SECURITY: A password manager is essential today

Wednesday, February 14, 2018

https://www.lifewire.com/password-managers-4151868

Password Managers You Need
Online security can be stress-free with a password manager in your corner
by Tom Nelson
Updated October 02, 2017

*** begin quote ***

A password manager is an application that can generate, store securely, retrieve, and manage passwords and other login credentials. And it may well end up being the best friend you have when it comes to keeping your privacy safe while browsing the web and accessing your favorite online services.

Password managers let you collect and store all of your passwords and login information for various accounts in one easy-to-access app that can log you in to any service you have subscribed to with just a couple of clicks or taps.

The ease of access to your passwords usually puts an end to two of the most common security problems involving online services: using the same password for multiple sites, and using easy to remember, and thus easy to guess, login credentials.

It’s important to use different passwords for each and every site/service you use because if one of the sites or services you use is hacked and the hackers gain access to your name and password, they will start trying your name and password combination on lots of sites (think banks and social media sites). By having completely different passwords for each site/service leaves you far less vulnerable.

*** end quote ***

I am a lastpass fanboy.

https://lastpass.com/f?408336

Just this week, I had to help two people with “password problems”.

Both were with IOS, which makes me suspect that IOS screwed something up?

In any event, one was with Yahoo mail. Of course, the noob had never set anything up with “disaster recovery” in mind.

(And, the Sprint tech, who swap her phone out on an upgrade, never backed up any of her “stuff”. She was in tears until I suggested that she request photos from her friends with whom she probably shared them with. That got her back a lot but no one knows if it was all. I set up Google Photos to archive all of them and turned on her iCloud back up. Argh!)

Any way, I was able to get her phone to register with Yahoo as a recovery alternative. And, then recover her original password. Eventually, Yahoo “timed out” and “excessive recoveried” her. But it was good enough to get her mail flowing again.

I set up her LastPass and it began automatically capturing passwords for her.

But why does everything have to be done AFTER a disaster?

Argh!

Do these technology companies not realize that it has to be brain dead simple and that the average User has no concept of what is going on?

Argh!

# – # – # – # – #


SECURITY: Tricks for passwords

Wednesday, December 31, 2014

http://www.networkworld.com/article/2860418/security0/6-simple-tricks-for-protecting-your-passwords.html?nsdr=true

6 simple tricks for protecting your passwords
By Maria Korolov Follow
Network World | Dec 22, 2014 3:00 AM PT

*** begin quote ***

We all know that the current username-and-password system is broken. With Russian hackers reportedly sitting on over a billion passwords, and new breaches hitting the news on a regular basis, it’s fair to assume that if hackers don’t have your password already, they’re about to.

“Most websites and companies require passwords that are at least eight characters long, contain lower and upper case characters, a number, and one or more special characters,” says Vincent Berk, CEO of network security firm FlowTraq.

These kinds of password policies have actually reduced security overall, argues Jacob West, CTO at HP Enterprise Security Products. “We need to bring some sanity back to our password policies,” he says. “A human will never be able to meet these requirements.”

*** and ***

1. Letter substitution cipher: a=b

2. Letter substitution cipher: a=s

3. Never write down encrypted passwords; banana, not nsmsms

4. Use earworms to your advantage: Wheels on the bus go round and round

5. The mnemonic code: a=alpha

6. Add site name to end of password: banana-twitter

*** and ***

One popular alternative is to use a password management tool that keeps all your passwords in an encrypted file, usually in combination with apps on your desktop, laptop and mobile devices.

*** end quote ***

I have used all of these at one time or another.

I think LASTPASS with a complex master password written no where is “good enough” for my non-financial passwords. The few financial ones I have memorized.

AND … …

For those sites who use “security questions”, Users should treat those just like passwords. Do NOT use real answers.

Happy New Year!

# – # – # – # – #   


SERVICE: LASTPASS’ security check

Monday, December 3, 2012

https://lastpass.com/index.php?securitychallenge=1

The security check ignore how I use LASTPASS.

I keep my old passwords in LASTPASS as well as all non-critical new ones. (No one gets the passwords to my financial accounts. Those I have memorized. If I ever get alzs, I’m in trouble.) So what the security check calls dupes are either iteration of the same account. Not every url is a simple single entry point.

Additionally, there is a need to keep old passwords for restored systems,

Another topic, I have problem is those secondary authentication questions for lost passwords. I NEVER give the correct answers. In fact, I use last pass’ tool generate to create the answers. And they are unique by site. So my favorite book might be “4zm7#ut47” on one site and “ut47#vj4a” on another. I use special notes for those. But it would be nice if last pass helped me with them.

so I don’t agree with my score.

fjohn

–30–


TECHNOLOGY: LIFELOCK teaches care in the use secondary passwords for primary password reset

Friday, January 13, 2012

http://www.lifelock.com/identity-theft/types/

How Identities Are Stolen
When it comes to identity theft, the first step in protecting yourself is learning what thieves are doing to steal your personal information.

# – # – #

 

Interesting that LIFELOCK doesn’t have their commercials on their websites. GODADDY, boo hisss sopa-lover, integrates their hyper-sex commercials with their website (i.e., the TV commercial points to the X-rated version and the website has both the TV version and the “X-rated one. I’d dispute the X rating. Yeah, they sucked the lecherous me to watch. I, of course, did it from a technology and moral arbiter pov. Just so you didn’t have to endure it.) LIFELOCK misses the opportunity to reinforce their message.

MORE interesting, is that LIFELOCK’s TV commercial points out the flaw in what I’ll call secondary authentication and what the banks call “easy password recovery”. Argh! Those “password reset” questions are really passwords controlling the reset function. Mother’s Maiden Name, Date of Birth, Pet’s Name.

ARGH!

Absolute stupidity.

I know why the banks and others do it. They don’t want the expense of fielding a telephone call for a password reset. (When I was at CSFB, I figured each one cost “me” 45$. I figured a clever way to “solve” that problem at ZERO cost. Hire me and I’ll share it.)

So, how does the average User defend themselves?

(1) Never ever use these resets for the named purpose? For examples, “Mother’s Maiden Name” for me might be “TAYLOR_SWIFT”; DOB for me is 10/19/62 (Cuban Missile Crisis); Pet’s name is “58#ae#MK#Es#82”. All carefully captured on paper.

(2) Use a tool like LASTPASS, KEYPASS, or 1PASSWORD for NON-FINANCIAL uses.

(3) Use real passwords that you memorize or write down in your calendar or note book for FINANCIAL sites.

(4) Always insist that FINANCIAL institutions or SERVICE PROVIDERS send you a paper bill. Upon receipt, take the statement and review it. Initial EVERY page.

(5) Never permit any one or any thing to have direct access to your financial accounts. (Made that mistake once.)

# – # – # – # – #

 

 


SERVICE: Generate safe passwords

Wednesday, January 21, 2009

http://www.safepasswd.com/  

I like it but I’d prefer if it would generate a page at a time.

Like a one time pad.

# # # # #


%d bloggers like this: