Friday 8 June 2012

Last.fm Recommend Password Change After Leak

Music site Last.fm is recommending that users change their passwords immediately after some passwords have apparently been leaked.  This follows professional social networking site LinkedIn, and eHarmony suffering a similar problem.

While the Last.fm passwords have yet to turn up on any web site, they take privacy very seriously and are recommending immediate action.

Remember when changing your password you need a strong one - ideally containing combinations of lower/upper case letters, numbers and characters.  Use Deadbolt Password Generator to turn your memorable phrases into strong passwords to make them easier to remember.

Strong passwords will keep you safe from hash dictionary attacks which users of LinkedIn were recently left vulnerable for, but as always, never reveal your passwords to anyone, and never write them down.

Wednesday 6 June 2012

LinkedIn Passwords Leaked

LinkedIn users are being advised to change their passwords today after a file has appeared on a Russian web site containing hashed passwords of millions of users.

Whilst the passwords are hashed (a non-reversible process that obscures the password for storage purposes), this can still pose a problem for those of you with commonly used passwords such as 'password' or '1234' etc. Hackers have a dictionary of hashes for common passwords and can match these against any of the exposed details to gain access to your account and to your contacts.

As always, choosing a strong password is essential to stay safe on-line and protect your details.  Use Deadbolt Password Generator to turn memorable phrases into strong passwords that are secured from this kind of attack.

Don't get caught out - act now!

Tuesday 6 December 2011

Deadbolt gets a new look

It's been a while, and the current interface is looking a bit stale. The new version is fully backwards compatible but things are laid out a little differently.

------------------

What's New:


General new look and feel:


PIN Number is now entered on a keypad with the mouse, to make entry simpler:


Memorable phrases can now be masked or entered in plain text, to ensure no typos are made when they are first entered:


New font for password reveal, making it more readable and easier to distinguish between zero and the letter 'O':



------------------

This is not live on the actual site yet, however for those of you eager to give it a try, please visit the the beta site for a sneak preview.  Please also use the comments section on this blog to leave feedback about the new look.

Thanks, and stay safe!

Sunday 6 February 2011

Dealing with 3D Secure

If you've shopped online recently you should already be familiar with 3D Secure, even if you don't know what it is. It's the recent initiative by credit card companies to enhance the security of online transactions.

How does it work?


Well, without getting too technical, you are required to register a password with the issuing bank (usually by providing some personal information such as a date of birth) which you enter each time a transaction is made. Most online retailers insert an additional step into the checkout process which opens an iFrame containing a form hosted on the bank's servers - for example:


What's your problem with 3D Secure?

Whilst I advocate any attempt to make online security better, it's still not ideal:
  • It's generally implemented as an iframe
    Most merchants don't like you to leave their site, and prefer their branding to remain intact, so they open them in an iframe. This is fine in principal, but since iframes open other web sites, and you don't directly see the URL - how do you know for sure that the page is coming from the bank's server?
  • Password reset mechanism
    This has been widely acknowledged as a flaw. Sometimes, along with the card details, a date of birth is all that is required to proceed.
  • It's yet another password to remember
    This isn't a flaw, but I'm willing to put good money on the fact most people choose something very simple for their password, or use the same password as they do for every other site on the web!
  • It complicates the checkout process
    Most merchants are reluctant to use this feature in their checkout, as they send their buyers off site at the most critical phase of their purchase. Buyers first have to remember their password, and then count out the characters on their fingers trying to remember what the third, fourth, and seventh characters are.
How can the process be made simpler?

Whilst we can't change the bank's process, we can change our own behaviour, and address the last two points.

Using Deadbolt Password Generator we can create strong passwords from easily memorable phrases, and also take advantage of a nice feature which splits the characters up so you don't have to count on your fingers any more!



So there you have it - a secure memorable password with a simpler entry system.

Stay safe.

Friday 28 January 2011

Amazon Password Security

I found an interesting article today on CNET, regarding an interesting flaw in older account's password storage.

It appears that only the first eight characters of the password are of any relevance, and any characters that follow are irrelevant.  What does that mean for us? Well, you should probably give it a try to see if it is affecting your account, as the password you are using may not be as secure as you think. Apparently, it is only affecting older accounts, so generate yourself a fresh password just to be sure.

Stay safe.

Thursday 20 January 2011

Welcome to the Deadbolt Password Generator security blog

Another day. Another social network site hacked. Another exposé on common passwords used by users. Another 'shock' to discover that not only are the most common passwords painfully simple, they are also in use by almost every site used by that person.

In the modern world though, individuals are expected to remember passwords for social sites, blogs, bank accounts, shopping sites, etc. - it's almost impossible to remember different ones for each, and even harder to come up with ones that are strong enough to resist brute force attacks.

It's no surprise that people use simple passwords as they are easier to remember than strong passwords, and who wants to go through the inevitable 'forgotten password' process every time they log in?

Deadbolt Password Generator aims to make this process simpler by generating a strong password from a simple, memorable pass phrase. It's a free online service, that aims to make the web a simpler, safer place. This blog will be updated with security tips and advice to help you along the way.

Please give it a try, and feel free to offer any feedback or ideas for improvements.

Stay safe.