Wednesday, March 27, 2013

Password management and personal data security


Lots of passwords, lots of security, right?

We can not avoid passwords, they are everywhere:

  • Online banking
  • Online shops
  • Email accounts
  • Social networking sites
  • Credit card pins
  • Mobile phones
  • Laptops and PC's
  • Forums, news websites, blogs
  • ... and of course great web applications like teamstinct.com :-)

Wrong.

So all these passwords must mean all of our personal data is super safe, right? Well 'potentially' yes, but unfortunately the way the vast majority of people manage their passwords actually means the opposite.

Three common behaviours that make our lives much less secure:
  1. We use the same passwords for many different applications and web sites.
  2. We choose insecure passwords, for example derived from family member names and memorable dates.
  3. We do not frequently (or ever) change our passwords.
When the above three behaviours are combined, our personal data is definitely at risk and makes life much easier for hackers and criminals. 

It gets worse.

And to make matter worse, lots of people are members of the same set of common websites (it would be quite normal to expect somebody to an active account in any of the following: Amazon, Google, Yahoo, Facebook, PayPal, Skype, eBay) .

Things could get ugly

Let's look at an example, suppose "Mr Smith" uses the same password for many sites, and their password is "Buster75" (possibly derived from a pet name and year of birth). Firstly, the password is 'relatively' easy to guess, especially as dates of births and pets are often publicly plastered all over social networks. So if a criminal were to guess the password, they could then attempt to gain access to a number of other websites with the assumption that the same password maybe used again and again - this process is made even easier if the password is never changed.

And of course, if somebody does gain unauthorized access to email accounts, they will very likely find a gold mine of very valuable information - official document scans, social security numbers, invoices, bank details, further passwords to other websites and of course an enormous amount of personal information of friends and family.

Password manager to the rescue

The good news is that good password security is really easy. By using password management software like 'Password Safe' for Windows or 'Password Gorilla' for Linux and Mac OS all of the three bad behaviours listed above are easy to prevent. Both 'Password Safe' and 'Password Gorilla' are completely free and both securely store passwords in the "psafe3" file format - a very secure, encrypted file format.

Just a single password?

Password managers work by allowing us access to all of our passwords by only having to remember a single password.

So the only password we need to remember is the password that opens our password 'safe' file. And as we only need to remember one password, we can choose something obscure, longer and far more difficult to guess, for example "MarzipanLadderFrog1604" (something I just invented).

For all of our other passwords - the ones we actually use to access websites etc, we can use our password manager software to generate a very long and very secure password for us, for example "7KDLW5EgvkFKXZHb". And because we no longer have to remember these individual passwords, we can generate a new unique password for each website we use. So using a password manager, we have now prevented the first two of our three bad behaviours (above).

The last behaviour we want to stop is that of not changing our password frequently. And actually a password manager makes this process much easier too - we no longer have to scratch our heads trying to think up 30 new passwords that we will be able to remember, we go to the website 'change password ' page and when we are asked to enter a new password, just use the password manager to generate a new secure password. So regularly changing all your passwords is now a quick and secure process.

There are more benefits?

So now that we have wonderful strong passwords for all our online accounts and we are changing them frequently, when we are using a trusted device (our own laptops etc), we can use the feature of modern web browsers to store our website passwords for us - which makes our lives easier again. Of course, if you are concerned with laptop security, you should use something like 'TrueCrypt' to encrypt your hard disk.

And as psafe3 files are securely encrypted and software independent, you can use file sharing and synchronization systems you can share your password safe files between computers of different operation systems.

Another benefit of using a password manager is that you also have a complete list of all the places you have accounts - which is often a surprisingly long list. It's just nice to know exactly who has your data.


And if you forget your master password?

If you forget your master password safe password, yes - you're in trouble. But there are many ways to prevent this - If you have an actual physical safe installed at home, you could store the master password here (on a memory stick for example). Another/additional technique is to use two password safe files with different master passwords and each password safe file contains the master password to the other password safe. One password safe is mine, and the other is my partners'. So if either one of us forgets our master password, the other person can unlock it. And if you don't actually want to store the master password anywhere else, you could store a 'password hint or reminder' instead.

So there it is - Use a password manager to manage your passwords and help keep your personal data secure.

Thursday, March 21, 2013

Teamstinct - Send multiple group invitations at once

A recent update to teamstinct is the ability to invite multiple users to join a group at the same time. Although a small change, this actually improves the overall usability considerably. Continuing the teamstinct product philosophy, this change makes it quicker and easier than ever to create and manage virtual teams.

This was a bit of an initial oversight, now corrected thanks to the teamstinct users that suggested the change.

Teamstinct - Now with configurable audio alerts

A recent addition to the teamstinct feature set is configurable audio alerts.

Audio alerts are actually really useful - it means you do not have to directly interact with the teamstinct application to be informed of new group messages or notifications - you do not even have to be using your computer. You can be in the office, meeting room or just watching TV and teamstinct will let you know when you have a new message waiting for you (of course, your computer will have to be within earshot!).

There is currently a choice of six high quality audio alerts (recorded by teamstinct) and you can even configure the volume. If you are a current teamstinct user, just go to your 'My Account' page to enable audio alerts.

Friday, March 15, 2013

Introduction to teamstinct - the video

The teamstinct introduction video gives a quick tour of the key teamstinct concepts, like groups, members, channels, posts and group statuses. And here it is:



Teamstinct is a team communication tool designed for virtual and remote teams. It is quick and simple to use and free. So sign-up today and try it out for yourself!

Monday, March 4, 2013

Remote working - is Yahoo! right?

The recent Yahoo! policy change introduced by CEO Marissa Mayer to stop all remote working has caused some interesting reactions. The BBC article "Teleworking: The myth of working from home" (http://www.bbc.co.uk/news/magazine-21588760) gives a good summary of the various arguments for and against remote working.

However, Richard Branson's blogged reaction "Give people the freedom of where to work" (http://www.virgin.com/richard-branson/blog/give-people-the-freedom-of-where-to-work), states pretty clearly that he believes it was probably a mistake on behalf of Yahoo! to stop remote working.

A common reason cited that remote working is 'bad' is that managers claim they can not keep track of their employees and can not monitor their productivity.

The truth is, if you don't know how to measure the productivity of your employees or if you don't feel you can trust them, then your company has bigger problems than its remote working policy.

Remote working is not a perk like 'casual Friday' or 'free coffee' it is a core cultural attitude a company adopts to how employees are regarded and treated. For this reason, specific technology and processes must be employed to manage people in a different way. And Richard Branson makes this very point about providing the 'right' technology.

Teamstinct (http://teamstinct.com/) was in fact designed for exactly the purpose of enabling remote teams to communicate effectively. Although it does also serve the same purpose for office based teams. Teamstinct is a free service run with the aim of making life a little bit better!

Monday, February 18, 2013

Teamstinct: A unique team security feature for organizations

Getting straight to the point, Teamstinct has a unique feature that makes it stand out amongst all team communication tools and it is called 'Territorial Restrictions'. This unique feature allows certain certain 'channels' to be restricted to one or more 'territories', whereby a territory is typically a country, dependent territory or special areas of geographical interest.

Why are 'Territorial Restrictions' useful? If your organization has employees, contractors and clients spread across the globe, it may be desirable that certain information is not available to certain geographic areas.

As an example, your company maybe based in the United States and you may have clients world-wide. You want to be able to send sales and technical staff to meet clients knowing that certain corporate information can not be accessed from other countries. This means that when Mr Smith, the sales director is working in the US company headquarters, Teamstinct gives him complete access to the corporate channels. However, when Mr Smith jumps on a plane and arrives in France and logs into his Teamstinct account, automatically he no longer has access to those channels marked with 'Territorial Restrictions'. And as soon as he returns to the United States, he will automatically regain access to the restricted channels.

This feature is probably not particularly useful to the majority, but to a small minority could prove to be essential.

For more information, drop us an email: support@teamstinct.com


Friday, January 25, 2013

Email: Professional communication, viagra and unregulated financial products

Now that corporations and even governments generally agreed that Internet Explorer 6 is not 'fit for purpose' and has been holding up progress for years, it's time to tackle the next major IT mistake made by large companies and organisations, which is the use of email as an internal team communication and productivity tool.

One specific and unique aspect of email systems that seems an unusual complement to a productive business is spam.  As the post title highlights, email is basically a curious cross between a communication system and a market place for cheap viagra and unregulated financial products.

However, whilst it was easy to point the finger at 'Internet Explorer 6' (especially when Microsoft admitted that you really shouldn't be using it any more), it is much harder to point the finger at email and demonstrate it is not 'fit for purpose' for internal or virtual team communication. Harder still is to point to an obvious replacement - there are lots about (including Teamstinct), but the real problem is not building effective and credible alternatives, but demonstrating and convincing organisations that email for internal use is "bad" and akin to simply burning money.

PS: Actually, one of the problems of convincing companies that internal email is bad is that being 'busy' is often mistaken as being 'productive'. And it may very well be the busy, non-productive people whose jobs seem to rely most specifically on email. Or in other words, email is so inefficient as an internal communication tool that jobs may simply exist as its own by-product. So in the name of self-preservation, there maybe resistance from within organisations to streamline internal team communication...