The UX Booth, a neat new usability site, has an excellent article that could help so many users if they see, so I’d like to point my readers there: How To Pick Passwords That Protect Your Online Experience.
Since the phishing incident at Twitter that I recently wrote about, another issue happened this week where a hacker was able to use a dictionary cracker to get inside Twitter’s back-end, and he promptly started messing with celebrity users accounts, naturally posting the most immature tweets his feeble brain could come up with. The culprit was one employee who had used a dictionary word without altering it in any way. Ironically, the word was “happiness.”
This is a huge problem, as we all have a ton of passwords and it’s hard to keep track of them. I am going to investigate the product mentioned in the article above, called 1Password as a way to help me keep track of passwords so I can use unique ones and protect myself.
Hackers are STUPID… users don’t have to be! Please share the UXBooth article with your friends, coworkers and family members. It’s important!!
I’m a big fan of 1Password. Good to see it get some attention!
This site is chock full of great information…thanks to Twitter and your following me I have found you! Thanks a bunch!
Consider yourself hugged!
Connie Baum
http://motherconniesez.blogspot.com
I recently started using something called Yojimbo by Bare Bones Software to store passwords. It’s kind of like an electronic junk drawer/filing cabinet, where you can store just about anything. The product even has a dedicated password entry type and the passwords are stored with 128 bit encryption. It is very easy to use and quickly fits into the Mac workflow (BTW: it’s Mac-only — sorry Windows users).
Call me lazy but I have been using roboform for a few years and like it. I do get lazy sometimes but never use a real word as a password.
I did have someone hack my computer a few years ago. lucky I caught them and smacked them down. You can never be too careful.
Hackers are just like other people – some are stoopid others are brilliant. Some are ethically challenged, while others identify problems and get software companies to fix them.
A dictionary attack against Twitter is probably one of the easier ones to perform. Without going into the details, the Twitter API itself can be used to hack an account with very little specialized knowledge. This is not the action of a hacker, but rather someone better known as a “ScriptKiddie” – one of those aspiring malcontents on the internet learning to hack the world for fun and prestige.
Sadly, that kind of hacking is rewarded by the wonderful accomplishment of having the Secret Service knocking down your door – it is a crime that crosses state lines and unauthorized utilization of a service that results in an actual cost (even if it is only a fraction of a penny). If a whole bunch of them do the same thing at the same time, woohoo! Here comes the FBI! Congratulations! You just became involved in racketeering!
However, a true hacker – and I mean the ones that test for security vulnerabilities so that they can be corrected or software can be improved – their names are sorely tarnished by these activities.
Thanks for this bit of info Chris. You know, though I have worked with security firms (and black hats/white hats) I don’t like to get into that kind of technical detail and don’t want to have to worry about it, just like most users. But we SHOULD know more, to protect ourselves. There were some folks that had to deal with hours of cleanup, unfollowing and refollowing people, not to mention the explanations. We have to help ourselves by becoming more educated, if we’re going to play online.
I currently use Keychain, which is part of Mac OS X, and like it.
I have used KeePass in the past, which is comparable. I always had a concern about KeePass, even when I was using it, because it was open source. Not that I have anything against open source, per se, but I always had a small, niggling concern about whether someone had put a backdoor in it.
I suppose some miscreant at Apple could have done the same with Keychain, however. For that matter, that could be true of any password management application, so the only truly safe method is to memorize passwords. Unfortunately, my head is too filled with other crap for this to be an effective strategy for me.