Domainating: Brands, Art & Content

artist/illustrator/designer/webmaster/copywriter/videographer/optimizer/promoter/ad-man

The Heartbleed Password Dilema

OK, the fallout from the ‘heartbleed’ bug is worse than I thought.  The problem is with how we, as humans, don’t manage a ton of passwords well.  It isn’t so much that we are lazy, but to avoid clutter in our mind, we re-use passwords across the internet to log-in to different websites.

But with the heartbleed vulnerability, the problem becomes worse because of our conservation of brain cells and the repeated username and password combination becomes yet another vulnerability.

You see, most people don’t come-up with a unique username and password for each site they have become a member of.  Most people reuse the same username over and over so that they can be identified as themselves by friends and acquaintances across networks.  Now, that would still be OK if the password used was unique for each and every website that user logged into using that username.  But because we are trying to make things simpler we usually only use a small index of passwords from which we draw our passwords, so that we don’t have to remember so many, because we know what it feels like to be locked-out.

It all has to do with username and password pairs.

So if a user logs in as “Gibraltor5” with a password of “1Ydd/R247” on a forum website that is compromised, the problem then becomes that the username and password pair are entered into a database and some malicious hacker will eventually try to use that username & password pair at other places, such as Yahoo, Twitter, Gmail, Facebook, Chase, CapitalOne, Amex, etc…

So eventually, someone will make a program that will actually try to login to all sorts of websites using “Gibraltor5” as the username and “1Ydd/R247” as the password, possibly even on a global scale.  Once more, they may not stop at one attempt.  They might wait a year or so and try again, just to check if the user had protected his accounts, but then gone back to his lazy ways.

So from now on, you have to create a unique password for every single site that you have ever accessed.

Even though Google may say that your Gmail and Google+ accounts are safe, they aren’t if you have ever used the same username and password combination ever before or afterwards on any site.  You can’t be sure that any certain site was or wasn’t compromised.   The username and password pair could have come from a site you don’t even remember joining.  So if you have a tendency, like most humans, to use the same password over and over, you have to stop that right now, go back to all the sites that you have ever been a member of, and change your password to something unique.

Now, if you are like me, you have lots of places that you frequent.  That means you will require so many passwords you won’t know how to keep them all straight without writing them down.  But if you write them on plain paper, or in a little black book of passwords like I used to do, you open yourself to having them ripped off and hacked that way, by your very own hand.

The best way to do it then, is use a password program that will keep all your passwords safe and handy.  Since I don’t always have my PC with me, but I try to always have my phone on me, I have to recommend Kuff’s Password Safe for the Android.  It allows you to generate unique jibberish style passwords on the fly, comes with 128 or 256 bit encryption to protect your entire catalog of passwords, categorize them, and more.  The one thing is that you must remember the password you will use to access the application, because there is no back door and without that one password, you will not be able to access the application again.  The good news is that you only have one password to remember, again.

Now, to top that off, you can also get another version for Windows, so that you can update and access your password data across platforms, as well as backup your data to remote servers such as Dropbox, SkyDrive & Google Drive, or to your local Windows machine.

Kuffs Password Safe on Google Play:
https://play.google.com/store/apps/details?id=uk.co.kuffs.free.passwordsafe

The developer’s website for Kuffs Password Safe (Android & Windows):
http://www.kuffs.co.uk/

If you do not have an Android smartphone and/or tablet, and you do not expect to upgrade to a smartphone, or if you prefer a Macintosh supported version, you will have to shop around.  But this little utility, a password safe, to secure all of your username and password pairs and other private information, encrypt the data to protect it from malicious hacker idiots, is now an important and vital component in the life of anyone who has or had an online lifestyle (meaning anyone who ever has done anything online).

Advertisements

April 17, 2014 Posted by | Apps, Business, Computing, Devices, Google, Internet, Security, Smart Devices, Social Communities, social media, Software, The Human Condition, User Interface eXperience, Web Design & Development, Windows | , , , , , , , , , , , , | Leave a comment

The Internet’s Broken Heart

Originally, I announced this security breach vulnerability by reblogging Tumblr’s announcement of it. But now I have a few further details. This is reblogged from my Blogger blog at:

http://blog.websitewebmaster.net/2014/04/heart-of-internet-is-broken.html

Which is reproduced below for your convenience…

By now, you have heard of the bug, “Heartbleed” that has nearly all manner of websites updating their system servers. Heartbleed is a radical security hole that was identified on April 7th, 2014, which allows malicious hackers to bypass the encryption of OpenSSL software which secures a majority of servers on the internet.

Only OpenSSL versions 1.0.1 through 1.0.1f which utilize the Heartbeat extension are at risk. You will have to contact your host in order to see what if you use the OpenSSL system and whether or not your server uses a version that is affected with the heartbeat extension compiled in.

SSL Security Certificates themselves are not broken, though if you are using OpenSSL on your server, you should have your administrator upgrade to version 1.0.1g immediately, wipe the server cache, and then reboot.

You should also advise your users that they should secure their account with a new password because of the threat this security vulnerability.

Users who participate in any membership on any website should also make the rounds, find if your service has addressed the issue, make sure that they have or will, and once they have, change your password.

This is a huge frick’n deal. It will inconvenience all of us (at the least) for a very long time. The worse case scenario is that you might have your personal information that is stored on any server, stolen. So the whole of the internet, administrators and users, have to address this issue immediately.

April 14, 2014 Posted by | Brands, Business, Internet, Security, The Human Condition, User Interface eXperience, Web Hosting | , , , | Leave a comment