Password Security

The Big Security Blunder by Apple

It was recently announced that Apple’s FileVault software had a serious error that exposed user’s passwords.  FileVault is a program that stores users passwords on their computer.  A programming mistake caused the passwords to be stored as plain text instead of encrypted.  That means that anyone one – or any malicious bot – could have stolen passwords without any effort.

Apple has fixed the flaw and it is recommended that all users apply the appropriate update.  The update affected the OS X Lion operating system. It is always good security practice to keep your computer up to date with the latest software releases.

If you were infected, you should create new passwords using our password generator just to be on the safe side.  It never hurts to be more secure.


An introduction to Spyware

From the time that computer viruses first appeared in the late 1980’s, there has been a constant battle to defend our computers from malicious attacks and protect our privacy. In recent years the use of Spyware as a means to gather an individual’s personal data has become widespread, representing a serious threat to the personal privacy of computer users around the world.

Most computer users are familiar with the concept of virus.  By definition a virus is designed to maliciously damage data on a computer, self replicate and spread to cause further harm. Unlike a virus, Spyware does not corrupt data on a computer and will generally go undetected by anti-virus software products. Spyware is any unwanted software or technology that gathers information about a person or organization without their knowledge. Spyware may also alter the settings of a computer. Like a Trojan horse; Spyware runs undetected in the background, without the user’s knowledge. Its purpose is to report on the activities and preferences of the user. This information is then transmitted in the background to advertisers or interested parties.  The information that Spyware gathers ranges from fairly innocent (such as the web sites an individual has visited), to potentially dangerous (such as bank account details, or usernames and passwords). Spyware can cause severe privacy problems for an individual whose computer becomes compromised.

Data collection programs that are installed with the user’s knowledge are not considered Spyware if the user knows what data is being collected, and with whom it will be shared. However, Spyware is often installed without the users consent as a software virus, drive-by download or as the result of installing a new program. Many Spyware applications are bundled as hidden components of popular freeware, shareware and commercial products. Spyware can also exist in any form of executable found on web pages including applications, installers, active X, plug-ins, scripts or applets. The most widespread method of installing Spyware is known as a drive-by download.  A drive-by download occurs when the action of visiting a seemingly innocent web page, causes unwanted Spyware to be downloaded and installed on an individuals machine without their permission.

Many types of unwanted and potentially dangerous types of Spyware exist today. The prevalence of Spyware software and technologies increases daily, mirroring the exponential growth and popularity of the internet.  The creators of Spyware cannot ignore the opportunity to gather the personal data and surfing habits of unwitting users. For this reason Spyware will continue to be created in order to influence and manage our behavior, and to further the gains of its creators. As long as our personal Information is worth money, the growth of spyware will continue.

Password Security

How to Manage and Remember Computer Passwords

The days when most of us had one password to logon and one more to access the internet are gone. Many sites now demand registration and a password and few of us can remember them. Depending on the level of security you need, there are various strategies for creating memorable passwords and managing them effectively.

Passwords for basic security

The easiest way to simplify password proliferation is to use the same one for everything. This is not recommended unless someone else gaining physical or web access to your details is not an issue. There are hackers and scamsters out there and using the same password is like giving them your front door key. Create different passwords for every account and if you can’t remember them then the easiest option is simply to store a list on your computer.

If your computer remembers them for you, you might still need to access them if you’re away from home. One option if you have a web-based email service like Yahoo, Hotmail or Googlemail, is to send them to yourself in a message so you can retrieve them wherever you are. (Don’t put ‘passwords’ in the subject field!)

Higher level security

For top level security, don’t let your browser remember your passwords for you and keep your passwords in your head. If you don’t want to spend time doing the ‘reset password’ dance and waiting for an email to come in to reactivate your account, the key is creating memorable passwords that are sufficiently strong.

Creating good passwords – and remembering them

Many sites will ask for a password that is at least eight characters and includes at least one number. Some are also case-sensitive. The secret for a memorable password is to work to a template made of several easy-to-recall components. For example, in number + letters + letters, number could be the first four digits of your phone number + an acronym for the site the password is used to access + either date, month or year of birth: 5552spmk70 for your supermarket shopping.

It doesn’t look memorable, but the key is that you can work it out. By varying the last number you will still have a substantially different passwords that only give you three options if you get it wrong, so most sites won’t shut you out. For additional security add one capital – perhaps the last letter of your site acronym: so 5552spmK70.

The template as mnemonic can be varied almost infinitely according to your preferences. Make it more complicated if you like (generally speaking, the more letters and letter-number-case combinations, the harder it is to crack). If you have two passwords for one site, make one the other one backwards.

Be creative

With imagination and a little effort you’ll be able to manage and remember computer passwords galore, or at least have a good shot at guessing if your memory fails you.

Password Security

Password Do’s and Don’ts

Five “Don’ts” & Five “Dos” for Better Passwords

1. Don’t leave passwords blank.
2. Don’t use your username as a password.
3. Don’t use identifiable information (such as a birthday).
4. Don’t write passwords down.
5. Don’t use auto-fill for passwords (especially on public computers).
6. Do use 8 characters or more.
7. Do use a combination of uppercase, lowercase, numbers, & symbols.
8. Do memorize your password.
9. Do change your password periodically (at least every 60 days).
10. Do keep your password a secret.