Tuesday, 6 December 2011

Deadbolt gets a new look

It's been a while, and the current interface is looking a bit stale. The new version is fully backwards compatible but things are laid out a little differently.

------------------

What's New:


General new look and feel:


PIN Number is now entered on a keypad with the mouse, to make entry simpler:


Memorable phrases can now be masked or entered in plain text, to ensure no typos are made when they are first entered:


New font for password reveal, making it more readable and easier to distinguish between zero and the letter 'O':



------------------

This is not live on the actual site yet, however for those of you eager to give it a try, please visit the the beta site for a sneak preview.  Please also use the comments section on this blog to leave feedback about the new look.

Thanks, and stay safe!

Sunday, 6 February 2011

Dealing with 3D Secure

If you've shopped online recently you should already be familiar with 3D Secure, even if you don't know what it is. It's the recent initiative by credit card companies to enhance the security of online transactions.

How does it work?


Well, without getting too technical, you are required to register a password with the issuing bank (usually by providing some personal information such as a date of birth) which you enter each time a transaction is made. Most online retailers insert an additional step into the checkout process which opens an iFrame containing a form hosted on the bank's servers - for example:


What's your problem with 3D Secure?

Whilst I advocate any attempt to make online security better, it's still not ideal:
  • It's generally implemented as an iframe
    Most merchants don't like you to leave their site, and prefer their branding to remain intact, so they open them in an iframe. This is fine in principal, but since iframes open other web sites, and you don't directly see the URL - how do you know for sure that the page is coming from the bank's server?
  • Password reset mechanism
    This has been widely acknowledged as a flaw. Sometimes, along with the card details, a date of birth is all that is required to proceed.
  • It's yet another password to remember
    This isn't a flaw, but I'm willing to put good money on the fact most people choose something very simple for their password, or use the same password as they do for every other site on the web!
  • It complicates the checkout process
    Most merchants are reluctant to use this feature in their checkout, as they send their buyers off site at the most critical phase of their purchase. Buyers first have to remember their password, and then count out the characters on their fingers trying to remember what the third, fourth, and seventh characters are.
How can the process be made simpler?

Whilst we can't change the bank's process, we can change our own behaviour, and address the last two points.

Using Deadbolt Password Generator we can create strong passwords from easily memorable phrases, and also take advantage of a nice feature which splits the characters up so you don't have to count on your fingers any more!



So there you have it - a secure memorable password with a simpler entry system.

Stay safe.

Friday, 28 January 2011

Amazon Password Security

I found an interesting article today on CNET, regarding an interesting flaw in older account's password storage.

It appears that only the first eight characters of the password are of any relevance, and any characters that follow are irrelevant.  What does that mean for us? Well, you should probably give it a try to see if it is affecting your account, as the password you are using may not be as secure as you think. Apparently, it is only affecting older accounts, so generate yourself a fresh password just to be sure.

Stay safe.

Thursday, 20 January 2011

Welcome to the Deadbolt Password Generator security blog

Another day. Another social network site hacked. Another exposé on common passwords used by users. Another 'shock' to discover that not only are the most common passwords painfully simple, they are also in use by almost every site used by that person.

In the modern world though, individuals are expected to remember passwords for social sites, blogs, bank accounts, shopping sites, etc. - it's almost impossible to remember different ones for each, and even harder to come up with ones that are strong enough to resist brute force attacks.

It's no surprise that people use simple passwords as they are easier to remember than strong passwords, and who wants to go through the inevitable 'forgotten password' process every time they log in?

Deadbolt Password Generator aims to make this process simpler by generating a strong password from a simple, memorable pass phrase. It's a free online service, that aims to make the web a simpler, safer place. This blog will be updated with security tips and advice to help you along the way.

Please give it a try, and feel free to offer any feedback or ideas for improvements.

Stay safe.