Comments for Security for Dummies

Comment on 5 reasons to use PORTABLE password manager by John Wentz

John Wentz — Wed, 29 Jul 2009 18:26:10 +0000

Question to dpatrickcaldwell:
If you do not use one of these tools to keep track of all your passwords, what do you use? I’ve been using an Excel spreadsheet for years, but it’s becoming long and it doesn’t auto-fill for me.

I’ve used Ilium eWallet also, but I’ve given up on it after upgrading my mobile device. They now have a version for the iPod Touch and Phone. Looks interesting.

Comment on Back to passwords by patholog

patholog — Sat, 28 Feb 2009 11:41:40 +0000

Mr Caldwell, First, thank you for your comments. You say

I’ve never used an application to store my passwords because I’ve seen so many of those applications cracked. As a programmer, I know how easy it is to get to those passwords

Please allow me to to be sceptical about this. 1. How many strong passwords can you remember? 2. If the passwords database is encrypted - you never hack them 3. Try the n-Pass 4. I am not managing this blog, I've moved to Secure Portability

Comment on Back to passwords by dpatrickcaldwell

dpatrickcaldwell — Fri, 27 Feb 2009 21:19:25 +0000

I enjoyed your post about password security. That's one of my favorite topics in my blog (in fact, I wrote something today about how programmers store passwords). It's really frustrating for me when I have a really strong password and someone does something stupid with it like email my password to me, store it in plain text, or have me verify my social security number as authentication. I’ve never used an application to store my passwords because I’ve seen so many of those applications cracked. As a programmer, I know how easy it is to get to those passwords. In fact, if I had physical access to your machine, I’d have not only your windows passwords but any password you saved. Does that kind of thing make you nervous? It is cool though that you can keep your passwords in one place and then if, for some reason, you want to revoke rights, you can change only one password. Nice post. Thanks for sharing.

Comment on 3 facts from one source by dpatrickcaldwell

dpatrickcaldwell — Fri, 27 Feb 2009 21:18:13 +0000

I enjoyed your post about password security. That's one of my favorite topics in my blog (in fact, I wrote something today about how programmers store passwords). It's really frustrating for me when I have a really strong password and someone does something stupid with it like email my password to me, store it in plain text, or have me verify my social security number as authentication. I hate when I'm trying to type a password in and I can't use # or ! or other special characters or I can't use a password longer than 12 characters. I mean, why limit me on the strength of my own password? Oh well, thanks for the blog post. It'll get people to use secure passwords, but it's up to the programmers out there to handle them better.

Comment on 5 reasons to use PORTABLE password manager by dpatrickcaldwell

dpatrickcaldwell — Fri, 27 Feb 2009 20:53:43 +0000

I enjoyed your post about password security. That’s one of my favorite topics in my blog (in fact, I wrote something today about how programmers store passwords). It’s really frustrating for me when I have a really strong password and someone does something stupid with it like email my password to me, store it in plain text, or have me verify my social security number as authentication.

I’ve never used an application to store my passwords because I’ve seen so many of those applications cracked. As a programmer, I know how easy it is to get to those passwords. In fact, if I had physical access to your machine, I’d have not only your windows passwords but any password you saved. Does that kind of thing make you nervous? It is cool though that you can keep your passwords in one place and then if, for some reason, you want to revoke rights, you can change only one password.

Nice post. Thanks for sharing.

Comment on Over 10000 laptops are lost every week in US airports by Shams.priy

Shams.priy — Wed, 07 Jan 2009 14:16:18 +0000

Amazing Site I like it. It Was Quite Interesting NiceWork I appreciate the information you provided. Good day

Comment on Faking a fingerprint (part 1) by patholog

patholog — Wed, 06 Aug 2008 08:11:40 +0000

Dear James,
In 2003 I have sent an image of pyramid from 1$ bill to Authentec. This image was scanned with their AF-S2.
Validity sensor accepts printed images even better than Authentec.
Watch movie #4 here . The same could be done with swipe RF sensor.
I agree that this is much more difficult than to fake an optical, but it is possible and does not require special equipment.
When I shot the movie on it, I will send you a copy.

Comment on Faking a fingerprint (part 1) by James

James — Wed, 06 Aug 2008 05:48:54 +0000

Even if you do claim to know how to bypass a top end RF sensor, you don’t show any proof. You only prove about optical sensors. We know about optical sensor faking for 15years. I never seen a correctly setup RF sensor fake. I have seen bugs in matching Data bases allow false acceptances, never seen the actually rf finger print reader fooled in the 10 years i been designing readers.

Comment on Back to passwords by Kevin Fox

Kevin Fox — Wed, 09 Jul 2008 18:43:31 +0000

I had one thought re: portability, if you use FireFox Portable

Windows: http://twurl.cc/2kj
OSX: http://twurl.cc/2kk

You could just put FireFox on a thumb drive, along with the plugin installed and password file and have a completely portable solution you could just plug in anywhere. Once you are done just unplug the drive and move on.

If anyone found the drive they would still need to authenticate with the ImageShield on http://myVidoop.com and you could deactivate the portable browser…

Comment on 5 reasons to use PORTABLE password manager by Kevin Fox

Kevin Fox — Wed, 09 Jul 2008 18:26:58 +0000

To address some of your concerns….

1. The plugin requires you to login to myVidoop to activate. To login to myVidoop requires an activated browser. Once you are done using the public computer you can simply deactivate that browser and anyone who clicks on the plugin will just be taken to myVidoop and asked to activate the browser. You also dont need to install the plugin to access your passwords, simply login to myVidoop.com directly and you can sign in to all your sites from there.

2. We explain our database security here: http://twurl.cc/2kh

3. Our ImageShield is phishing resistant, since a random access code is generated everytime you login.

4. You can pick 3-5 categories, many studies have shown it is easier to recognize image categories than recall a complicated password.

5. I have looked at several other services and still stick with myVidoop. Though I work for the company and am biased, I can honestly say the service saves me time and is more secure.

I would be very interested to see a extensive review of the major password management solutions out there. I think that would be an excellent post.