Comments on: A Security Wakeup Call http://www.markevanstech.com/2008/02/14/a-security-wakeup-call/ Thoughts on Startups, Entrepreneurs and the Web Thu, 09 Feb 2012 17:25:18 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: cdr http://www.markevanstech.com/2008/02/14/a-security-wakeup-call/comment-page-1/#comment-45808 cdr Thu, 14 Feb 2008 18:09:08 +0000 http://www.markevanstech.com/2008/02/14/a-security-wakeup-call/#comment-45808 A password manager doesn't always work, even if you carry it around with you on a flash drive. I ideally want to be able to access my accounts from anywhere. What I've been doing for the past half year or so is: take a key of a few characters (always the same), append the first few characters of the URL, and then apply a simple transform that I can remember. The resulting passwords look random, but can be regenerated from memory in a few seconds. I think I got the idea from a reddit comment. Of course, it's probably more secure if you don't go around telling people what you're doing. I do still let FireFox remember my passwords at home. A password manager doesn’t always work, even if you carry it around with you on a flash drive. I ideally want to be able to access my accounts from anywhere.

What I’ve been doing for the past half year or so is: take a key of a few characters (always the same), append the first few characters of the URL, and then apply a simple transform that I can remember.

The resulting passwords look random, but can be regenerated from memory in a few seconds. I think I got the idea from a reddit comment.

Of course, it’s probably more secure if you don’t go around telling people what you’re doing.

I do still let FireFox remember my passwords at home.

]]> By: Mark Evans http://www.markevanstech.com/2008/02/14/a-security-wakeup-call/comment-page-1/#comment-45779 Mark Evans Thu, 14 Feb 2008 15:10:42 +0000 http://www.markevanstech.com/2008/02/14/a-security-wakeup-call/#comment-45779 George, Alex: Thanks for the advice. Although I've already made some changes, there's a lot more that I need to do to upgrade my personal security. Mark George, Alex:

Thanks for the advice. Although I’ve already made some changes, there’s a lot more that I need to do to upgrade my personal security.

Mark

]]> By: Alex Barrera http://www.markevanstech.com/2008/02/14/a-security-wakeup-call/comment-page-1/#comment-45766 Alex Barrera Thu, 14 Feb 2008 14:06:54 +0000 http://www.markevanstech.com/2008/02/14/a-security-wakeup-call/#comment-45766 Hi Mark, I'm sorry to hear that. I have a very strong background in security and I've seen what you describe many times. As George pointed out, using the same password for different accounts is a NO NO. Navigators are currently the main entry point for malware and other naughty crocks. So check out your navigator version and get the latest. I always recommend Firefox because they tend to fix security bugs very quickly. You should also check any plugins you might use when navigating. Specially the adobe/pdf one. There is a very important security bug affecting the latest versions of the adobe acrobat (reader included) (< 8.1.2) that is running wild and infecting many hosts. Let me know if you need help to check out how it happened :) Hi Mark,
I’m sorry to hear that. I have a very strong background in security and I’ve seen what you describe many times. As George pointed out, using the same password for different accounts is a NO NO. Navigators are currently the main entry point for malware and other naughty crocks. So check out your navigator version and get the latest. I always recommend Firefox because they tend to fix security bugs very quickly. You should also check any plugins you might use when navigating. Specially the adobe/pdf one. There is a very important security bug affecting the latest versions of the adobe acrobat (reader included) (< 8.1.2)
that is running wild and infecting many hosts.

Let me know if you need help to check out how it happened :)

]]> By: George http://www.markevanstech.com/2008/02/14/a-security-wakeup-call/comment-page-1/#comment-45745 George Thu, 14 Feb 2008 12:39:06 +0000 http://www.markevanstech.com/2008/02/14/a-security-wakeup-call/#comment-45745 Using a password manager such as Roboform or the one built into Firefox can be useful to keep track of all of your passwords. Human nature tends to mean that people will choose the same (or similar) passwords for all the sites that they visit. Problem is, a security breach at one site means big trouble. The best option is to use secure passwords that are different for each and every site you visit, and to use a disposable e-mail address (i.e. from SpamGourmet) as your login. That way, each site has entirely independent information, and a breach of security anywhere doesn't have ramifications for you at other sites. Using a password manager such as Roboform or the one built into Firefox can be useful to keep track of all of your passwords.

Human nature tends to mean that people will choose the same (or similar) passwords for all the sites that they visit. Problem is, a security breach at one site means big trouble.

The best option is to use secure passwords that are different for each and every site you visit, and to use a disposable e-mail address (i.e. from SpamGourmet) as your login. That way, each site has entirely independent information, and a breach of security anywhere doesn’t have ramifications for you at other sites.

]]>