Wednesday, March 27, 2013

Password management and personal data security


Lots of passwords, lots of security, right?

We can not avoid passwords, they are everywhere:

  • Online banking
  • Online shops
  • Email accounts
  • Social networking sites
  • Credit card pins
  • Mobile phones
  • Laptops and PC's
  • Forums, news websites, blogs
  • ... and of course great web applications like teamstinct.com :-)

Wrong.

So all these passwords must mean all of our personal data is super safe, right? Well 'potentially' yes, but unfortunately the way the vast majority of people manage their passwords actually means the opposite.

Three common behaviours that make our lives much less secure:
  1. We use the same passwords for many different applications and web sites.
  2. We choose insecure passwords, for example derived from family member names and memorable dates.
  3. We do not frequently (or ever) change our passwords.
When the above three behaviours are combined, our personal data is definitely at risk and makes life much easier for hackers and criminals. 

It gets worse.

And to make matter worse, lots of people are members of the same set of common websites (it would be quite normal to expect somebody to an active account in any of the following: Amazon, Google, Yahoo, Facebook, PayPal, Skype, eBay) .

Things could get ugly

Let's look at an example, suppose "Mr Smith" uses the same password for many sites, and their password is "Buster75" (possibly derived from a pet name and year of birth). Firstly, the password is 'relatively' easy to guess, especially as dates of births and pets are often publicly plastered all over social networks. So if a criminal were to guess the password, they could then attempt to gain access to a number of other websites with the assumption that the same password maybe used again and again - this process is made even easier if the password is never changed.

And of course, if somebody does gain unauthorized access to email accounts, they will very likely find a gold mine of very valuable information - official document scans, social security numbers, invoices, bank details, further passwords to other websites and of course an enormous amount of personal information of friends and family.

Password manager to the rescue

The good news is that good password security is really easy. By using password management software like 'Password Safe' for Windows or 'Password Gorilla' for Linux and Mac OS all of the three bad behaviours listed above are easy to prevent. Both 'Password Safe' and 'Password Gorilla' are completely free and both securely store passwords in the "psafe3" file format - a very secure, encrypted file format.

Just a single password?

Password managers work by allowing us access to all of our passwords by only having to remember a single password.

So the only password we need to remember is the password that opens our password 'safe' file. And as we only need to remember one password, we can choose something obscure, longer and far more difficult to guess, for example "MarzipanLadderFrog1604" (something I just invented).

For all of our other passwords - the ones we actually use to access websites etc, we can use our password manager software to generate a very long and very secure password for us, for example "7KDLW5EgvkFKXZHb". And because we no longer have to remember these individual passwords, we can generate a new unique password for each website we use. So using a password manager, we have now prevented the first two of our three bad behaviours (above).

The last behaviour we want to stop is that of not changing our password frequently. And actually a password manager makes this process much easier too - we no longer have to scratch our heads trying to think up 30 new passwords that we will be able to remember, we go to the website 'change password ' page and when we are asked to enter a new password, just use the password manager to generate a new secure password. So regularly changing all your passwords is now a quick and secure process.

There are more benefits?

So now that we have wonderful strong passwords for all our online accounts and we are changing them frequently, when we are using a trusted device (our own laptops etc), we can use the feature of modern web browsers to store our website passwords for us - which makes our lives easier again. Of course, if you are concerned with laptop security, you should use something like 'TrueCrypt' to encrypt your hard disk.

And as psafe3 files are securely encrypted and software independent, you can use file sharing and synchronization systems you can share your password safe files between computers of different operation systems.

Another benefit of using a password manager is that you also have a complete list of all the places you have accounts - which is often a surprisingly long list. It's just nice to know exactly who has your data.


And if you forget your master password?

If you forget your master password safe password, yes - you're in trouble. But there are many ways to prevent this - If you have an actual physical safe installed at home, you could store the master password here (on a memory stick for example). Another/additional technique is to use two password safe files with different master passwords and each password safe file contains the master password to the other password safe. One password safe is mine, and the other is my partners'. So if either one of us forgets our master password, the other person can unlock it. And if you don't actually want to store the master password anywhere else, you could store a 'password hint or reminder' instead.

So there it is - Use a password manager to manage your passwords and help keep your personal data secure.

25 comments:

  1. Hi there to every body, it’s my first go to see of this web site; this weblog consists of awesome and in fact good stuff for visitors.
    EDI Compliant

    ReplyDelete
  2. Wow, it's dangerous to lost any passwords. That's why I always use VDR providers with 24/7 support center. 100% security.

    Best regards
    Toby, virtual data rooms for mergers and acquisitions

    ReplyDelete
  3. This comment has been removed by the author.

    ReplyDelete
  4. This approach of tokenization has turned out to be extremely prominent as it is a perfect approach to expand security of Mastercard and e-trade exchanges while minimizing the cost and many-sided quality of modern controls and measures particularly the Payment Card Data Security Standard (PCI).
    https://goo.gl/T1KELS

    ReplyDelete
  5. For businesses that cannot afford a retail security guard, video cameras are an excellent way to keep an eye on customers. guarantor loans

    ReplyDelete
  6. Security Cameras have proven to be an invaluable tool in catching criminals, and many felons who would otherwise be free are now behind bars. Those we hire to protect us and enforce the law are not always immune to the lure of criminal activity unfortunately, and security cameras record the Hidden Security Cameras Florida without prejuduice and help us to weed out the rotten apples and punish them equally as they deserve.

    ReplyDelete
  7. The next time I learn a weblog, I hope that it doesnt disappoint me as much as this one. I imply, I do know it was my choice to learn, however I actually thought youd have something attention-grabbing to say. All I hear is a bunch of whining about something that you could possibly fix should you werent too busy looking for attention. putlockers

    ReplyDelete
  8. What is the best choice for the company who can't find a single software solution that addresses all its needs? Bespoke application development can become the way out of the situation when available products don't fit companies need for any reasons. Let's explore the bespoke software advantages and disadvantages and see if it worth for enterprises to step into this area. website scanning

    ReplyDelete
  9. The increasing importance of technology in every industry continues to drive the need for a diverse group of qualified professionals to manage the implementation and changes in technology. Pursuing a degree at a technology management graduate school can be the right step for beginning a rewarding career in the management of everything from computer hardware to information security within an organization. Overview of Technology Management Technology management professionals are in high demand because of the unique set of skills they possess. digital camera for security

    ReplyDelete
  10. I am very happy to discover your post as it will become on top in my collection of favorite blogs to visit. web-agency

    ReplyDelete
  11. Security guards are needed almost everywhere. Where there is a need for security, guards will always have a job. That is why if you are planning to put up a business, why not try establishing a security guard company? Security Guard

    ReplyDelete
  12. Over recent years there has been an explosion in the range of digital cameras. Although there has been a move away from 'traditional' type of compact cameras and Digital Single Lens Reflex (DSLR) with the industry appearing to focusing a lot of development 'compact system cameras' (bridge camera). This has made it even harder to decide which digital camera is the best for the average consumer. get more info here about camera installation

    ReplyDelete
  13. The post offers verified useful to myself. It’s really informative and you’re simply obviously very knowledgeable in this area. You have got opened up my personal eye in order to various opinion of this particular matter together with intriquing, notable and solid content material. 먹튀

    ReplyDelete
  14. Excellent weblog here! after reading, i decide to buy a sleeping bag ASAP 918kiss pussy888 apk download

    ReplyDelete
  15. I don’t agree with this particular article. However, I did researched in Google and I’ve found out that you are correct and I had been thinking in the incorrect way. Continue producing quality material similar to this. หวยฮานอย

    ReplyDelete
  16. Good day, I simply hopped over on your website online by way of StumbleUpon. No longer something I’d usually learn, but I preferred your thoughts none the less. Thank you for making one thing price reading. 918kiss kiss918 apk download

    ReplyDelete
  17. well, there are so many tourist attractions that you find on asia and europe. i would really love to travel a lot* 토토사이트

    ReplyDelete
  18. This site is often a walk-through like the info you wanted in regards to this and didn’t know who to question. Glimpse here, and you’ll definitely discover it. 파워볼사이트

    ReplyDelete
  19. This site is often a walk-through like the info you wanted in regards to this and didn’t know who to question. Glimpse here, and you’ll definitely discover it. 918kiss

    ReplyDelete
  20. The development of Wireless technology owes it all to Michael Faraday - for discovering the principle of electromagnetic induction, to James Maxwell - for the Maxwell's equations and to Guglielmo Marconi - for transmitting a wireless signal over one and a half miles. The sole purpose of Wireless technology is wireless communication, through which information can be transferred between two or more points that are not connected by electrical conductors. Wireless technologies were in use since the advent of radios, which use electromagnetic transmissions. Eventually, consumer electronics manufacturers started thinking about the possibilities of automating domestic micro-controller based devices. Timely and reliable relay of sensor data and controller commands were soon achieved, which led to the discovery of Wireless communications that we see everywhere now. check here

    ReplyDelete
  21. The increasing importance of technology in every industry continues to drive the need for a diverse group of qualified professionals to manage the implementation and changes in technology. Pursuing a degree at a technology management graduate school can be the right step for beginning a rewarding career in the management of everything from computer hardware to information security within an organization. Overview of Technology Management Technology management professionals are in high demand because of the unique set of skills they possess. check more about security company

    ReplyDelete
  22. The increasing importance of technology in every industry continues to drive the need for a diverse group of qualified professionals to manage the implementation and changes in technology. Pursuing a degree at a technology management graduate school can be the right step for beginning a rewarding career in the management of everything from computer hardware to information security within an organization. Overview of Technology Management Technology management professionals are in high demand because of the unique set of skills they possess. check more about security company

    ReplyDelete
  23. Earning substantial profit is the main objective of every business and for this it is imperative that your business grows in significant direction keeping pace with changing scenario. Because, if a businessmen continues to follow conventional methods of conducting business he might not be able to stay even in competition with his contenders and may lag in competition. For the continuous growth of business it is indispensable to keep a strict eye on every change taking place across the business world. check more details

    ReplyDelete

  24. 사설토토시장은 수천개에서 수만개에 이릅니다. 일반 사용자들이 100%먹튀없는 사설토토사이트를 찾는것은 거의 불가능하다고 볼수있습니다. 저희 토토스타트에서는 보증금을 통해서 검증을하고 문제가 생길시 저희토토스타트에서 책임지고 전부 해결해 드리고 있습니다.사설토토사이트중 자신에게 맞는 사이트추천을 받아서 이용하시면됩니다. 이제 토토사이트를 이용하실 땐 토토스타트와 함께하세요.
    토토사이트

    ReplyDelete
  25. Nuovoteam is a cloud-based business & team collaboration software that enterprises can use across all industries and team sizes to ensure efficient non-desk workforce communication. It provides a secure communication interface where companies can ensure that the employees- remote or otherwise can communicate over VoIP and voice calling, video conferencing, instant messaging apps and team communication app also exchanges images, files and voice notes. The Nuovoteam app is available for iOS and Android.

    ReplyDelete