Password

Google’s ‘Password-Killing’ Campaign

May 6, 2013 by Guest Author 3 Comments

Google Logo Guest author: Brian Kane
Brian is a computer science nerd who loves to write about new programs that are compatible with Linux machines.

Internet behemoth, Google is putting plans in motion to change the way we access our personal pages online. Rather than memorize which email account uses your childhood address as the password, or which website requires you to type in the name of your favorite pet, Google wants you to access your Google accounts on your mobile device, tablet, laptop and desktop with the tap of a unique “finger ring,” says BGR.com’s Brad Reed. Thus marking the beginning of Google’s “password-killing” campaign.

Boosting Security

Google is one of countless websites that have modified password security with a two-step verification process. This process may require you to enter one password online while the website texts you an additional OTP (one time password). RTTNews.com says the combination of these two steps should make hacking into an account impossible.

The need for this extra layer of security became apparent last year when numerous agencies and corporations, like LinkedIn and Verizon, reported security breaches in their system because of hacked accounts.

Hundreds if not thousands of incidents like these have underlined the need for increased online security. According to Wired.com, Google executives Grosse and Upadhyay have even announced that they feel passwords and cookies are no longer enough to keep user data safe.

Improving User Experience

Although the call to change how passwords work is based on security concerns; part of the movement is attributed to making account access more user-friendly. A magic ring or a one-stop authentication device lets consumers sign into their Google accounts by tapping their finger against their desktop or mobile device.

In a paper published by IEEE Security & Privacy Magazine, Google’s engineers have outlined how they anticipate this product to work. According to RTTNews.com Google is creating a Yubico cryptographic card that can slide into a USB port that will automatically log users into their protected Google accounts.

Will Passwords Become a Thing of the Past?

Google has already tweaked their Chrome Browser to ensure that it will work with such a device, but there is still more work to do before a one-stop authentication device will become the norm. Websites that are comfortable using the conventional password to protect user data may be the biggest hurdle during this process. Once these other websites realize the potential in killing passwords, they may hop on the anti-password bandwagon.

Although these changes have been designed to improve the user’s experience, they also underscore the transparency of online data. With so much data freely available, it is critical for users to consider their online reputation as well as their online safety. “People need to control their online search results,” states Reputation.com, an agency that helps improve the online reputation of its clients.

When asked whether or not change is imminent, Google’s response is hopeful. They acknowledge that others have tried and failed in similar endeavors, but they maintain that they are eager to test their idea and move forward.

photo credit: FindYourSearch

Filed Under: Tech Tagged With: google, Password, Security

How secure should I make my password?

September 3, 2012 by Guest Author

Locked door with rusty padlock This is a guest post by James Doc.

There has been a lot of noise on various technology websites about large web companies having passwords stolen from databases. Last.fm, Dropbox, LinkedIn, etc all have had issues recently and have encouraged users to sign in and change passwords, some have even reset passwords for users. My confession is that until this happened, my Dropbox and Gmail passwords were both identical, and that password I have used all over the internet since I was about 13.

In light of this I’ve started changing a lot of my passwords! There are lots of online tools for keeping passwords such as Agile Bit’s 1Password, which is highly reviewed, but I don’t like the idea that a single password could unlock all my other passwords. Instead I started from scratch, working out how I would set my passwords. It’s taken a while to implement but I am now using a three tiered structure for setting my passwords:

Level one: I really don’t care…

There aren’t many account that come under this level, however level one is for accounts that I really have little care about. These include newsletter signups that want a password for some reason, or the forums that I post on once in a blue moon.

Because they contain no personal information I am comfortable to use the same password on all of these. The password is all lowercase, and less than 10 characters. While there are 5 trillion (ish) possible combinations of this password, it would only take about 22 minutes to crack*.

Level two: For websites I access regularly

I’m talking about the sites I visit pretty regularly here, things like my social networking pages, my Evernote password, my skype password, things like that. These accounts have got a lot of personal data associated with them and I’m not keen on that getting out.

There passwords need to be secure, but easy to remember. People have got into their minds that a secure password is something like ‘h3Ll0,\/\/oRld’, and while it is secure, it is a right pain to remember**. Instead of worrying about character substitutions, I use a long passwords made up from a memorable phrase that I relate to the service, for example with Facebook I may choose the title and author of one of my favourite books, or Last.fm may have the name and artist of one of my favourite tracks. This creates an easy to remember password that is different for each site, however a long enough to take a while to crack, for example just ‘harry potter and the goblet of fire’ would take 57 duodecillion years to brute force* (and that is not my Facebook password!).

Level three: Secure accounts

I really don’t want my email, my online banking, my PayPal accounts to be accessed by anyone except me. With the level two accounts if you know me well enough, with enough time, you could probably guess some of them. These passwords always contain a mixture of capitals, numbers and symbols and are always long and always unique.

* ref: How secure is my password?
** ref: XKCD Password strength

What do you think? Am I being paranoid? Is there a huge hole in my plan?

Filed Under: Tech Tagged With: Password, Security

Again? This time it’s Sega

June 20, 2011 by Chris

This is starting to become a regular occurrence – or is it just that hacking has suddenly entered the media’s consciousness? Whatever the reason, there’s another story in the news this week about a major company being hacked. This time it’s Sega who have reported that intruders stole the personal data of 1.29 million customers.

Who’s behind this latest incident, then? All that’s known at the moment is that it’s not Lulz Security, who previously attacked Nintendo. This time they’ve actually come out in defence of the games company, with the following Tweet appearing in their Twitter timeline:

@Sega – contact us. We want to help you destroy the hackers that attacked you. We love the Dreamcast, these people are going down.Fri Jun 17 16:51:21 via webThe Lulz Boat
LulzSec

There’s a fair chance I could write about this every Monday but I’m not going to. The reason I’m writing this today is that, rather nicely, Sega issued the same advice I gave last week about changing your passwords:

Sega explained that it had reset all passwords and urged customers to change their log-on details on other services and websites where they used the same credentials. [via BBC News]

If you’re concerned about your password security, and if you’re currently using the same password on several different sites, I’d recommend you take a look at 1Password. I won’t explain all the features of 1Password here (you can check them out here if you like) but I’m convinced in the light of recent hacker activity that you need to be thinking about the strength and uniqueness of your passwords. Check out 1Password, try the free trial, and see how it works for you.

Filed Under: Tech Tagged With: 1Password, Hacking, Password, Sega

Yet more passwords stolen by hackers

June 13, 2011 by Chris

Just before the weekend the news broke of a major hack against UK games company Codemasters. As a result of the attack, Codemasters pulled their website and redirected their domains to their Facebook page.

This attack comes among many others, notably the hacks of several Sony systems. In the case of the Codemasters incident, personal information including names, postal addresses, email addresses, phone numbers and dates of birth, passwords, IP addresses, XBox gamer tags, and biographies were stolen for thousands of users.

This obviously causes concern over potential identity theft, and as with the hacking of Gawker Media last year there’s the danger that Codemasters users have used the same username and password on several different sites. I would say any malicious hackers would have to be stupid not to try the credentials they have gained on a few sites to see if they do let them into any accounts.

So what should you do?

If you have used the same password on several sites, including Codemasters, change your passwords. It’s a pain in the neck, yes, but if you don’t do this then these hackers effectively have the login details for several of your online accounts.

It can be difficult to keep track of your passwords for several accounts, especially if you’re trying to make them unique and difficult to guess. I’d like to recommend a piece of software that I use to keep track of, and generate secure passwords. I’m an affiliate for this program but even if I wasn’t I’d be telling you about it. If the idea of me being an affiliate turns you off, fair enough, but please still pay attention to what I said about changing your password.

Still here?

OK, the software I’m talking about is 1Password. The idea is that you remember one password, which opens up your password vault. Never use this password online. Never give it out to anyone. It’s like the key to your secret Swiss safe deposit box (what, you don’t have one?). 1Password can keep track of your login details for all your online accounts, and if you’re signing up for a new account, it can generate a strong password for you. These passwords can be up to fifty characters long and use upper and lower case letters, digits, and symbols. Phew!

Fortunately there’s the option to use 1Password with browser integration on Mac or Windows, so you don’t have to type those strong passwords in manually. If you’re using an iPhone or iPad there’s a browser built-in to the app that will also fill in your passwords. The Android version appears to be a beta – I have not used the Android version so can’t comment on how good it is, but it has had some mixed reviews.

All of this is a rather long way of saying 1Password has changed the way I “do” security online. I now use strong passwords and, other than a handful of sites I signed up to a long time ago, use a different password for every account. I can carry my password vault with me on my iPhone (protected by the phone’s PIN, and a PIN/master password combination on the app itself) and access all my passwords on both Mac and Windows PC. Not bad really.

1Password costs $39.99 for desktop computers (Mac or Windows) and $9.99/$11.99 on iOS devices depending on which version you choose to go for. All the details can be found on the 1Password website. I very highly recommend it, and encourage you to check it out now.

Filed Under: Tech Tagged With: 1Password, Hacking, Internet, Password, Security, Tech