Password reminder

I moderate a local list serve and increasingly must deal with folks whose aol, hotmail, yahoo, and other mail accounts have been hijacked so spammers bombard their address books with spam emails.  Fresh from a quite detailed ArsTechnica post by Dan Goodin last week about the current state of website and password security, http://arstechnica.com/security/2012/08/passwords-under-assault/, wanted to bring out some of the more potent points from the piece for the many folks who would benefit from practical and less technical advice.


  • Password cracking has advanced to the point that choosing a dictionary word for a password or using a password of less than 9 characters is not a secure practice. 
  • Because of the number of passwords that have already been added to hacker databases, the common passwords using a word with numbers after it (e.g. strawman456) are also not secure.  
  • Avoid using your email address as a user name if possible.  
  • We have no control over whether a website we log into, from banking, to travel, to webmail, to business websites to leisure websites, will have a data breach or hack.  Much of Goodin's article deals with website security practices (encryption methods) that are beyond the role of most users.
  • But if you use the same user name and password on multiple sites, when any one of them is breached, the bad actors will always try to use these user names and passwords on more important sites.  
  • For example, reported breaches sometimes do not involve the actual site being breached, but instead that user passwords stolen from other sites were used to log in.  Dropbox has claimed this recently, Dropbox example, and Pi security expert Lawrence Charters has argued that the recent press about iTunes breaches involved not penetration of Apple networks, but instead use of users passwords scoured from other sites.
  • OTOH, says one of Goodin's sources, tech security advisor Per Thorsheim, "If your password at that site is unique, you have much less to worry about."
  • Use of a Password Manager program is highly recommended.  Goodin points to 1Password or PasswordSafe, and another used by some of my user group members is LastPass.  I use 1Password and one helpful feature is that I can list all logins by strength of password - this gives me the list of places for my to do of updating the password.

Comments

Post a Comment

Popular posts from this blog

EVs, Hyundai Ionic, Home Charging & Tesla Test Drive

Image
I thought it might be helpful to tell our story of shopping for EVs, our decision, and how it's worked out so far.  Comments, please! Our Plug in Prius We'd long owned a plug in Hybrid Prius , where plugging in to our regular driveway outlet, we'd get 9-12 miles on the 2nd battery, and for those local errands pretend we were driving an EV !  I think this Prius was one of the early vehicles with regenerative breaking , where use of the brakes adds electricity to the small extra plug in battery.  The biggest challenge to the plug in hardware was a habit to leave the cable outside, which resulted in corroding and no longer working.  So over the 12 years we owned it, we went through 4 different charging cables!   A cool charging story with our plug in Prius happened when we drove to Ashville, SC.  Approaching on the Rocky Mountain Highway, the road has a very long decline into the valley where Ashville lay.   I mentioned the regenerative breaking.  We...
Read more

The Current State of AI - My Experience

Image
  When a friend read my blog about our EV journey, she commented that people were more interested in what's happening with AI.  She challenged me about my AI assessment, so time to blog about it.  I last wrote about nascent AI two years ago,  https://kingsburyassociates.blogspot.com/2023/01/newest-ai-entrants-observations.html  and much has changed since then.   A number of these Chat bots are in wide use today.  Here is a short list: ChatGPT (by OpenAI) Google Gemini (by Google DeepMind / Google) Grammarly AI (by Grammarly Inc.) / Productivity-AI Engines Microsoft Copilot (by Microsoft) DALL·E / Other Image-/Creative-AI Engines (by OpenAI) Claude (by Anthropic) Character.AI Google Assistant I want to start with my own recent experience with ChatGPT and then the insights gained from the June & July meetings of my local MUG - Mac User Group, Washington Apple Pi.  I'll include links there to the group's website.  ChatGPT & Web search AI...
Read more

Experience hosting Corsica students, smaller world! Welcome students into YOUR home!

Image
 Introduction Courtesy of our local email lists, we learned of a program actually hatched by our Montgomery County schools for an exchange program of high school students from France and Spain.    The above image is a chatGPT generated image so no real people here!   Anyway, below is a quick synopsis of the program from the organization website of the program.  The International Friendship Foundation, (TIFF) is an organization created by Montgomery County Maryland educators for families who wish to experience the cultural and educational benefits of hosting a student from France or Spain. This particular February trip were students from Corsica, the French island in the Mediterranean.  This was a week long program so we signed up for it.   The program director, Steven Hancock, is a prince of a man, who sent us a sheaf of papers including thick packets from each of the students that would be staying with us.  One of the students didn't like fish -...
Read more