In case you missed it the first time around, research has already proved that your password probably sucks. That research, by Microsoft MVP Troy Hunt, was based on a sampling of roughly 37,000 leaked Sony Pictures passwords leaked by LulzSec earlier this year. 37,000 password is chump change to Splashdata, the makers of a password management app, who sifted through millions of passwords that were dumped online during the hacktastic year that was 2011 and came up a list of the 25 passwords used most often by hacking victims. Is yours on the list?
Make strong passwords. Make strong passwords. Our high school computer teacher beat the mantra into our heads, at least until the day we forgot our log on, a non-dictionary jumble that consisted of 39 upper- and lower-case letters, numbers, ampersands, exclamation points and any other special characters we could jam in there. After restoring our account, Mr. O'Donnell changed the mantra to, "Make kinda strong passwords." Microsoft MVP Troy Hunt analyzed the user information leaked in the recent LulzSec hack of Sony Pictures, and discovered that most people's passwords not only aren't kinda strong, but usually down-right crappy.
If you spend as much time on the internet as we do, you’ll have accumulated more online credentials than you can shake a whole rack of servers at. Being the web-savvy individual that you are, you no doubt know that choosing to secure all that personal data with anything as other than a complex, unique password, is asking for trouble. To keep track of all of the site credentials in your life, you can turn to hard drive bound solutions like 1Password and Keepass or you can rely on LastPass, our Browser Extension of the Week.
A few years ago in Finland, a case of white collar crime was perpetrated. This in and of itself is not unusual, but the resulting legislation was. It turns out a bank employee used an open Wi-Fi access point to electronically transfer some money that wasn't his. So, clearly the best way to make sure people don't steal is to outlaw open Wi-Fi. That's just what Finland did. But now they're looking back with the benefit of hindsight and realizing they might have overreacted a little bit.
The Finnish Justice Ministry is planning to officially decriminalize unprotected Wi-Fi hotspots. Let's be clear though, this is not an invitation for people to leave the wireless networks unprotected. Individuals should probably protect their networks, unless they really feel like sharing with the neighborhood. This change will be great for businesses that had no choice but to lock down their Wi-Fi networks, causing inconvenience for customers.
It's nice to see a European nation being realistic about wireless networks. Germany recently instituted rules similar to the Finnish ones. We just don't quite see the argument. Do you think everyone should be legally required to lock down their Wi-Fi?
Despite all the Web 2.0 rhetoric the internet still has no sure-fire answer for rampant phishing frauds. Microsoft, PayPal and Google – the who’s who of the internet – have laid the cornerstone of the Information Card Foundation to confront some of the most daunting and taunting online security challenges. The organization has as its immediate goal to replace each individual’s myriad of online passwords with a single ID card.
Such an ID card will be a person’s key to the internet and will only transact information absolutely necessary for accessing a website. It can certainly put a lid on phishing fraud. The technology required for these information cards is present as we speak but there aren’t enough compatible websites. Also don’t forget it is easier to treasure – or even venerate - a single all-purpose ID card than innumerable passwords. Did You Know: eBay-owned online money transaction major PayPal has been offering a cheap security device called Security Key, which is effectively a key generator, since early 2007 to its customers. Security is paramount for PayPal as any lapse or breach can result in serious monetary damage to its users. PayPal offers this device for $5 to all its users except business members for whom it is free.
Today’s simple username/password system is a single-factor authentication mechanism—your credentials are the only information necessary. When an evildoer has that information, whether it was stolen with a keylogger or a “phishing” email, you’re screwed.