Tag: passwords

Posted on

YOU need strong passwords

http://www.youtube.com/watch?v=VYzguTdOmmU

Secure Password Database solutions
(in order of our preference):

Though the skeleton key looks simple and easy, it’s not the most secure option.
Lastpass1PasswordKeepassRoboForm
CostFree or
Premium $12/year
Compare versions
One time fee
$49.99 mac or pc
$14.99 iphone or ipad
30 day demo available		Free
Exception: iphone & ipad apps ($0.99 and up)		Free or
$19.95/year RoboForm Everywhere
or one time fee (not recommended):
$29.95 Roboform Desktop
Compare Versions
30 day demo available
Does not require an outside service to to sync across multiple devices.Yes - just log in and go. (Must have internet access in order to update on mobile devices.)No - Need dropbox or similar to sync across multiple devices.No - Need dropbox or similar to sync across multiple devices.Yes - Roboform Everywhere (online).
No - Roboform Desktop requires dropbox or their recommended GoodSync to sync across multiple devices. May only sync to other computers with the software.
Computer PlatformsPC
Mac
Linux		PC
Mac		PC
Mac
Linux		PC
Mac
Linux
Mobile PlatformsPremium Accounts only:
iPhone
Blackberry
Android
Windows Mobile
Windows Phone 7
HP WebOs
Symbian S60		iPhone
Android and windows phone 7 in beta		iPhone
Android (beta)
Blackberry
Windows Phone 7
Pocket PC & smart Devices
Palm OS converter
iPhone
Android
Blackberry
Windows Mobile
Palm
Symbian
Encryption Type256-bit AES
exclusively encrypting and decrypting on your local computer. No one at LastPass can ever access your sensitive data.
Full tech details		128-bit AES
Full tech details		256-bit AES (default)
or
256-bit Twofish
Full tech details		256-AES
or
Blowfish, RC6, 3-DES or 1- DES algorithms
Full tech details
Fills forms in browsersYes:
Internet Explorer
FireFox
Chrome
Safari
Yes:
Internet Explorer
FireFox
Chrome
Safari
detail		NoYes:
Internet Explorer
FireFox
Chrome
Safari
Quickly Generate Secure passwords with programYesYesYesYes
Special details (things that the others don't do)Share passwords securely with other lastpass users ("share" option does not disclose the password, "give" option lets the password to be seen by the other person.)Open Source OSI certified
Independent security audit (a knowledgable outside party checking the code)Sorta - as of Jul 18 2014, it's the closest thing any of these have to an independent audit: http://blog.lastpass.com/2010/07/lastpass-gets-green-light-from-security.html
NoCode is open for review but hasn't been specifically audited by a knowledgable entity with results postedNo
Also listen to the Security Now 464 podcast at the 1 hour 24 minute mark for more info about Lastpass security.
https://youtu.be/dnFFVPsLULs
Posted on

I can’t say these two things enough…

 

  1. BE SMART WITH YOUR PASSWORDS:
    1. Use a strong password for your email. Use a strong password for other accounts too but I want to emphasize email because people seem to forget that your email account can be used to reset other passwords AND contact everyone in your contacts list.
    2. Use different passwords for different accounts: “If you have ever used the same password in more than one place, you have reduced your overall safety record to whichever site had the lowest amount of protection.”
    3. and if you need to store a lot of passwords, use an encrypted database like lastpass.com, 1password or keepass. These password databases can also help you generate more secure passwords that utilize random letters, numbers, caps, and symbols.
  2. BACKUP YOUR DATA no matter where it’s located: computer, cloud, hosting. E-mail, contacts, even social networking data if it’s important to you. Back it up. There are different backup solutions but without going into specifics, think about external hard drives AND off-site storage.
The reason I bring these things is that having a secure password can help prevent your accounts from getting hacked. Or save your business by having backups if you do get hacked or have a computer system fail.
Posted on

I’ve heard that AES encryption can be cracked easily, is that true?

The simple answer is that no, it’s not true. The biggest threat to AES encryption is poor choice of password.

AES is often confused with WEP which is easily crackable.

The more complicated answer is that nothing is 100% secure and anything is susceptible to attack. The most common security hole, which is not actually common, is a software bug that bypass the need to break the key. The key length and password chosen can help determine how likely it is to be cracked. Entry via brute force and dictionary attacks are different than the encryption method having flaws.

There is a theoretical weakness in AES but it has never been proven. Even if the weakness were proven, it would not reduce the time to crack it into a reasonable time-frame, IE less than the lifetime of the universe.