password posts

In a new post on Twitter's Status blog, Twitter points out that a sudden surge in followers on a few select accounts was due to a large number of insecure passwords being used by regular Twitter users. What's happening is that users are re-using passwords that they've used on other sites, and some of those other sites turn out to have not been secure.

That's the thing; as soon as any of the sites you log in to gets compromised, the email address or username and password associated with it can be tried by the bad guy on various other services. Since most people re-use passwords, there's a high likelihood that they will gain access to your account. From there, who knows what kind of damage they might cause. If you're lucky, you'll notice something's amiss.

This should be a wake-up call for all users who use the exact same password, or a predictable variant at each site they log in to. If you haven't already, right now is as good a time as will ever be to make sure you're using unique passwords for all of your online services. You never know when one of them might get compromised.

Do you hate having to remember different passwords for every site you sign up for? Google sympathizes. They're working on a way to let you keep far fewer passwords in your life on the web. It's actually something that sites like Plaxo and Facebook already do: allowing you to register for a site by sharing information from an existing account (like your Gmail, for example).

The information never gets stored by the new site you're signing up for, so using your existing credentials is both convenient and secure. Plus, you don't get one of those annoying email messages asking you to confirm your account. (Is it just me, or do those things get marked as spam most of the time, anyway?)

Google's working on some code that will let companies offer this service - it's called "hybrid onboarding," technically - to their users. It's not going to have an immediate impact, but I hope this will cause more sites to get on board with hybrid onboarding and ditch the annoying signup processes and endless passwords.

[via AppScout]

A number of Download Squad readers have been echoing the same sentiment in recent posts about Google's browser: as soon as LastPass is available, we're leaving Firefox for good.

Well, gang, grab your parachutes, it's time to bail! The LastPass crew has released an alpha version of their Google Chrome extension, and it rocks. Check out the screens after the break!

I've been using the LastPass bookmarklet for a while now to securely access my password vault from my iPod Touch. It gets the job done, and it's certainly much easier than re-entering all my passwords into Safari.

Yesterday, I received an email from LastPass' Joe Siegrist with some exciting news: they've been quietly working on an iPhone app, and were ready to let me take it for a test drive. So far, it's looking good.

In addition to providing secure access to your LastPass vault, the app also includes a useful notepad function. It's a good place to store sensitive informations on your iPod, and the notes are also accessible via the web interface. They get stored in your vault in a group called (logically enough) secure notes.

Once you've signed in to the app with your master password you can browse or search for a site and log in. Press the go button, and the login page is displayed with your details pre-filled.

The toolbar currently includes forward and back buttons, return (to go back to the iLastPass main screen), and a LastPass button to take care of form filling duties. The form fill is a real time saver on the iPod and makes site registrations and checkouts a breeze.

Want to see more? Check the gallery after the break! Keep in mind that LastPass is still in development, so there will likely be changes/improvements before it hits the App Store.

With more and more web sites and services offering OpenID for authentication, you may want to use your own domain name as an OpenID provider instead of selecting from the wide array of other providers (like Blogger, AOL, Wordpress.com).

phpMyID is a pair of PHP files that allow you to easily use your domain name for authentication to OpenID-supporting sites like Sourceforge, Skitch, and Technorati.

To use phpMyID (substitute "yourwebsite" with your domain name or website address):

If you need a way to prevent users from launching certain programs on an XP or Vista Home system, have a look at Empathy.

Users of XP Pro or Vista Business/Ultimate don't technically need to bother with a program like this. It's fairly easy to use secpol.msc to set up software restrictions on a PC. Empathy, however, will be easier to set up for the average user.

There's nothing to install - just extract the zip file to a folder and run the executable. Browse to the executable you want to protect and enter a password. The unregistered version is limited to a single character, which ought to work fine in a home environment. After all, most people will probably think it's a multi-character password, guess incorrectly, and give up after a few failed attempts.

Empathy is "postcardware," which I hadn't encountered yet. Developer Michal Strehovsky will gladly send you an unlock code, as long as you send him a picture postcard. Nice!

[ via gHacks ]

When I first wrote up LastPass, two of the big features it lacked that a lot of people were looking for were portability and the ability to remember form data. Their development crew has been hard at work ever since and have just released a new version of the add-on as well as LastPass Pocket.

If you're not familiar with it, it's a plugin for both IE and Firefox designed to securely keep your web logins securely synchronized across multiple computers. It's got a ton of great features like a secure password generator, single click login, onscreen keyboard (to thwart keyloggers), and secure password sharing (in case you need to give a friend access to an account).

I was happy enough being able to keep all my logins in sync on all my machines, but the form filler is definitely going to save me some headaches. To see it in action, check out the LastPass screencast.

Since practically every website requires some sort of user registration, I decided to purchase 1Password to manage all of my login credentials. 1Password is a Mac-only password manager that can also store secure notes, "wallet" information, and identity data.

Rather than use a single password for all of the websites I access, or try to create a convoluted password algorithm to have a list of unique passwords, I use 1Password to generate long, nearly impossible to guess passwords that are unique to each website. In the off chance that someone figures out one of my passwords, they will only have access to that one site instead of everything.

1Password can also auto-fill my login information or my registration information (common answers like name, address, etc.) to speed up my web browsing. It can sync all of my information to my iPhone (and accompanying free iPhone application), a Palm, or the my.1password.com service so that I can maintain my password security when browsing on my phone or without my laptop.

You've no doubt learned to take the various claims software developers make about their products with a grain of salt, but the gang at Lastpass may be right on with theirs. Lastpass may just be the last password you'll ever have to remember.

Other DS bloggers have looked at plenty of other options, like Passpack and good ol' Keepass. Lastpass has put together an extremely worthy competitor, and I was impressed with how it performed in my test runs.

Lastpass installs as two parts: the core application and as plugins for both Firefox and Internet Explorer. All data is encrypted on your PC, and only your encrypted file is stored on the Lastpass servers. It's also cross-platform, so you can sync your password data to Windows, Mac, and Linux PCs.

During install, the manager effortlessly captures and imports local passwords from both browsers (which shows you just how much you need an encrypted password store) then gives the option to clear them. It also does imports from RoboForm, Keepass, Password Safe, and MyPasswordSafe.

Passpack is an online password manager application that lets you store all of your passwords for web sites, bank accounts, or pretty much anything else in one place. The advantage of storing this info on a web site is that you can access it from any computer. So if you're used to relying on your web browser's password manager to login to your Yahoo!, Google, eBay, and other accounts, you might run into some trouble when using a friend's computer.

But if you're a bit paranoid about storing all of your most important passwords online, we don't blame you. Fortunately, Passpack has recently released a desktop application built on Adobe AIR that lets you manage your passwords without opening a web browser. You can choose to synchronize Passpack Desktop with the web version of Passpack. But you don't have to. In fact, you don't even need to sign up for an account to use Passpack Desktop. All you have to do is install the application, choose a username and a security phrase and start entering data which will be stored on your computer.

The password manager is easy to use. Just enter a title, user ID, email address, and password for each site or service. You can add links, tags, or notes. When you need to find the correct password, you can just search for the site name or a keyword and you should be able to find the correct password. It's not quite as convenient as browser-based password manager that automatically fills in forms for you. But the optional synchronization feature almost makes up for the lack of the browser integration.

Not really.

Forgetting your password to Yahoo!, Gmail, Twitter, Hotornot, or "other" sites can be downright annoying and maddening. It's not a cute situation at all.

But now it might be with the software Cute Password Manager.

For some reason, we end up with 12 different passwords for 25 different sites. It never fails. So a password manager is nothing new.

What does Cute offer that's different? Well let's take a look:

• AutoSaving passwords in your browser saves time. Firefox and others has this built in, but it's nice to have something outside of the browser in case it crashes and dies.
  
• Cute will generate really strong passwords for you to manage. So you could unify all of your passwords with one that's solid. And you don't have to remember it.
  
• Encrypt passwords and personal data using AES.
• Info is stored on your PC only (No Macs though...boooooo)
• Backup & Restore, Print your passwords.
• Fights Phishing by filling passwords only on matching web sites.
• Imports & Exports your passwords with text and csv format file.

Our main question is, is there a password to get to the password manager (yes, actually there is a master password)? And if you forget it, do you need a password manager for that?

Exhausting.

Also, how secure is this if you have more than one person using your computer? There might be certain sites you don't want your um significant other um...discovering?

But hey, that's on you.

Don't get too cute, but feel free to save some brain space by flushing out your internal memory cache. It's free, so give it a try and let us know what you think!

It happens to everyone. You have so many usernames and passwords that you can't remember them all. Fortunately, Facebook, Gmail, and about a billion other online services have a "forgot password" link. Just click it and the web service will either email your password to you or allow you to reset it and enter a new one.

But what happens when you forget the password for your operating system. Not that this has ever happened to us, but hypothetically let's say we were trying to perform a fresh install of Ubuntu on a laptop this afternoon. We zipped through the installation screens so quickly that we may have accidentally inclued a typo in our password. So when the installation was complete, our (still hypothetical) computer booted up, loaded a splash screen, and then wouldn't let us login no matter how many variations of our password we type.

While you might think the easiest thing to do is reinstall Ubuntu, (after all, this is a clean install so it's not like we'd be losing any data on our hypothetical system), you can save yourself 15-30 minutes by changing the password. It turns out you don't have login to change your password. As we discovered thanks to a useful post on the Ubuntu forums, you can do it from the bootloader screen. Check out the 5 easy steps after the jump.

Password Bird is a simple online service that will create a password based on a number of personal markers. Because the password is culled from a few names and dates that are important to you, the hope is that the password will be easy to remember but remain hard to crack.

So how does it work? When you visit Password Bird, you are prompted to enter in three items:

• A name that is important or special to you
• A word that is special to you
• A date that has personal significance

After that, you hit the create password button, and Password Bird goes to work. The next page will show you the customized password. If you don't like the password, Password Bird can quickly generate a new one based on the personal markers; or, you can choose to start over completely with a new set of words and dates.

The question is, does Password Bird make secure, yet easy to remember, passwords? In our test, we used the name Simon, the word Technology, and 1/1/2000 for the date. Here's what Password Bird came up with:

00simogy
01tecmon
ogysim00
simtec20

It doesn't take the guy from A Beautiful Mind to see a pattern here.

What do you guys think? Useful service or not?

[via Technobuzz]

Password Meter is an online tool that will let you find out whether your birthday, anniversary, or dog's name are really as secure as you think they are. But better yet, unlike password analyzers that we've covered in the past, Password Meter will provide you with real-time feedback beyond a security score. It will also show you how the points are calculated.

For example, the more characters you include, the higher your score. The same goes for the type of characters. If you use upper and lower case letters, numbers, and symbols, you're probably in good shape. You'll be docked points if you use just number or just letters, and if you repeat characters you're docked more points.

If you've got too much free time on your hands, you can use another tool we previously covered, Strong Password Generator to create secure passwords and then enter them into the Password Meter to see how they fare. But good luck actually remembering the random passwords created by Strong Password Generator.

[via MakeUseOf]