passwords posts

Gmail, Hotmail, AOL and Yahoo! users fall victim to phishing scheme

by Jay Hathaway Oct 6th 2009

Over 30,000 email addresses have been compromised, with their login info posted online, in the past few days. The BBC has apparently seen the list, and it includes Hotmail, AOL, Yahoo and Gmail users. None of those companies are to blame, though, because the owners of the email addresses got caught in a phishing scam. In case you're not already in the habit of making sure you're not giving your login info to fake websites that are made to look real ones, this is a good reminder to start.

Gmail is dealing with its share of the stolen accounts by forcing password resets, and a spokesperson at Google said there was no breach in Gmail security. This comes right on the heels of a possibly-related Hotmail-only phishing attack that hit 10,000 accounts earlier this week. To be safe, make sure you use a different password for each service you sign up for (the BBC says 40% of Internet users have the same password for everything), and if you click on a link in your email, make sure you're on a legitimate website before you sign in.

[via Mashable]

Tags: aol, email, gmail, hotmail, passwords, phishing, scam, yahoo

Filed under: Security, Macintosh, Browsers

LastPass brings secure password management to Safari on Mac

by Lee Mathews Sep 3rd 2009

LastPass, the secure password management and form filler that was first released for Firefox and Internet Explorer, has welcomed another browser into the fold.

Mac users running Safari for their browser can now run a full LastPass plugin rather than relying on the Javascript-powered bookmarklet. Just head over to the LastPass homepage and click 'get LastPass.' As you can see in the screenshot, the Safari plugin also adds a menu bar button (next to the back/forward buttons). It provides quick access to your preferences, vault, notes, form filler, and password generator.

Those of you running Snow Leopard, you'll need to run Safari in 32-bit mode - the LastPass installer will notify you when you launch it.

The LastPass plugin supports importing from 1Password, and their iPhone app is currently available on the App Store [iTunes link]. It's a great way to securely manage your passwords on Windows, Linux, and Mac - and in an ever-increasing number of browsers.

Google Chrome users, sit tight - a .crx extension can't be too far away now.

Tags: 1password, lastpass, osx, password manager, PasswordManager, passwords, safari

Filed under: Security, Text, web 2.0

ZZOMG, Twitter Porn Names is a phishing attack

by Lee Mathews May 12th 2009

You've got to hand it to the shifty jackal that came up with #twitterpornnames. It's a brilliant display of two things. First, is underscores the power of trends on a social site like Twitter. Second, it clearly illustrates just how unaware people are as to the nature of scamming on the Internet.

What the hell is #twitterpornnames, you say?

It's a game that someone started on Twitter. You're supposed to announce your made-up name along with the hash tag and share in the LOL-fest. If you're paying attention, you'll notice just how stupid participating in the "game" could be.

See, the formula provided to create your name just happens to match some very common security questions to help people reset their passwords. Pet's name. First teacher. Street you grew up on. See the pattern?

It's bad enough that users have been taken in, but some have been so blind as to announce their exact formula along with their name. At least if they hadn't done that there would be a little guessing involved, but now it's been handed over on a silver platter.

Remember kids: don't take candy from strangers, and don't hand out your usernames and passwords - or the means to reset them - to the entire population of Twitter.

[via PCWorld]

Tags: passwords, security, twitter, twitterpornnames

Filed under: Internet, Security, Web services, Open Source

Brute Force Calculator finds your password's staying power

by Lee Mathews Nov 11th 2008

Back in March, Brad told you about Password Meter, a web app designed to help you create strong passwords. Want to know how long it would take to brute force?

Pay Hackosis a visit, and try out their Brute Force Calculator, an Open Source PHP app based on an Excel spreadsheet from Mandylion Labs.

Hackosis' calculator asks for details about your password - not the password itself. Using the information you provide and some quick computational Kung Fu, you'll get a rough idea of how long it would take someone to discover the correct secret word.

If you use as many web apps as we do, it's essential to use strong, secure passwords. Even if you use a password generator like LastPass, it never hurts to test them.

[ via gHacks ]

Tags: passwords, security

Filed under: Utilities, Windows, Macintosh, Linux, Browsers, Web

Foxmarks now synchronizes Firefox bookmarks, passwords

by Brad Linder Oct 27th 2008

Foxmarks is a plugin for Firefox that makes it easy to keep your bookmarks synchronized across multiple browsers. When you add or delete a bookmark on one machine, the changes will be reflected on another. Pretty useful for keeping your home and work computers up to date, right? But what about all those passwords you have saved on one computer but not the other. Now Foxmarks has a solution for that too.

The most recent version of Foxmarks adds support for secure password synchronization. In order to use this feature you'll need to enter a new PIN which is separate from the password you use to login to Foxmarks. For security purposes, if you forget this PIN, Foxmarks will not be able to help you recover it, so make sure to write it down or pick something you'll remember. But for obvious reasons, make sure it's also not something that's easy to guess (unless you like the idea of synchronizing your online banking password over the internet with only your birthday as a password).

[via jkOnTheRun]

Tags: addon, bookmarks, firefox, foxmkars, passwords, synchronization

Filed under: Utilities, Macintosh, Apple, Commercial

Todd's Favorite Mac Apps: 1Password

by Todd Ritter Oct 8th 2008

Since practically every website requires some sort of user registration, I decided to purchase 1Password to manage all of my login credentials. 1Password is a Mac-only password manager that can also store secure notes, "wallet" information, and identity data.

Rather than use a single password for all of the websites I access, or try to create a convoluted password algorithm to have a list of unique passwords, I use 1Password to generate long, nearly impossible to guess passwords that are unique to each website. In the off chance that someone figures out one of my passwords, they will only have access to that one site instead of everything.

1Password can also auto-fill my login information or my registration information (common answers like name, address, etc.) to speed up my web browsing. It can sync all of my information to my iPhone (and accompanying free iPhone application), a Palm, or the my.1password.com service so that I can maintain my password security when browsing on my phone or without my laptop.

Tags: 1password, favorite-apps, form filler, FormFiller, password, password manager, PasswordManager, passwords

Filed under: Internet, Security

UsableLogin will generate per-site passwords, PwdHash already does

by Brad Linder Sep 9th 2008

Usable Security Systems is working on a new service that will help you generated secure passwords for each site you visit without having to remember them all. The company made a presentation at the DEMO conference this week and announced that UsableLogin will be available early next year.

The system basically lets you use the same password over and over to register and login to different web sites. Odds are you do that now, but it's not very secure. What UsableLogin does is combine the password you enter with random information which will be different for every web site you visit. The password is stored on your computer (probably via the web browser) and not on Usable Security's servers.

It all sounds pretty cool and innovative. But it turns out that there's already a free Firefox plugin that does pretty much the same thing. PwdHash will automatically make a strong password for you any time you start a password with the symbols @@. Or you can just hit F2 when you're visiting any page with a password box and PwdHash will kick into gear.

[via Webware]

Tags: passwords, pwdhash, security, usablelogin

Filed under: Internet, Security, Utilities, Windows, Macintosh, Linux, Freeware, Browsers

Is Lastpass as good as they make it sound?

by Lee Mathews Aug 22nd 2008

You've no doubt learned to take the various claims software developers make about their products with a grain of salt, but the gang at Lastpass may be right on with theirs. Lastpass may just be the last password you'll ever have to remember.

Other DS bloggers have looked at plenty of other options, like Passpack and good ol' Keepass. Lastpass has put together an extremely worthy competitor, and I was impressed with how it performed in my test runs.

Lastpass installs as two parts: the core application and as plugins for both Firefox and Internet Explorer. All data is encrypted on your PC, and only your encrypted file is stored on the Lastpass servers. It's also cross-platform, so you can sync your password data to Windows, Mac, and Linux PCs.

During install, the manager effortlessly captures and imports local passwords from both browsers (which shows you just how much you need an encrypted password store) then gives the option to clear them. It also does imports from RoboForm, Keepass, Password Safe, and MyPasswordSafe.

Tags: password, password keeper, password manager, PasswordKeeper, PasswordManager, passwords

Filed under: Utilities, Windows, Macintosh, Linux, Mozilla

Mozilla - They're UnbeWeaveable

by Drew Olanoff May 28th 2008

If you've ever tried to sync up multiple copies of Firefox over multiple computers, we feel your pain. The Google sync plugin hasn't been updated since 2006 and didn't even work with the latest release of Firefox. Ugh.

Have no fear, Mozilla Weave is here!

With Mozilla Weave you can sync all of your bookmarks, history, cookies, saved form data, and now passwords (for the first time!) with any computer with Firefox on it.

You can get the official Mozilla Weave plug-in here: https://services.mozilla.com/

Do you have multiple computers running Firefox (or any other browser) and use another plug-in or service to stay synced up? Let us know in the comments!

[via fans of tech]

Tags: browser, firefox, mozilla, passwords, plugin, weave

Filed under: Internet, Browser Tips

How to import an export Firefox passwords

by Brad Linder May 2nd 2008

Now that you know how to import and export your Firefox extensions, you can easily configure Firefox on a new computer to work exactly like Firefox on your old computer. Well, almost exactly. OPIE can take care of your add-ons, but it doesn't export the passwords you've saved in Firefox for the dozen or so sites that you log onto every day. It turns out there's a Firefox add-on for that too.

Password Exporter adds the ability to view all of your saved passwords, and to export them in an encrypted or unencrypted file CSV or XML file. When you want to import those passwords to a different Firefox installation, just install Password Exporter again, find your file, and click the import button.

Once you install Password Exporter, you might not see it right away. It's hidden in your security settings, which you can access by clicking Tools>Options>Security. Once you're at the security screen, you should see the import/export passwords option.

[via Sizlopedia]

Tags: add-ons, firefox, password-exporter, passwords

Filed under: Utilities, Windows, Freeware

Find password protected files with Passware Encryption Analyzer

by Simon Kerbel Mar 13th 2008

Have you ever lost track of your password protected files? Maybe during one of your compulsive file-moving and file-deleting extravaganzas?

Passware Encryption Analyzer is a free program that will track down all your encrypted and password protected files, no matter where they are hiding on your machine. Whether the files are in the glorious sunlight of your desktop, or in the deep dark cave of your system32 folder, Passware Encryption Analyzer will uncover them all.

The program supports over 100 different file formats, including files from Office, Acrobat, QuickBooks, Peachtree, WordPerfect, and more. The interface reveals the document type, password recovery options, and the protection flags for each file.

Unfortunately, the free version of Passware Encryption Analyzer will only find your password-protected and encrypted files, and has no tools for recovering the password. You'll have to shell out almost $200 bucks if you want that functionality. For users that have simply misplaced their protected files and wish to locate them, Passware Encryption Analyzer will get the job done.

Passware Encryption Analyzer is free, and Windows only.

[via gHacks]

Tags: encryption, Passware, passwords

Filed under: Internet, Security, Microsoft

Microsoft Password Checker: 1234 is not a secure password, who knew?

by Brad Linder Mar 10th 2008

As a general rule, people who don't take security very seriously will tend to use the same password for many services. And they'll make sure that password is easy to remember by choosing a birth date, anniversary, or loved one's name to protect their computer files, bank records, and everything else you can use to steal their identity. At least that's how it works in the movies.

If you want to avoid being yet another bad movie statistic, you might want to check out Microsoft's Password Checker web site before choosing your next password. As you type characters into the box, Microsoft will let you know just what a bad idea your chosen combination of characters is.

The secret isn't just to choose a long stream of characters. You also want to mix up numbers, letters, and other characters. In fact, we found that you could in 52 numbers and still get a weak score. Microsoft recommends using at least 8 characters, and preferably 14 or more, with a good mix of letters, numbers and symbols.

[via Web Worker Daily]

Tags: password-checker, passwords

Filed under: Internet, Web services

PassPub: Automatically generate secure passwords online

by Simon Kerbel Feb 5th 2008

If you use and reuse the same password over and over again, or if you're not very creative when it comes to making up passwords, you might want to head on over to PassPub, a site that automatically generates strong, unique passwords for your immediate adoption.

When PassPub first loads, you'll see a selection of 8 character passwords, randomly generated. You can feel free to use any of the passwords on the list; but if you want to get real creative, you can work with any of the customizable options on the sidebar.

Want something a little more memorable than GoSg8buu? You can choose a password made up of chemical elements (e.g., Ti8Ir0Bh4) or you can get mnemonic like Johnny (alternate vowels and consonants, suffixed by a 3 digit number, e.g., ZuXuFU715). There are also sections for generating WEP keys and WPA keys.

If you worry about the security risks of generating a password online, don't. No personal details are requested when using PassPub, each page generated is unique, and each page is shown from a secure server (verified by GoDaddy.com).

Tags: passpub, password, password generator, PasswordGenerator, passwords

Filed under: Internet, Security, Web services

Strong Password Generator does just what you think it would

by Brad Linder Sep 11th 2007

You probably know that you should use a different password for each website you visit. And you probably don't anyway. But at the very least, make sure you're not using the same password for Facebook and your online bank account. And make sure you've got a secure, difficult to guess/hack password for important sites like financial institutions.

Strong Password Generator can help you come up with a password that's a bit more secure than your birthday, anniversary, pet's name, or mother's maiden name. Just make sure you have a good password management program because we guarantee you won't be able to remember the passwords generated by the site off the top of your head, even with the silly mnemonic devices the site offers.

If Strong Password Generator doesn't do it for you, there are plenty of other great services for generating safe passwords. Now go forth and be secure.

[via Technobuzz]

Tags: password, passwords, strong password generator, StrongPasswordGenerator

Filed under: Internet, Macintosh, Open Source

Camino updates to 1.5 for Mac OS X

by David Chartier Jun 5th 2007

For those who have never had the pleasure, Camino is an open source browser based on the same Gecko rendering engine as Firefox, but built to integrate much better with Mac OS X. Right out of the box Camino has a much more Mac look and feel, and under the hood it has integrated better with Mac OS X by doing things like storing web passwords in the Mac OS X Keychain (a centralized, secured and backup-friendly database where all Mac OS X apps store passwords). With the release of Camino 1.5, new features and even more integration can be had, such as:

The spell checking feature now uses the built-in, system-wide Mac OS X dictionary for checking spelling and storing custom words
Storing passwords in the Keychain now fully integrates with Safari, allowing both browsers to recognize, store and share the same password entries
Session saving ensures your tabs and windows are restored right back to where you left them, even after a crash
Feed detection allows Camino to pass RSS feeds on to your default reader
A more powerful and obvious pop-up blocking system, giving you control over whether you show pop-ups from a specific site once, always or never
The ability to trash downloaded files directly from the Downloads Manager window

While Camino doesn't support Firefox's popular extensions, it does have a healthy plug-in community at PimpMyCamino for those who might still need a little extra oomph from the open source, Mozilla-based browser. Camino 1.5 can be had from CaminoBrowser.org.

Tags: camino, firefox, Keychain, mozilla, open source, OpenSource, OSS, passwords, security, spell checking, SpellChecking, spelling

Graveyard Shift - zombie-busting Time Waster

With Halloween fast approaching, it's a great time to get in some practice defending your territory against zombies. In Graveyard Shift, you take aim at zombies and other creepy-crawlies, blasting them into splatters of cartoony green guts. It's a casual first-person shooter, and it's very easy to get the hang of - use the mouse to aim, click to fire. Graveyard Shift has at least 15 levels, and it might even have some secret stages I haven't unlocked yet. They key to getting good at Graveyard Shift is learning to use ...

View more Time Wasters

Featured Galleries

Defective by Design, London: Protest Pictures

Download Squad at the Crunchies After-Party

Android First-look: Amazon.com MP3 Store

Flickr Pool

www.flickr.com

Download Squad bloggers (30 days)

#	Blogger	Posts	Cmts
1	Jay Hathaway	111	5
2	Lee Mathews	77	34
3	Sebastian Anthony	49	159
4	Brad Linder	38	7
5	Jason Clarke	32	0
6	Grant Robertson	8	10
7	Victor Agreda, Jr.	7	1
8	Dolores Parker	7	2
9	Nik Fletcher	4	0
10	Matt Heerema	3	3
11	Paul O'Brien	2	0
12	John Burke	1	0
13	Download Squad Staff	1	0

More Tech Coverage

Control Shift It's all about the experience
Somewhat Frank Perspectives on tech as it fuses in everyday life
Switched Gadgets, web news and commentary
Urlesque Exposing bits of the web

Download Squad