Security for Dummies

security tips and tricks

3 facts from one source

I have mentioned several times here and here we all need password manager. These three posts in the ITFacts strongly support my words. My statement is clear – we need password manager software. I suggest using portable one

63% of Americans use roughly the same password for different online accounts
63% of Americans admit to using the same password or a variation of it for all or most of their online accounts. 6.7% use a variation of a familiar password for most of their online accounts. 22.9% use the same password for most of their online accounts. 3.5% use the same password for all their online accounts.

66% of US employees write down passwords in unsafe places
US workers, managers, and IT staffs alike are increasingly confronted with difficulties arising from computer passwords. Over half of all respondents said the average employee in their firms are required to remember three to five passwords, with an additional 26% saying the number ranges from six to ten or more. 49% responded that employees are required to use passwords more than 25 times per week, with 8% stating the number of password uses exceed 100 per week. 66% stated that employees write down or store passwords in unsafe places, creating a security problem for their companies. 48% of responding IT professionals are actively seeking a reliable password management solution. While 79% of those taking the survey report that security is their number one password management concern, 39% also reported Lost Employee Productivity or Frustration as an issue. In addition, 31% said that helpdesk hours are either lost or spent in frustration by support personnel.

Only 14% of business users use a different password for each site
14% of the business users use a unique password for each site. 41% use the same password all the time, while the remaining 45% use “a few” different passwords.

Advertisements

July 13, 2008 Posted by | passwords, Security, Security Threats | , | 1 Comment

Back to passwords

Yes, we have lots of passwords – bank accounts, e-mails, computers, domains, instant messengers, you name it – and we need them all. We may forget them and we do. I am not talking about those who have only one password for all, they are just not aware of risks. Regular PC user needs at least 10 passwords.
I think that we all agree that we need a Password Manager. The only question is which one to chose.

What to Look for in Password Management Software
Password management software should be easy to use and useful to the most inexperienced computer user. It should also be secure enough to keep hackers out and passwords safe. These are the criteria that one shall consider when selecting a best suitable solution for his money:
• Feature Set – The best password management software provides applications and tools to help manage passwords and login information. This may include saving personal data or credit card information, program functions like web site launching capabilities. Automatic capture and filling of forms shall be of highest priority.
• Ease of Use – Password management programs should be easy to program and manage, even for computer novices.
• Portability – The ability to launch application and to save records to a removable device. Alternatively a web access to the stored passwords can be used
• Security – Most importantly, the software should provide password security to its user. Passwords shall be kept encrypted. User shall have an opportunity to make backups of saved information and generate passwords with encryption algorithms.
From the whole range of password managers only two answer these requirements:

RoboForm2Go – a popular one and
n-Pass2Go – the best one
Get it from CNET Download.com!

Alternative mode of operation, as I have mentioned already, is to store passwords online and access them from any computer. This novel approach deserves more attention.
First and most interesting IMHO is a Clipperz. Good – smart design, good idea, Ajax. Drawbacks –rather complicated operation. My personal concern is also about keeping all my passwords somewhere online. Even assuming that staff cannot access and decrypt my files, it can be done by hackers with brute force attack. And in case that I forget the master password – all gone.

Then, I would like to mention Passpack. Another nice and fast developing tool. It fills passwords automatically from the Ajax window. The same minor concern – keeping passwords, a most valuable information online. I personally will use it for some accounts not containing information on bank accounts, credit cards and social security.

The last one, myVidoop.com, was suggested by Kevin Fox in his comment to one of the previous posts. An interesting idea of replacement of master password with image categories was implemented there. Major drawback to my oppinion is a lack of portability. I mean that you need to install plug-in to enable automatic form filling. This is impossible when you are working on public computer or at work.

I am going to continue writing on password managers. Keep reading or subscribe to RSS

July 8, 2008 Posted by | passwords | , , | 4 Comments

Your password is not a secret

5 terrifying facts about your passwords and 1 simple and free solution

Did you ever notice that someone opened your computer or entered your mailbox? Did you notice someone spying on you when typing a password or a PIN-code? Are you aware that your password was guessed?  Do you remove the Stick-it note when you leave your workplace? Do you lock your computer?OK, you are aware now that there are risks. But what can you do? What is a way to remember many complicated passwords? You do not have to! More of that, I say “FORGET YOUR PASSWORDS”. How?
Before I share the most powerful secret, I would like to tell you one story from real life.

Why am I so sure that you are exposed to risk? The answer is obvious. If you read this message – you are not an alien, you are human. Therefore you are exposed to 5 risks:

1.       Your administrator is a terrible guy that changes passwords every month or makes you changing it; and you have to write it down because otherwise you will forget. Where do you keep this note? On a stick-it sheet under or on the bottom side of the keyboard? Near the screen? Under the paperweight on your desk? Are you sure the place is safe?

2.       You rely on the MS Windows protection. You keep all your passwords in a text file on a hard disk of your computer. Yes, you know that you make a hacker’s life even easier, but you think that he have to log-on first… doesn’t he…?

3.       You never write your password, that’s why you use a simple one. What shall one know to guess your password? A name of your spouse, son or daughter? Your pet name? Your address or your date of birth? This is called “human engineering” and you can learn a lot about it from Kevin Mitnick.  

4.       You use one password for all accounts. Yes, you do not forget it. Maybe it is not a simple one. Maybe it even contains symbols and numbers, small and capital letters. But it is still the one. If someone put a hand on it… guess what.  

5.       You have friends. The ancients used to say “if two people share one secret – it is not a secret any more”

Not long ago I have received an e-mail from my bank asking me to enter the online account and to change a password. There was a link at the end of the message and I clicked on it. The web page opened. It looked exactly like my bank’s website, but… But my password manager did not fill the form. I do not remember my passwords; I use n-Pass Pro.  And it did not fill the form. It never happened before and I was curious. I thought that something is wrong with a program, but when I looked at the URL I understood why the n-Pass refused to cooperate. It was not my bank’s web page, though it looked exactly the same. It was a phishing message and fake website. The n-Pass knew it and did not fill my credentials. It kept my money safe. Moreover it kept my identity

 

Why do I tell this story? Because the secret I wanted to share is the n-Pass – a password manager. I do not remember passwords; I simply do not need to. I can use very strong and complicated passwords, and n-Pass generates them for me. I do use lots of passwords; all of them are unique and strong. They are not dictionary words. They contain symbols, numbers and letters. And I do not remember them. If a friend of mine asks me for my password I even cannot say it. I do not know what my passwords are.

Do you believe it? No? Just give it a try! You can download n-Pass and use it absolutely free for 60 days.

 Get it from CNET Download.com!

I am sure that you will love it.  Even if not, it is risk-free. You download it to any pendrive and use it for 60 days free. If you do not like it, you do not pay.

But this is far not all you will get for your $45 free.

You will get also:

·         n-Crypt, an ultimate tool for keeping your files protected

·         n-Crypt EVD – a tool for creation of encrypted virtual disks

·         Shredder for files you want to destroy without ability to recover

·         Passwords Generator

·         Contacts management – an active address book that is always with you

·         One-click VPN and RDC connection tool

·         A launcher for Portable Applications

·         Free access to over 100 portable applications

·         And much more

Are you ready to give it a try? Download it from here

 Get it from CNET Download.com!

If you liked it – leave your comment here

June 25, 2008 Posted by | How-to, passwords, Security Threats | , , | Leave a comment