Tag Archives: safe

Weak Password Control – A Self Inflicted Injury

imageOver the weekend, Gawker.com was attacked, leading to a compromise of some 1.5 million user login credentials on Gawker owned sites, including Gizmodo, and Lifehacker.

According to Gawker Media

Our user databases appear to have been compromised. The passwords were encrypted. But simple ones may be vulnerable to a brute-force attack. You should change your Gawker password and on any other sites on which you’ve used the same passwords.

In an ironic twist to this tale of woe, it turns out that Nick Denton, the site’s founder, had not followed his own advice and in fact, used the same password for his Google Apps account, his Twitter account, and others.

So what gives? Why would someone with the supposed technical competence of Denton be so boneheaded? I suspect it’s because the reality is – he’s no different than any typical user when it comes to establishing and enforcing proper password control. A lackadaisical effort is the norm.

I understand the the dilemma. Complicated, in other words, safe passwords are hard to remember, whereas easy passwords, in other words unsafe passwords, are easy to remember. And, a single password is surely easier to remember than a series of passwords, simple or not. No surprise then, that most computer users’ employ a single, easy to remember, and consequently – unsafe password.

So what’s a user to do to avoid this critical security lapse? Well, you could follow the most common advice you’re likely to find when it comes to password control, and install a “password safe” – an application designed to store and retrieve password.

The Internet is full of advice that on the face of it seems reasonable, responsible and accurate. You know how it is – if you hear it often enough then it must be true. In my view, the password safe advice falls into this category.

Let me pose this question – you wouldn’t hang your keys outside your front door, would you? Of course you wouldn’t. Then why would you save passwords on the Internet, or on your computer? If there is one computer truism that is beyond dispute, it’s this – any computer application can be hacked, including password safes.

I have never saved passwords online, or on a local machine. Instead, I write my passwords down, and record them in a special book; a book which I keep ultra secure. There are some who disagree, for many reasons, with this method of password control, but I’m not about to change my mind on this issue.

I know that on the face of it, writing down your password seems counter intuitive, and flies in the face of conventional wisdom, since the issue here is one of security and safety.

But, ask yourself this question – is your home, office, wallet etc., more secure than your computer? If the answer isn’t “yes”, then you have additional issues that need to be addressed.

While it may be true that you don’t want your wife, lover, room mate, or the guy in the next office, to gain access to your written list of passwords – and writing down your passwords will always present this risk; the real risk lies in the cyber-criminal, who is perhaps, thousands of miles away.

Computer security involves a series of trade-offs – that’s just the reality of today’s Internet. And that brings us to the inescapable conclusion, that strong passwords, despite the fact that they may be impossible to remember – which means they must be written down – are considerably more secure than those that are easy to remember.

Here are some guidelines on choosing a strong password:

Make sure your password contains a minimum of 8 characters.

Use upper and lower case, punctuation marks and numbers.

Use a pass phrase (a sentence), if possible. However, not all sites allow pass phrases.

Since brute force dictionary attacks are common, keep away from single word passwords that are words in a dictionary.

Use a different password for each sign-in site. This should be easy since you are now going to write down your passwords. Right?

You are entitled, of course to disregard the advice in this article, and look at alternatives to writing down your passwords, including Password Safe, a popular free application. As well, a number of premium security applications include password managers.

Interestingly, Bruce Schneier, perhaps the best known security guru and a prime mover, some years back, behind the development of  Password Safe, is now an advocate of – you guessed it; writing down your passwords.

If you have difficulty in devising a strong password/s, take a look at Random.org’s, Random Password Generator – a very cool free password tool.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

15 Comments

Filed under cybercrime, Don't Get Hacked, downloads, Freeware, Interconnectivity, Internet Safety, Online Safety, Password Control, Software, System Security, Windows Update

Should You Forget About Password Safes and Write Down Your Passwords?

image There are days when Surfing the Internet, it seems to me,  is like skating on thin ice – one wrong move and you’re in trouble. I know – this past weekend I got hacked. After 20+ years – BAM!

There are any number of possibilities as to what happened, but one of those possibilities is not unauthorized access to my online saved Passwords. I don’t save passwords online. I never have, and I never will.

Instead, I write my passwords down, and record them in a special book; a book which I keep ultra secure.

There are some who disagree, for many reasons, with this method of password control, but I’m not about to change my mind on this issue, and here’s why –

The world is full of advice that on the face of it seems reasonable, responsible and accurate. You know how it is – if you hear it often enough then it must be true.

One piece of computer security advice that you’ve probably heard over and over again is – don’t write down your password/s. The problem is; this piece of advice couldn’t be more wrong, despite the fact it seems reasonable, responsible and accurate.

Here’s the dilemma we face. Complicated, in other words, safe passwords are hard to remember, whereas easy passwords, in other words unsafe passwords, are easy to remember. No surprise then that most computer users’ employ easy to remember, and unsafe passwords.

You know the kind of passwords I’m talking about – obvious passwords, like your first name, or your wife’s name, child’s name, date of birth date, etc. – passwords you’re not likely to forget. And that’s the problem – there’s no point in having a password at all if cyber-criminals will have no difficulty in figuring it out.

Cyber-criminals use simple processes, all the way to highly sophisticated techniques, to capture online passwords as evidenced by the Hotmail fiasco last year, in which an anonymous user posted usernames, and passwords, for over 10,000 Windows Live Hotmail accounts to a web site. Some reports indicate that Google’s Gmail, and Yahoo Mail, were also targeted. This specific targeting is one possibility that might explain how my Gmail account got hacked.

Not surprisingly, 123456 was the most common password captured, followed by (are you ready for this?), 123456789. Some truly brilliant users used reverse numbers, with 654321 being very common. Pretty tricky, huh? I’m being a little cynical, but..

I know that on the face of it, writing down your password seems counter intuitive and flies in the face of conventional wisdom, since the issue here is one of security and safety.

But, ask yourself this question – is your home, office, wallet etc., more secure than your computer? If the answer isn’t “yes”, then you have additional issues that need to be addressed.

While it may be true that you don’t want your wife, lover, room mate, or the guy in the next office, to gain access to your written list of passwords – and writing down your passwords will always present this risk; the real risk lies in the cyber-criminal, who is perhaps, thousands of miles away.

image Computer security involves a series of trade-offs – that’s just the reality of today’s Internet. And that brings us to the inescapable conclusion, that strong passwords, despite the fact that they may be impossible to remember – which means they must be written down – are considerably more secure than those that are easy to remember.

Here are some guidelines on choosing a strong password:

Make sure your password contains a minimum of 8 characters.

Use upper and lower case, punctuation marks and numbers.

Use a pass phrase (a sentence), if possible. However, not all sites allow pass phrases.

Since brute force dictionary attacks are common, keep away from single word passwords that are words in a dictionary.

Use a different password for each sign-in site. This should be easy since you are now going to write down your passwords. Right?

You are entitled, of course to disregard the advice in this article, and look at alternatives to writing down your passwords, including Password Safe, a popular free application. As well, a number of premium security applications include password managers.

Guest writer, Glenn Taggart’s article from yesterday – LastPass Password Manager – Secure Your Passwords and User Names, offers a terrific review of another free password application.

If you have difficulty in devising a strong password/s, take a look at Random.org’s, Random Password Generator – a very cool free password tool.

As an additional form of protection, you should consider the Firefox add-on KeyScrambler, which will protect you from both known and unknown keyloggers.

For additional info on password management, checkout Rick Robinette’s “PASS-the-WORD”… Basic password management tips” Many regular readers will remember that Rick is a very popular guest writer on this site.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

28 Comments

Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, downloads, Email, Freeware, Gmail, Google, Internet Safety, Online Safety, Personal Perspective, Software, System Security, Windows 7, Windows Tips and Tools, Windows Vista, Windows XP, Yahoo

Be Safe – Write Down Your Passwords

The world is full of advice that on the face of it seems reasonable, responsible and accurate. You know how it is – if you hear it often enough then it must be true.

image How many of us are ever likely to forget our Mother’s advice – dress warmly in the cold, or you’ll get sick? Advice, as it turns out, that has been debunked by the medical community. Despite this, most people, that I know, still believe Mom’s advice.

One piece of computer security advice that you’ve likely heard over and over again is – don’t write down your password/s. The problem is; this piece of advice couldn’t be more wrong. Just like Mom’s advice though, it seems reasonable, responsible and accurate.

Here’s the dilemma we face. Complicated, in other words, safe passwords are hard to remember, whereas easy passwords, in other words unsafe passwords, are easy to remember. No surprise then that most computer users’ employ easy to remember, and unsafe passwords.

You know the kind of passwords I’m talking about – obvious passwords, like your first name or your wife’s name, child’s name, date of birth date, etc. – passwords you’re not likely to forget. And that’s the problem – there’s no point in having a password at all if cyber-criminals will have no difficulty in figuring it out.

Cyber-criminals use simple processes, all the way to highly sophisticated techniques, to capture online passwords as evidenced by the Hotmail fiasco earlier this week, in which an anonymous user posted usernames, and passwords, for over 10,000 Windows Live Hotmail accounts to a web site. Some reports indicate that Google’s Gmail, and Yahoo’s Mail, were also targeted.

Not surprisingly, 123456 was the most common password captured, followed by (are you ready for this?), 123456789. Some truly brilliant users used reverse numbers, with 654321 being very common. Pretty tricky, huh? I’m being a little cynical, but..

I know that on the face of it, writing down your password seems counter intuitive and flies in the face of conventional wisdom, since the issue here is one of security and safety. But ask yourself this question – is your home, office, wallet etc., more secure than your computer? If the answer isn’t “yes”, then you have additional issues that need to be addressed.

While it may be true that you don’t want your wife, lover, room mate, or the guy in the next office, to gain access to your written list of passwords – and writing down your passwords will always present this risk; the real risk lies in the cyber-criminal, who is perhaps, thousands of miles away.

image Computer security involves a series of trade-offs – that’s just the reality of today’s Internet. And that brings us to the inescapable conclusion, that strong passwords, despite the fact that they may be impossible to remember – which means they must be written down – are considerably more secure than those that are easy to remember.

Here are some guidelines on choosing a strong password:

Make sure your password contains a minimum of 8 characters.

Use upper and lower case, punctuation marks and numbers.

Use a pass phrase (a sentence), if possible. However, not all sites allow pass phrases.

Since brute force dictionary attacks are common, keep away from single word passwords that are words in a dictionary.

Use a different password for each sign-in site. This should be easy since you are now going to write down your passwords. Right?

There are alternatives to writing down your passwords of course, including Password Safe, an excellent free application. As well, a number of premium security applications include password managers.

If you have difficulty in devising a strong password/s, take a look at Random.org’s, Random Password Generator – a very cool free password tool.

As an additional form of protection you should consider the Firefox add-on KeyScrambler, which will protect you from both known and unknown keyloggers. Personally, I wouldn’t think of signing on to the Internet without KeyScrambler being active.

For additional info on password management, checkout Rick Robinette’s “PASS-the-WORD”… Basic password management tips” Many regular readers will remember that Rick is a very poplar guest writer on this site.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

10 Comments

Filed under Don't Get Scammed, Don't Get Hacked, downloads, Email, Firefox Add-ons, Freeware, Internet Security Alerts, Online Safety, Safe Surfing, Software, Utilities, Windows Tips and Tools

7 Freeware Security Apps Everyone Should Download

Guest writer Mary Ward, gives you the lowdown on her choices of the best free security programs you need to safeguard your computer.

adware 4 You most likely cannot count the number of times that you have went to all the trouble to download a security app that claims it will take care of all the problems with your computer for absolutely no charge to you at all.

How many times did the app actually perform as it was expected to do? Better still, how often did the free app turn out to be not so free after all? Often the answer to these questions is a big fat zero.

Unfortunately, the majority of software companies tend to use catchy gimmicks to pull customers in and convince them to purchase their overpriced security apps.

You may get a month of free service, but then you will have to pay the cost for a complete subscription if you wish to continue to use the software. In addition, other software that is supposed to keep your computer secure at no charge will simply scan your computer for any bugs, but do nothing about it.

The picture may look bleak, but there are real, honest freeware security programs that provide excellent computer security for no cost.

7 Real Free Security Apps For Your Computer

In order to keep your computer as safe as possible without completely emptying your wallet, you can try these free security apps that everyone should download:

  1. Ad-Aware SE Personal
    Perhaps the most popular, this is an all-encompassing tool for removing spyware from your computer system. You will be able to maintain a huge database of blacklisted spyware types as well as identify any malicious program code in order to provide you with the greatest possible protection for your computer system for hard-to-eliminate spyware.
  2. Spybot – Search & Destroy
    This app uses a special technique for performing deep scans in order to cleanse you computer system more effectively from some of the most difficult to understand types of spyware. You will also be able to blacklist a number of specific kinds of spyware in order to keep it from ever popping up on your computer system ever again in the future.
  3. Avast Home Edition
    This is a complete anti-virus suite that includes email protection, a firewall, internet traffic filtering, real time scanning, automatic virus database updates and much, much more.
  4. Sophos Anti-Rootkit
    This one will eliminate complicated rootkits as well as a number of different kinds of malware that may be hiding on your personal or network computer.
  5. ZoneAlarm
    This is one of the most popular and all-inclusive firewall suites available for download. It includes a rule set that is easily customizable as well as a highly effective system that will warn you any time your computer is at risk. Be sure to click “I only want basic ZoneAlarm protection” or else you will end up downloading only a free trial version of the app.
  6. Thunderbird
    This email client is secure and very easy to customize to suit your needs perfectly. It comes with encryption capabilities, phishing protections and spam filters.
  7. Firefox
    This web browser is a favorite of many thanks to its awesome security features and all the great add-on you can get to go with it.

These apps make life on the internet much safer for not only you, but also anyone who comes in contact with you via your computer.  Stay safe and enjoy your web browsing and productivity with these 7 freeware security applications.

This is a guest post by Mary Ward who writes about various safety, security, and legal career topics, including how to obtain a court reporting degree. Checkout what Mary has to say on top court reporting degree programs.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

7 Comments

Filed under Don't Get Scammed, Don't Get Hacked, Free Security Programs, Freeware, Software, System Security, Windows Tips and Tools

Free Anonymous Phone Numbers for Online Safety

Privacy is a major issue for most people who use the Internet; particularly those who use web based listing service such as eBay, craigslist, and online dating services. Not surprisingly, to interact with these services, participants need to provide a contact phone number.

Not all participants feel comfortable in providing their home, business, or cell phone numbers to unknown parties that can conceivably place them at risk.

So how can you address this challenge? Well, luckily there are a number of free services that offer solutions to this problem.

The new kid on the block is LetsCall.me. Currently, LetsCall.me connects numbers in the US and Canada only.

From the LetsCall.me web site:

This is a free service that makes it easy and safe for people to call you. Use with online services such as Craigslist, or any other situation you want to talk, but don’t want to reveal your phone number.

Create a web address to give to people that want to call you:

http://letscall.me/

Benefits of LetsCall.me

Accept calls anonymously without revealing your phone number

No caller id blocking – always know who’s calling

Block unwanted callers

Easier to remember than a phone number

Great for Craigslist and other internet sites

Be safe – don’t give out your phone number, use LetsCall.me

How it works

Pick your own URL such as letscall.me/johndoe

Instead of giving out your phone number, share your LetsCall.me page

People who want to call you input their phone number on your LetsCall.me page, and then we will call them and connect them with you.

Your phone will ring with the other person’s Caller ID – since the other person needs to receive the call first, they cannot fake their number

Talk with the other person as often and as long as you want

If you want to block the person from calling you, just tell us their number

Check out this free service at LetsCall.me

Another recent addition to this category of fee service providers is Hookup digits.

Take a look at this from Hookup digits website.

How does it work?

Simply type in your REAL phone number (cell or landline number)…then our system will automatically give you a hookup digit phone number. Share this number with who ever you like. The caller never sees your REAL number. (unless you call them) All incoming calls through this number are anonymous.

In addition, the person calling you also shows up anonymous. (the caller ID will show your hookup digits as an incoming call so you know it isn’t your mom calling) The callers are protected too. No sharing of REAL numbers will happen unless you want them to.

What else do I need to know?

Your hookup digits will be active for 7 days, during which anyone can call you anonymously.

After 7 days, if you don’t want to use the number any more, you don’t have to do anything, it just expires. If you still need the number, just return to the site and renew it.

Calls can last for up to 10 minutes, if you need more time, just have the caller call you back. You can do this as many times as you like!

And best of all, its completely free!

Check out this free service at the Hookup digits website.

3 Comments

Filed under Free Anonymous Phone Numbers, Freeware, Geek Software and Tools, Interconnectivity, Internet Safety, Internet Safety Tools, Online Safety, Personal Perspective, Privacy, Safe Surfing, Windows Tips and Tools

Online Banking Security – Be Safe – Know the Rules!

As use of the Internet continues to expand, banks and other financial institutions are using the Internet to offer products and services, or otherwise enhance communications with consumers.

The Internet offers the potential for safe, convenient new ways to shop for financial services and conduct banking business, any day, any time. However, safe banking online involves making good choices; decisions that will help you avoid costly surprises, or scams.

You are your own best protection. So learn about and take advantage of security features offered by your financial institution.

Some examples:

Encryption is the process of scrambling private information to prevent unauthorized access. To show that your transmission is encrypted, most Internet browsers display a small icon on your screen that looks like a lock or a key, when you conduct secure transactions online. Avoid sending sensitive information, such as account numbers, through unsecured e-mail.

Passwords, or personal identification numbers, should be used when accessing an account online. Your password should be unique to you, and you should change it regularly. Do not use birthdates or other numbers or words that may be easy for others to guess.

Always carefully control to whom you give your password. For example, if you use a financial company that requires your passwords in order to gather your financial data from various sources, make sure you learn about the company’s privacy and security practices.

General security over your personal computer such as virus protection and physical access controls should be used and updated regularly. Contact your hardware and software suppliers, or Internet service provider, to ensure you have the latest in security updates.

Tips on safe computing practices when conducting your online banking at home, or at a public computer:

· Never leave your computer unattended once you have signed in to online banking.

· After completing your transactions, ensure that you sign out of online banking, clear your cache, and close your browser.

· Keep your password and card number safe.

· Do not share, disclose, or provide your bank card number, or password, to another party or website other than your bank. Most banks will not send you an email requesting this information.

· Do not save your bank card number or password on a publicly accessed computer.

· If using a public access computer such as an Internet café or public library, change your password after completing your session by calling your bank’s telephone banking number.

· When selecting a password, choose a series of characters that cannot be easily guessed by anyone else. The best passwords are made up of an alpha-numeric combination that’s more than four characters long and a combination of capital and lower case letters.

Don’t use:

· A password you use for any other service.

· Your name or a close relative’s name.

· Your birth date, telephone number or address, or those of a close relative.

· Your bank account number or bank card number.

Do not share your personal verification question answers with anyone, and do not disclose them in any emails. Giving your password answers to another person or company places your finances and privacy at risk.

4 Comments

Filed under Encryption, Interconnectivity, Internet Safety, internet scams, Online Banking, Online Safety, Phishing, Privacy, Windows Tips and Tools