Wednesday, March 27, 2013

Password management and personal data security


Lots of passwords, lots of security, right?

We can not avoid passwords, they are everywhere:

  • Online banking
  • Online shops
  • Email accounts
  • Social networking sites
  • Credit card pins
  • Mobile phones
  • Laptops and PC's
  • Forums, news websites, blogs
  • ... and of course great web applications like teamstinct.com :-)

Wrong.

So all these passwords must mean all of our personal data is super safe, right? Well 'potentially' yes, but unfortunately the way the vast majority of people manage their passwords actually means the opposite.

Three common behaviours that make our lives much less secure:
  1. We use the same passwords for many different applications and web sites.
  2. We choose insecure passwords, for example derived from family member names and memorable dates.
  3. We do not frequently (or ever) change our passwords.
When the above three behaviours are combined, our personal data is definitely at risk and makes life much easier for hackers and criminals. 

It gets worse.

And to make matter worse, lots of people are members of the same set of common websites (it would be quite normal to expect somebody to an active account in any of the following: Amazon, Google, Yahoo, Facebook, PayPal, Skype, eBay) .

Things could get ugly

Let's look at an example, suppose "Mr Smith" uses the same password for many sites, and their password is "Buster75" (possibly derived from a pet name and year of birth). Firstly, the password is 'relatively' easy to guess, especially as dates of births and pets are often publicly plastered all over social networks. So if a criminal were to guess the password, they could then attempt to gain access to a number of other websites with the assumption that the same password maybe used again and again - this process is made even easier if the password is never changed.

And of course, if somebody does gain unauthorized access to email accounts, they will very likely find a gold mine of very valuable information - official document scans, social security numbers, invoices, bank details, further passwords to other websites and of course an enormous amount of personal information of friends and family.

Password manager to the rescue

The good news is that good password security is really easy. By using password management software like 'Password Safe' for Windows or 'Password Gorilla' for Linux and Mac OS all of the three bad behaviours listed above are easy to prevent. Both 'Password Safe' and 'Password Gorilla' are completely free and both securely store passwords in the "psafe3" file format - a very secure, encrypted file format.

Just a single password?

Password managers work by allowing us access to all of our passwords by only having to remember a single password.

So the only password we need to remember is the password that opens our password 'safe' file. And as we only need to remember one password, we can choose something obscure, longer and far more difficult to guess, for example "MarzipanLadderFrog1604" (something I just invented).

For all of our other passwords - the ones we actually use to access websites etc, we can use our password manager software to generate a very long and very secure password for us, for example "7KDLW5EgvkFKXZHb". And because we no longer have to remember these individual passwords, we can generate a new unique password for each website we use. So using a password manager, we have now prevented the first two of our three bad behaviours (above).

The last behaviour we want to stop is that of not changing our password frequently. And actually a password manager makes this process much easier too - we no longer have to scratch our heads trying to think up 30 new passwords that we will be able to remember, we go to the website 'change password ' page and when we are asked to enter a new password, just use the password manager to generate a new secure password. So regularly changing all your passwords is now a quick and secure process.

There are more benefits?

So now that we have wonderful strong passwords for all our online accounts and we are changing them frequently, when we are using a trusted device (our own laptops etc), we can use the feature of modern web browsers to store our website passwords for us - which makes our lives easier again. Of course, if you are concerned with laptop security, you should use something like 'TrueCrypt' to encrypt your hard disk.

And as psafe3 files are securely encrypted and software independent, you can use file sharing and synchronization systems you can share your password safe files between computers of different operation systems.

Another benefit of using a password manager is that you also have a complete list of all the places you have accounts - which is often a surprisingly long list. It's just nice to know exactly who has your data.


And if you forget your master password?

If you forget your master password safe password, yes - you're in trouble. But there are many ways to prevent this - If you have an actual physical safe installed at home, you could store the master password here (on a memory stick for example). Another/additional technique is to use two password safe files with different master passwords and each password safe file contains the master password to the other password safe. One password safe is mine, and the other is my partners'. So if either one of us forgets our master password, the other person can unlock it. And if you don't actually want to store the master password anywhere else, you could store a 'password hint or reminder' instead.

So there it is - Use a password manager to manage your passwords and help keep your personal data secure.

Thursday, March 21, 2013

Teamstinct - Send multiple group invitations at once

A recent update to teamstinct is the ability to invite multiple users to join a group at the same time. Although a small change, this actually improves the overall usability considerably. Continuing the teamstinct product philosophy, this change makes it quicker and easier than ever to create and manage virtual teams.

This was a bit of an initial oversight, now corrected thanks to the teamstinct users that suggested the change.

Teamstinct - Now with configurable audio alerts

A recent addition to the teamstinct feature set is configurable audio alerts.

Audio alerts are actually really useful - it means you do not have to directly interact with the teamstinct application to be informed of new group messages or notifications - you do not even have to be using your computer. You can be in the office, meeting room or just watching TV and teamstinct will let you know when you have a new message waiting for you (of course, your computer will have to be within earshot!).

There is currently a choice of six high quality audio alerts (recorded by teamstinct) and you can even configure the volume. If you are a current teamstinct user, just go to your 'My Account' page to enable audio alerts.

Friday, March 15, 2013

Introduction to teamstinct - the video

The teamstinct introduction video gives a quick tour of the key teamstinct concepts, like groups, members, channels, posts and group statuses. And here it is:



Teamstinct is a team communication tool designed for virtual and remote teams. It is quick and simple to use and free. So sign-up today and try it out for yourself!

Monday, March 4, 2013

Remote working - is Yahoo! right?

The recent Yahoo! policy change introduced by CEO Marissa Mayer to stop all remote working has caused some interesting reactions. The BBC article "Teleworking: The myth of working from home" (http://www.bbc.co.uk/news/magazine-21588760) gives a good summary of the various arguments for and against remote working.

However, Richard Branson's blogged reaction "Give people the freedom of where to work" (http://www.virgin.com/richard-branson/blog/give-people-the-freedom-of-where-to-work), states pretty clearly that he believes it was probably a mistake on behalf of Yahoo! to stop remote working.

A common reason cited that remote working is 'bad' is that managers claim they can not keep track of their employees and can not monitor their productivity.

The truth is, if you don't know how to measure the productivity of your employees or if you don't feel you can trust them, then your company has bigger problems than its remote working policy.

Remote working is not a perk like 'casual Friday' or 'free coffee' it is a core cultural attitude a company adopts to how employees are regarded and treated. For this reason, specific technology and processes must be employed to manage people in a different way. And Richard Branson makes this very point about providing the 'right' technology.

Teamstinct (http://teamstinct.com/) was in fact designed for exactly the purpose of enabling remote teams to communicate effectively. Although it does also serve the same purpose for office based teams. Teamstinct is a free service run with the aim of making life a little bit better!