The Heartbleed Password Dilema
OK, the fallout from the ‘heartbleed’ bug is worse than I thought. The problem is with how we, as humans, don’t manage a ton of passwords well. It isn’t so much that we are lazy, but to avoid clutter in our mind, we re-use passwords across the internet to log-in to different websites.
But with the heartbleed vulnerability, the problem becomes worse because of our conservation of brain cells and the repeated username and password combination becomes yet another vulnerability.
You see, most people don’t come-up with a unique username and password for each site they have become a member of. Most people reuse the same username over and over so that they can be identified as themselves by friends and acquaintances across networks. Now, that would still be OK if the password used was unique for each and every website that user logged into using that username. But because we are trying to make things simpler we usually only use a small index of passwords from which we draw our passwords, so that we don’t have to remember so many, because we know what it feels like to be locked-out.
It all has to do with username and password pairs.
So if a user logs in as “Gibraltor5” with a password of “1Ydd/R247” on a forum website that is compromised, the problem then becomes that the username and password pair are entered into a database and some malicious hacker will eventually try to use that username & password pair at other places, such as Yahoo, Twitter, Gmail, Facebook, Chase, CapitalOne, Amex, etc…
So eventually, someone will make a program that will actually try to login to all sorts of websites using “Gibraltor5” as the username and “1Ydd/R247” as the password, possibly even on a global scale. Once more, they may not stop at one attempt. They might wait a year or so and try again, just to check if the user had protected his accounts, but then gone back to his lazy ways.
So from now on, you have to create a unique password for every single site that you have ever accessed.
Even though Google may say that your Gmail and Google+ accounts are safe, they aren’t if you have ever used the same username and password combination ever before or afterwards on any site. You can’t be sure that any certain site was or wasn’t compromised. The username and password pair could have come from a site you don’t even remember joining. So if you have a tendency, like most humans, to use the same password over and over, you have to stop that right now, go back to all the sites that you have ever been a member of, and change your password to something unique.
Now, if you are like me, you have lots of places that you frequent. That means you will require so many passwords you won’t know how to keep them all straight without writing them down. But if you write them on plain paper, or in a little black book of passwords like I used to do, you open yourself to having them ripped off and hacked that way, by your very own hand.
The best way to do it then, is use a password program that will keep all your passwords safe and handy. Since I don’t always have my PC with me, but I try to always have my phone on me, I have to recommend Kuff’s Password Safe for the Android. It allows you to generate unique jibberish style passwords on the fly, comes with 128 or 256 bit encryption to protect your entire catalog of passwords, categorize them, and more. The one thing is that you must remember the password you will use to access the application, because there is no back door and without that one password, you will not be able to access the application again. The good news is that you only have one password to remember, again.
Now, to top that off, you can also get another version for Windows, so that you can update and access your password data across platforms, as well as backup your data to remote servers such as Dropbox, SkyDrive & Google Drive, or to your local Windows machine.
Kuffs Password Safe on Google Play:
https://play.google.com/store/apps/details?id=uk.co.kuffs.free.passwordsafe
The developer’s website for Kuffs Password Safe (Android & Windows):
http://www.kuffs.co.uk/
If you do not have an Android smartphone and/or tablet, and you do not expect to upgrade to a smartphone, or if you prefer a Macintosh supported version, you will have to shop around. But this little utility, a password safe, to secure all of your username and password pairs and other private information, encrypt the data to protect it from malicious hacker idiots, is now an important and vital component in the life of anyone who has or had an online lifestyle (meaning anyone who ever has done anything online).
Android Web Browser Recommendations?
I have found that it is almost impossible for me to use Chrome intuitively on my Samsung Galaxy Note II. The problem is that when I am scrolling around with my finger, Chrome almost always closes my browser window because it mistakes the scroll as a flick intended to shut down that window. This has become entirely too common, and I can find no settings to disable this “feature” bug or even to adjust the speed required of a flick.
Hell, I want the flick to scroll my page (a long way) and this is counter intuitive to the way I use my mobile devices. I would think that it would be counter intuitive to anyone, since this is exactly how we use our browsers on a computer when we flick the mouse wheel (or touch device) to scroll way down a long page. It can’t be just my problem.
C’MON, GOOGLE! Get with it. To have to find the same page all the time is a pain in the ass and a waste of time. I know how to get rid of a window. Maybe you should bone-up on how users use their devices. Really!
Anyways, I really need to find a decent browser that won’t exhibit the same misguided disrupting user experience. I have tried many browsers, and if it weren’t for this vital flaw in Chrome I would say that it is the best browser out there. But, this one thing upsets my user experience constantly, and makes using my phone extremely hard (when it obviously should not be).
So far, I have tried the following browsers:
- FireFox
- Dolphin Browser
- Opera Mini
- Skyfire
- One Browser
- UC Browser
- Plus, the standard “Internet” browser that the Galaxy Note II is shipped with.
For some reason or another, each of these has fallen way short of the mark of being a good browser. Most often, the singular reason that it didn’t work for me is that it didn’t work reliably on my mobile device. And I need it to work on a couple cheap tablets and my old Droid X as well, so that I can be in familiar territory across all devices. Plus, I have to eliminate crap software because otherwise my cheap devices get bogged down and don’t run well (I can really only do a few things, one at a time, on the slower/cheaper devices, so that they wind-up dedicated to only a couple of tasks because they have little usable memory and therefore I can’t install much on them).
My biggest problem is that no browser works reliably on any device, much less across all of my devices. The Droid X and my 7″ tablet only has a single core 1GHz processor while all of my other cheap tablets have at least a 2 core processor.
I use my mobile browser a great deal no matter which device I am on, though. So it is essential to the operation of any mobile hand held unit that I will utilize. And I am often inputting information on forms, so it should definitely support ‘https://’ (secure hypertext transfer protocol) connections and Secure Socket Layer (SSL) security certificates, warning me if there are any issues with any of the certificates. But above all, it has to be reliable and Chrome Browser just isn’t because I am constantly losing input data when I just want to scroll a bit farther down to the next screenful of the web page presentation.
So, my obvious question is that I would like to know form others what is the best all around web browser for multiple hand held mobile devices and tablets that is reliable?
Theme Upgrade Crap
The theme for this blog, Andreas04, was upgraded to “Able”. I personally think that Able is crap and is the absolute kind of theme I am trying to avoid, one that lacks creativity of any sort.
To that end I have been strained trying to find a new theme. Which also keeps me from posting anything new, because I arrive at my dashboard and am presented with a problem indicating that my theme won’t work well, or might not even be around, for much longer. hence I go look for themes and get lost in a sespool of muck & mire.
Business Apps: Password Safe
Although I have already reviewed Kuff’s Password safe on my android apps & widgets blog called Widget Droid, most readers here probably don’t realize that Kuff’s Password Safe is also the very best Password Safe/Vault application on Windows machines, as well.
So here is a link to my article on the very best Password organizer and encrypted safety app on the market…
What’s the Very Best Password Safe?
Just remember the master password that gets you into the program. 😉
Outlook 2010
Well, my wife has had a little time to get used to how Outlook 2010 does things now. So this is a brief update on our impression of it…
My wife likes it, but has some issues. The same issues cause me to think that it is a worthless piece of crap.
- Old contacts from Windows Vista Mail were never imported. Not doing this automatically (or at least asking permission to) is just pure stupidity. What was the sense in transferring everything over from Vista in the first place? To have the old files, yes, but also to have the very same application data and configuration. Outlook 2010 is pathetic because it craps on the whole idea of maintaining a so-called “seamless” upgrade path. This is absolutely inexcusable and stands a testament to the absolute thoughtlessness and complete lack of vision of the entire Outlook development team.
- Multiple accounts?: Multiple Inboxes! This in itself is completely void of intelligence. The fact that Outlook has to have multiple inboxes for multiple email addresses and never incorporates them all into a streamlined universal inbox is beyond the realm of stupidity. This is yet another stupid task that should have been done completely automatically.
- Adding contacts is pretty awkward as well. You don’t get access to this function unless you have an email previewed. THEN you can add its contact and have access to the contacts. But not until you have an email cued-up somehow. Really? I mean, maybe the only reason I ran the damn program was to change Aunt Len’s address because she moved. And the social contacts is just in the way. My wife doesn’t participate in any social networking sites, so it is just in the way and confusing her.
Really Microsoft? With the release of Windows 7 I was finally ready to take you seriously, and more than just a necessary business toy that I was required to have and support. But Outlook 2010 can’t incorporate the simple email functionality that we have come to expect from every other email program in the world? C’MON, MAN! C’MON YOU MULTI-BILLION DOLLAR INTERNATIONAL CORPORATION! Get with it.
I already started taking Microsoft seriously when I found that their hardware products were so damn good (XBOX, mice and keyboards). But I have still been waiting a very long time for them to develop any usable software products. With Windows 7 I thought that Microsoft had started producing software that actually worked, but they have completely dropped the ball with any other software packages they produce (Expression, Publisher and IE8/9 are direct examples of this ineptness). With Outlook 2010’s pathetic featureless release I don’t really expect Microsoft to ever get what users expect out of their computing experience.