Random Post: Protect Your Online World
RSS .92| RSS 2.0| ATOM 0.3
  • Home
  • About Me
  •  

    LastPass

    November 9th, 2009

    Once upon a time I frequently reused passwords. So if you knew my dogs name, or what kind of car I drove, you could easily have pretended to be me with just a little extra work. This is obviously a very bad idea, but I’m sure many people struggle with managing passwords for web sites and computer systems you access on a regular basis.

    Passwords are keys to your identity.  If a malicious person were to figure out your email password, what harm could they cause?  Could they quickly gather the names and contact information for your friends and family?  Could they figure out where you bank?  Could they reset your bank password by telling your bank that your password was forgotten?

    A researcher who examined 10,000 Hotmail, MSN and Live.com passwords that were recently exposed online has published an analysis of the list and found that “123456″ was the most commonly used password, appearing 64 times.
    Wired Magazine

    Here are my tips for choosing the best passwords:

    • Use different passwords for every site/application.  Do not reuse them.
    • Change passwords frequently.  The more you use a password, the more you should change it.
    • Keep your passwords secret.  Guard them as if they were keys to your identity — they usually are.
    • Consider using a random password generator.
    • Consider using passphrases (e.g. Myhouseismadeofwoodandhasyellowsiding!)
    • Consider using acronyms (e.g. Mhimowahys!)
    • Do not use words, birthdays, family and pet names, addresses, or any other personal information in your passwords.
    • Do not use repeat characters such as 111 or sequences like abc, qwerty, or 123 in any part of your password.

    I strongly recommend using a password managment tool for three important reasons.

    1. Tools remember many passwords so you don’t have to.
    2. Tools can type passwords for you.  This makes strong passwords easy to use.
    3. Tools can create strong passwords which are complex, unique, and random.

    I have previously blogged about software based password managers PasswordSafe and KeePass.  Both remain excellent ways to manage your passwords.  I have now begun using a new online password manager services called LastPass.  Why change?  The primary reason is that I can now access my password database from my iPhone.  Otherwise, KeyPass is great!

    LastPass is an online service that stores your password data both on your PC and “in the cloud” so that you don’t need to carry it with you.  Remote storage means you can access your accounts from anywhere you have an Internet connection.  LastPass addresses privacy concerns by only storing data in encrypted form (256-bit AES).  They don’t have your encryption key, and the encryption / decryption is all done on your PC.   As a result, LastPass cannot actually read any of the data they store for you.  You can read the technical details here.  You can also save a copy of your encrypted password database on a USB memory key, and use standalone LastPass software to access it.

    For the ultra-paranoid among us, LastPass supports multi-factor-authentication mechanisms.  Requiring a combination of something you know (a master password) with something you have (like a YubiKey) to access your data makes it very safe.

    One of the unique features of LastPass is the ability to use a PDA to store your password database.  LastPass has mobile versions for iPhone, Blackberry, Android, and other mobile platforms.  I use the iPhone version which updates my local copy every time I start the software (if an Internet connection is available.)  Now I don’t even need a PC to find a password!

    LastPass has an assortment of YouTube videos that explain how their solution works, and tips for using it effectively.  I recommend you watch a few of these videos before getting started.

    I was able to quickly import my existing password database from KeyPass to LastPass.   Unfortunately the two tools use different methods to auto-type your credentials, so I did need to adjust some of my entries once they were imported.

     


    Windows Cleanup

    May 3rd, 2009

    One downside to using Windows regularly is how performance seems to degrade over weeks and months of normal system usage.  In my experience, the root cause is typically sloppy and/or malicious software. 

    Bad software frequently leaves a mess of temporary files, extra registry entries, and sometimes extra software components you are not aware of.  This problem is increased with frequent web surfing as many popular websites actually install software on your PC as you browse.

    You should already be running some sort of Anti-Virus software.  Such software updates itself daily with signatures of known viruses.  At home I use Trend AntiVirus (one license covers several machines.)  At work I use Symantec (because thats what my employer pays for.)

    AntiVirus software does not typically detect all of the bad stuff that may be on your PC.  I use two additional free utilities on a regular basis.  You may want to try them for yourself.

    CCleaner

    CCleaner is a nifty utility that scans and deletes extra stuff that can bog down your PC.  It also removes logs of your activity that many common programs create.  It is a free download, and is free to use.  Note that the setup wizard will install a web browser toolbar by default, so I always remember to “uncheck” that box.

    CCleaner is a freeware system optimization, privacy and cleaning tool. It removes unused files from your system – allowing Windows to run faster and freeing up valuable hard disk space. It also cleans traces of your online activities such as your Internet history. Additionally it contains a fully featured registry cleaner. But the best part is that it’s fast (normally taking less than a second to run) and contains NO Spyware or Adware!

    Malware Bytes Anti-Malware (MBAM)

    Malware Bytes Anti-Malware (MBAM) is great utility that scans your system for “malware.”  Malware is software you don’t generally want on your PC, even though it isn’t technically a virus.  A classic example of malware is software that advertising companies quietly install to track what sites you visit, and sometimes interrupt you with advertising popups.  MBAM does a good job of finding and removing garbage that your AntiVirus software may ignore.  MBAM is free to download and use, however they offer a “premium” version that costs money but runs automatically in the background.

    We at Malwarebytes have created an easy-to-use, simple, and effective anti-malware application. Whether you know it or not your computer is always at risk of becoming infected with viruses, worms, trojans, rootkits, dialers, spyware, and malware that are constantly evolving and becoming harder to detect and remove. Only the most sophisticated anti-malware techniques can detect and remove these malicious programs from your computer.

    What other tips can you share?  What utilities do you use to keep your Windows clean?

     Bug


    Email – Finder or Filer?

    October 20th, 2008

    I just read a great blog post here that speaks to a transition I recently made myself.

    I have been an Exchange/Outlook user since 1996, before Outlook was even a product.  During those years I developed systems of email folder heirarchies that I used to “file” my email.  These heirarchies changed year-to-year as I changed projects or jobs.  This filing helped me find relevant email on any number of topics when required.

    I also have a no-delete policy for email.  I don’t delete anything.  My theory is that storage will continue to get cheaper, and search functionality will continue to improve.  Once my mailbox size became large, I started creating an annual “PST” archive file so that my primary mailbox would stay manageable.  Over the past twelve years I’ve amassed many gigabytes of email.

    Last year I began using Google Mail’s web interface as my primary personal email client.  Around the same time I saw an “Inbox Zero” presentation by Merlin Mann which was very thought provoking.  After a short time my habits changed dramatically from being an email filer, to an email finder.  I highly recommend it to anyone who spends time moving emails from your inbox to other folders in an attempt to organize your email.

    When using Google Mail, I immediately archive any message that doesn’t require me to perform a follow-up action.  Those that require follow up stay in my inbox until I’ve completed the task.

    When using Outlook I flag messages requiring follow-up.  Messages from high-volume email distribution lists are automatically moved to Inbox subfolders via the Rules feature.  Others emails simply stay in my Inbox or their distribution list folder until Outlook AutoArchive moves them to a PST file.

    The advantage to “finding” is that you don’t spend time filing on a daily basis.  I don’t even label much as I can almost always think of keywords, senders, or recipients that narrow my search sufficiently.  The only filing and labeling I do is automated with filters.  Email from active distribution lists gets automatically tagged and/or filed appropriately.

    Are you a finder or a filer?

    messaging_gmail


    High Speed Personal Scanner

    October 5th, 2008

    I prefer to store documents digitally, rather than with paper in drawers.  I have long sought a way to quickly convert paper documents into digital form for archival and search/retrieval purposes.  I recently found a great product which sits on my desk, and does exactly that.

    Fujitsu ScanSnap S510 Instant PDF Sheet-Fed Scanner

    Increase productivity in a snap with the Fujitsu ScanSnap S510 Sheet-Fed Scanner. The S510 digitizes both sides of a document in a single pass at up to 18 pages per minute in color, making it ideal for a small office or home office environment.

    Changing how documents are managed

    • One button scanning to searchable PDF
    • Scan directly to Microsoft® applications
    • New multifunction Quick Menu feature
    • Easily protect, preserve, & share documents
    • Business card scanning
    • Color Duplex 18 pages per minute
    • Adobe® Acrobat® 8.0 Standard

    The Fujitsu ScanSnap S510 is around the size of a toaster.  I can put a document in its feeder tray (up to 50 pages at a time) and just hit go to start.  Both sides of each page are scanned simulateously.  When its done, a PDF is created and OCR processes begin.  It sits just to the right of my monitor in prime desktop realestate.  I use the ScanSnap regularly to scan bills, paper correspondence, and even drawings created by my kids.

    My only complaint is that the scanner driver is not TWAIN compliant, so applications like PhotoShop, and NeatReceipts don’t recognize it.  The “workaround” is to use the ScanSnap to scan first to PDF for import to other applications.

    Update: I should point out that this product is not cheap.  The average price is around $400.  At the moment, a $50 mail-in-rebate is available though October 2008 at Newegg.com.

    s510_header


    KeePass

    October 1st, 2008

    Once upon a time I frequently reused passwords. So if you knew my dogs name, or what kind of car I drove, you could easily have pretended to be me with just a little extra work. This is obviously a very bad idea, but I’m sure many people struggle with managing passwords for web sites and computer systems you access on a regular basis.

    Passwords are keys to your identity.  If a malicious person were to figure out your email password, what harm could they cause?  Could they quickly gather the names and contact information for your friends and family?  Could they figure out where you bank?  Could they reset your bank password by telling your bank that your password was forgotten?

    A researcher who examined 10,000 Hotmail, MSN and Live.com passwords that were recently exposed online has published an analysis of the list and found that “123456″ was the most commonly used password, appearing 64 times.
    Wired Magazine

    Here are my tips for choosing the best passwords:

    • Use different passwords for every site/application.  Do not reuse them.
    • Change passwords frequently.  The more you use a password, the more you should change it.
    • Keep your passwords secret.  Guard them as if they were keys to your identity — they usually are.
    • Consider using a random password generator.
    • Consider using passphrases (e.g. Myhouseismadeofwoodandhasyellowsiding!)
    • Consider using acronyms (e.g. Mhimowahys!)
    • Do not use words, birthdays, family and pet names, addresses, or any other personal information in your passwords.
    • Do not use repeat characters such as 111 or sequences like abc, qwerty, or 123 in any part of your password.

    I strongly recommend using a password managment tool for three important reasons.

    1. Tools remember many passwords so you don’t have to.
    2. Tools can type passwords for you.  This makes strong passwords easy to use.
    3. Tools can create strong passwords which are complex, unique, and random.

    A while back I wrote a post about PasswordSafe, which I used to manage my usernames and passwords.  I later switched to a different tool named KeePassKeePass is also free and open source, but I think it is also easier to use.  I now also use LastPass which is a different on-line based password manager.

    KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish). For more information, see the features page.

    The ability to auto-type usernames and passwords is infinately flexible with KeePass.  Auto-type is a very important feature, although I can understand why you may not initially think so.  Think about the strongest types of passwords.  They are long, complex, unique, and full of many different character types.  Do you want to type those in manually each time?  Once I switched to KeePass, my normal password length increased to 20 or more randomized characters wherever possible.  Since I don’t have to remember or type them, I prefer the really long/complex ones.

    To manage my password database across several computers, I use FolderShare to synchronize it between systems.  This keeps my database of (as of writing 317) passwords the same across all my systems.  Occasionally I also copy the password database file to a USB flash drive so I can access accounts when I’m not using one of my own computers.

    KeePass has many other great features.  The listing of features below links to their website.

  • Strong Security
  • Multiple User Keys
  • Portable and No Installation Required
  • Export To TXT, HTML, XML and CSV Files
  • Import From Many File Formats
  • Easy Database Transfer
  • Support of Password Groups
  • Time Fields and Entry Attachments
  • Auto-Type, Global Auto-Type Hot Key and Drag&Drop
  • Intuitive and Secure Windows Clipboard Handling
  • Searching and Sorting
  • Multi-Language Support
  • Strong Random Password Generator
  • Plugin Architecture
  • Open Source!
  • Some websites with more complicated authentication schemes will require customization of the auto-type string.  The software “help” references provides details on how to do this.

    keypass