SECURITY: A password manager is essential today

Wednesday, February 14, 2018

https://www.lifewire.com/password-managers-4151868

Password Managers You Need
Online security can be stress-free with a password manager in your corner
by Tom Nelson
Updated October 02, 2017

*** begin quote ***

A password manager is an application that can generate, store securely, retrieve, and manage passwords and other login credentials. And it may well end up being the best friend you have when it comes to keeping your privacy safe while browsing the web and accessing your favorite online services.

Password managers let you collect and store all of your passwords and login information for various accounts in one easy-to-access app that can log you in to any service you have subscribed to with just a couple of clicks or taps.

The ease of access to your passwords usually puts an end to two of the most common security problems involving online services: using the same password for multiple sites, and using easy to remember, and thus easy to guess, login credentials.

It’s important to use different passwords for each and every site/service you use because if one of the sites or services you use is hacked and the hackers gain access to your name and password, they will start trying your name and password combination on lots of sites (think banks and social media sites). By having completely different passwords for each site/service leaves you far less vulnerable.

*** end quote ***

I am a lastpass fanboy.

https://lastpass.com/f?408336

Just this week, I had to help two people with “password problems”.

Both were with IOS, which makes me suspect that IOS screwed something up?

In any event, one was with Yahoo mail. Of course, the noob had never set anything up with “disaster recovery” in mind.

(And, the Sprint tech, who swap her phone out on an upgrade, never backed up any of her “stuff”. She was in tears until I suggested that she request photos from her friends with whom she probably shared them with. That got her back a lot but no one knows if it was all. I set up Google Photos to archive all of them and turned on her iCloud back up. Argh!)

Any way, I was able to get her phone to register with Yahoo as a recovery alternative. And, then recover her original password. Eventually, Yahoo “timed out” and “excessive recoveried” her. But it was good enough to get her mail flowing again.

I set up her LastPass and it began automatically capturing passwords for her.

But why does everything have to be done AFTER a disaster?

Argh!

Do these technology companies not realize that it has to be brain dead simple and that the average User has no concept of what is going on?

Argh!

# – # – # – # – #


CLOUD: My desire to leave the Apple / Microsoft “jail” is hindered by these functions or programs

Saturday, May 2, 2015

TO produce my Jasper Jottings:

  • BlueGriffon — to compose HTML
  • MARSEDIT — to capture my daily Jasper Jottings blog
  • FileZilla — to post it
  • Mail chimp — web-based service
  • Yahoo Group — web-based service 

TO produce my blog:

  • MARSEDIT —blog posts
  • TEXEXPANDER — for quotes and shorthand

Other functions

  • iMessage — for texting
  • Opera Mail — for yet another Mail program and rss feeds
  • PROXPN — for privacy on public wifi
  • LIBRE OFFICE — microsoft compatibility
  • CLIP MENU — for cut and paste memory 
  • DOXIE — for scanning
  • FACETIME — for video calls
  • FITBIT CONNECT — for tracking
  • FORMAT MATCH — cut and paste format free text
  • LASTPASS — password generation
  • SCRIVENER — for writing; constrained by disk space
  • PHOTO — space constrained

Any suggestions?

# – # – # – # – # 


SERVICE: LastPass offers Grid Multifactor Authentication to free Users

Saturday, September 1, 2012

http://helpdesk.lastpass.com/security-options/grid-multifactor-authentication/

*** begin quote ***

At LastPass, we strongly encourage our users to take advantage of our multifactor authentication options. Multifactor authentication requires the user to present both username/password and information from another, often physical, item. This means that if a hacker gets your password, they are still unable to access your LastPass account without this second factor.

LastPass offers multifactor authentication as a Premium feature, but we also believe that everyone should be protected online, so we have created the Grid Multifactor Authentication as a feature available to both Premium and non-Premium users.

*** end quote ***

Another service beefs up security.

# – # – # – # – #   


INTERESTING: Sneaky Computer Security Tips

Sunday, April 8, 2012

(0) OBVIOUSLY use unique passwords in every instance. (Use LASTPASS, ROBOFORM, or KEYPASS to remember the UNIMPORTANT ones. Do you care if someone can “share” your PORN stash. (Like I’d EVER have porn. You can catch a case of the computer equivalent of a social disease — malware, virus, or data leak. I think the real kind MIGHT be easier to cure.)

(1) Never STORE financial passwords anywhere, but in your head. (And, in a sealed envelope, located in your bank safe deposit box, for your executor.) Never ever! (If you have more than 5 ± 2, you have too many accounts.) Sorry guys, I don’t even trust my most TRUSTED  vendors. (Fact of life. Don’t trust. You won’t be disappointed.)

(2) If you do STORE a profile somewhere, ALWAYS use your real birthday ± 1. (It’ll be our little joke. Play along with all the FACEBOOK birthday wishes. Your real life fans will enjoy the joke. You DO have real life friends; don’t you? So sad if you don’t. You can link to me. I have very few — hi oldest, older, and just plain old!)

(3) If you do STORE — obviously not USE — a credit card number, ALWAYS do a typo with the “secret number” and add ± 1 to the last digit. (Then when someone has a security breech, they have your garbage.)

(4) If you do STORE an address for your self, put a typo somewhere so you know who to blame. (Personally I like middle name. “Hi, I’m F. 37 REINKE.”)

(5) If you can and it’s not needed for credit, add ± 1 to your SSN. (“Oh, sorry, I made an oopsie.”)

(6) ALWAYS mess with the secondary authentication questions. But do it in a consistent manner! (“Where were you born?” “Bayonne158” That’s Our Girl’s and her favorite number.) Caveat: Three sites — CAREMARK CVS, PAYTRUST, BOA — make you remember it from time to time. (If I forget, there is always “call one 800 outsourced service desk”. Reset them to colors. Then go in and immediately change them.) I always record my answers in LASTPASS ± 1. A great tool.

YMMV MTFBWY AMTHOBAIYF

# – # – # – # – #  2012-Apr-07 @ 05:07

 


TECHNOLOGY: Strengthen All Your Passwords

Thursday, February 9, 2012

http://blog.lastpass.com/2012/02/resolutions-with-lastpass-10-strengthen.html

Feb 8, 2012
Resolutions with LastPass: #10 Strengthen Your Master Password

*** begin quote ***

For the last installment in our resolutions series, we wanted to touch upon an important aspect of using LastPass: the strength of your master password. At LastPass, we’ve always touted we’re “the last password you’ll ever need”. With only one strong password to remember and a host of customizable security options, you can let LastPass take care of the rest. So it goes without saying, then, that your LastPass master password should be strong and unique while still memorable.

*** end quote ***

Personally,

I never use (i.e., reuse) the same password anywhere. I used to use my SecureId token to generate random numeric passwords. When it died, I moved to a book code to generate passwords. Then, I generated pages of random noise with http://clsc.net/tools/random-string-generator.php as the tool.

(1) for websites that I won’t have to authenticate to manually, I let LASTPASS give me a random string that’s as long as the site allows.

(2) for websites that I will have type or tap in, I use four random words with a special characters as separators. And, I log in once from a real keyboard and let LASTPASS capture it.

(3) for bank accounts and other sites related to finances, I do the old fashioned random sentence like “wrong#sign#bridge#fall#down#nooo#partial#credit”. With a LASTPASS safe not with a reminder: “What did Doctor Zia say about a sign error? With #’s”.

I don’t trust anyone with my money. :-) Even myself.

Hope this helps?

# – # – # – # – #

 

 


TECHNOLOGY: LIFELOCK teaches care in the use secondary passwords for primary password reset

Friday, January 13, 2012

http://www.lifelock.com/identity-theft/types/

How Identities Are Stolen
When it comes to identity theft, the first step in protecting yourself is learning what thieves are doing to steal your personal information.

# – # – #

 

Interesting that LIFELOCK doesn’t have their commercials on their websites. GODADDY, boo hisss sopa-lover, integrates their hyper-sex commercials with their website (i.e., the TV commercial points to the X-rated version and the website has both the TV version and the “X-rated one. I’d dispute the X rating. Yeah, they sucked the lecherous me to watch. I, of course, did it from a technology and moral arbiter pov. Just so you didn’t have to endure it.) LIFELOCK misses the opportunity to reinforce their message.

MORE interesting, is that LIFELOCK’s TV commercial points out the flaw in what I’ll call secondary authentication and what the banks call “easy password recovery”. Argh! Those “password reset” questions are really passwords controlling the reset function. Mother’s Maiden Name, Date of Birth, Pet’s Name.

ARGH!

Absolute stupidity.

I know why the banks and others do it. They don’t want the expense of fielding a telephone call for a password reset. (When I was at CSFB, I figured each one cost “me” 45$. I figured a clever way to “solve” that problem at ZERO cost. Hire me and I’ll share it.)

So, how does the average User defend themselves?

(1) Never ever use these resets for the named purpose? For examples, “Mother’s Maiden Name” for me might be “TAYLOR_SWIFT”; DOB for me is 10/19/62 (Cuban Missile Crisis); Pet’s name is “58#ae#MK#Es#82”. All carefully captured on paper.

(2) Use a tool like LASTPASS, KEYPASS, or 1PASSWORD for NON-FINANCIAL uses.

(3) Use real passwords that you memorize or write down in your calendar or note book for FINANCIAL sites.

(4) Always insist that FINANCIAL institutions or SERVICE PROVIDERS send you a paper bill. Upon receipt, take the statement and review it. Initial EVERY page.

(5) Never permit any one or any thing to have direct access to your financial accounts. (Made that mistake once.)

# – # – # – # – #

 

 


IPAD: LASTPASS works differently on IPAD

Wednesday, December 22, 2010

Unfortunately, LASTPASS is installed that appears to be a front end to SAFARI. On the NETBOOK and MACBOOKAIR1, it integrates with all browsers. Not sure I like the result.

# # # # #


%d bloggers like this: