. I now have a habit of not opening any notice directly from an email. I will open a link if a friend sends me a Youtube video or such, but I do not click on a link if it involves my bank, credit card, or any account with monetary value. If any link leads to a login page or any form that asks a personal question then I just close the browser.
Obviously we need to follow up on certain notices, though. The best method is to open a browser and enter the usual address that we use to access the service. Then look in the area of interest pointed out in the email.
This brings up a another valuable point. DO NOT use the same password for every web site. Using a unique password for each web site will minimize your exposure if you do get caught in a phishing scam. I do use the same password for non consequential web sites, but I use a different password for each and every financially related web site. I will follow up with more information about how to manage passwords easily and safely.
Labels: email, passwords, phishing, security
Subscribe to Posts [Atom]