Password Security – Time to rethink about passwords

How many passwords do you have?
Does someone have your password?
How do you protect yourself from this?

Passwords are a big deal!!!  They control access to everything in our lives.  This means we should be as secure about our passwords as possible.  Most people have a tendency to have a low medium and high security password.  This is a great theory, but a very misguided thought process.  Computers have a lot of horsepower now and the time to break a password is trivial.  Add to this that Google will tend to have a LOT of information about you, makes passwords easy to guess.

Example: a Child’s name password
Low – ben
Med – Ben72
High – @Ben1972!

All of these passwords are valid.  The question is where did you use these passwords at?  If you use them on a network that is not secure, or a service such as POP email, then you may not be the only person that has these passwords.

Human nature is to keep passwords simple, but in the world of computers simple passwords don’t help.  The other trait of people is to have password we can remember, if it is too hard to remember we simply write it down and leave it on our desk.  Well people will look at your desk and see your password taped to the monitor and now have access to your data.

There are several ways to fix this
1) Never reuse your passwords (there are programs that will make every combination of passwords available from you lowest level password)
2) Keep passwords in a secure location
3) A recommended method of the above solutions is to use something like lastpass.com ‘s password manager from http://lastpass.com The free or premium both work well.  Another great product is Keepass from http://keepass.com/ and if you are on a Mac 1pasword from agile web is the way to go.

The advantage of these products is they will give you a random password and the ability to both store your password as well as simplify the login process by putting in your login and password and you only need to remember 1 password.  Which you wont’ give out!!!

Happy and Safe Surfing!!!!

Paranoia Refresher – Laptop Theft

The weekend of the 7th of February I was at a security professionals conference. (Shmoocon) Yes it is a hacker convention, but it is a great place to learn about higher level security issues that affect people. It also refreshed my mind on some basic ideas of security. Many times the security talks that are presented are simply not useful for the average person. That being said it did raise the level of paranoia I have about computer security in general.

Another reminder that added to this was the theft of two different laptops. The laptop was left unattended for what ever reason and sprouted legs and walked away. The other reminder was from a parked car with a laptop in the back seat. A brick though the window and the laptop disappears.

I won’t go into the data security on this blog post but suffice it to say these were crimes of opportunity. It is extremely easy to have a laptop walk away in a crowded restaurant. So on to the security of laptops

If you have a laptop in your car, in a crowded parking lot, put the laptop in your trunk. As simple as that. If a thief can’t see the laptop it is harder to steal. In a restaurant, if you make your laptop even remotely difficult to steal it will be pushed to the bottom of the list to be stolen. In a crowded environment where you might get up to get coffee or use the restroom lock your laptop to the table. This does require a slight investment of anywhere from $8 (US) on up depending on how secure you want it (I will not go into the exceptionally simple methods shown in the lock pick village to defeat a lock). In the case of the person’s laptop being stolen in a restaurant, even the cheapest lock would have prevented this theft.

When a laptop is sitting on a table, no one will think twice about someone walking buy and grabbing it. If a bolt cutters, or even lock picks is brought out to cut a cable lock that will bring attention. A thief will avoid attention at all costs. There is a very important element to this scenario, LOCK the laptop don’t just make it look like it is.

I personally have not ever seen a laptop that does not have a locking port on the side of the laptop. So please use it!!

Summary:

Lock your physical laptop when leaving it in public

Do not leave your laptop in plain site in your car

Domain Highlighting

Internet Explorer 8 (IE8) has an interesting security feature worth exploring and understanding, Domain Highlighting.

This is a simple feature which highlights the Top Level Domain of a website in black while graying out the rest of the website link.

A Top Level Domain is the primary Domain Name of any site which can have any number of Sub-Domains highlighting the Top Level Domain of a website in the address bar always ensures that the user is always aware of site he is in. This is very important when it comes to secured sites like your online banking website or a site like PayPal where the information you enter (anything from a access user name and password to account & credit card information) is critical.  And, making this look very clearer and highlighted in the address bar from the rest of the link makes the user that extra vigilant about where he is and be sure he is in the website that he intended to visit and not a spoofed or phishing website.

What this feature does is give you a very quick way to know what domain you are actually entering.  (Reference: http://www.windowsreference.com )

Most people do not know how a domain name / web page name should look.  When you actually dissect the way a domain name looks it will lead you to the insight to keep yourself protected.  The most important thing to look for on a domain is the . (period)  This will show you the type of web site you are going to be going to.  The . (from dot com) is what they call a Top Level Domain.  There were at one time only 13 servers that controlled the Top Level Domain Servers.  There are many more now.  What i hope you will bring from this is the .com .net .edu etc are what they call Top Level Domains.

In the examples above you have http://www.microsoft.com/en/us/default.aspx as the web site that the person was on.  In this system you see the top level domain of .com and the sub domain of Microsoft.com.  If what you want to do is go to Microsoft.com then you are where you wish to be.

The evil bad guys are really trying to confuse you in order to get you to sign into their site instead of a real site.  The most targeted example is banks.  They want very much to get you to go to their web site put your user name and password in and try to check your account.  If you accidentally do this they now have your real user name and real password to your bank.  This is a very bad idea!!!!

For example, a URL of the following form will open http://example.com, but the URL in the Address bar or the Status bar in Internet Explorer may appear as

http://www.wingtiptoys.com:

http://www.wingtiptoys.com%01@example.com

All that to tell you to read the address bar and see what web site you are on.  So if you typed Microsoft.com then you will know Microsoft.com is the site are you on because it is the ONLY part that is in bold letters.   As of right now, IE8 is the only browser that does this without some kind of add on program.

I have found this to be a great feature and one that is easy to use when a person knows to look for it.

Happy and Safe Surfing!!!