mysecurepc.com blog

If you use Skype’s chat feature you may get an urgent message to download a file named sp.exe and run the program. Once the program is run it installs other programs that can steal passwords and other personal information. The Trojan horse looks like it comes from the Asia region of the world. It also connects to a server and downloads additional code.

As we all know, downloading and executing a program by someone we do not know, it not a good idea without investigation. No legitimate company would do this.

Doug

I found out a little nuance in the way you login to PayPal: securely and not securely. Unfortunately, the default is not secure.

When presented to PayPal.com there is a member login and password area. If you login through this, it is *not* secure. Notice http instead of https. If you click on ‘Log In’ it will take you to a secure login web page. https shows up along with the security lock (which shows that the site credentials are for www.paypal.com

Doug

If you want to create a secure section of your site like this, an online web design program could be helpful. You can even work towards getting an online Bachelors degree from the comfort of your home! Since online courses have become so popular, it’s easier than ever to get training or even a degree online.

Nucleus Research released a study saying one in three people write down their passwords (we believe it is a lot more) thus undermining computer security. Given all the applications and websites that require user id/password entry, no wonder. Workers “hide” their passwords in top drawers or under a nearby book or blatantly put them on a monitor-mounted post-it note.

The next step forward is to use biometrics such as fingerprint readers and voice recognition to reduce the “cost” of passwords.

IT departments spend an inordinate amount of time dealing with password issues: lost or stolen passwords, and resetting passwords on computers. Many send passwords over email which, unless they are using company servers, is like sending postcards: it will get to its destination but many people on the way can look at them. Our personal experience reveals that on average it takes about 1 hour to take care of resetting a password on a corporate computer.

Cognitive biometrics analyzes human behavior in order to ensure access to a resource. For example, several personal multiple choice questions may be asked. Behaviors such as mouse movement and response time are learned for better identification. No additional hardware is required for this branch of biometrics.

Other possibilities are vein identification or facial recognition but sophisticated hardware is required.

Until then, pick strong passwords and keep them in a safe place.

Doug

Most of us type in a user name and password to login to accounts and forget about it.

Think about this…

A password is generally 7 or so characters made up of letters and numbers. Pretty easy to crack with a computer. A passphrase is a series of words and some salt (explained later) that makes it much harder to decrypt.

Passphrases are used in areas where the user is more than casually concerned about break-in. Wifi uses passphrases, the military, and PGP applications (are recommended) to use them. Unfortunately, not all logins can use a passphrase. Most are limited to the number of characters in a password.

Strictly speaking, a passphrase is just a long password - 20 to 40 characters typically. Of course the longer the password the harder it is to crack.

Passwords are ok for systems that do not allow computer break-in: such as logging into a system that shuts you off if the wrong password is entered more than 3 times, for example. Passwords are *not* ok for encrypted messages, such as encrypted email, because there is no penalty for trying an incorrect password. Thus an encrypted email’s security is strictly based on the quality of the passphrase: 40 characters being a minimum for maximum security.
One common method of picking a passphrase is to use several short words together. An example would be: savorthissteaktoday. The problem is that a computer can try different dictionary words catenated together until it figures out the passphrase. That is why salt is added.

Salt is an extra set of characters added on to a passphrase that are not in a dictionary: such as U83324.

If you have an option to pick a passphrase, such as encrypted email or wifi setup, use it and make sure it is at least 40 characters.

Doug

What does a longer password buy us? Or one with large and small letters?
Every type of character a password can have adds to the number of choices a hacker has to make in order to guess it. For example, if just capital letters were allowed, the hacker has 26 choices. Add small letters and it increases to 52. Numbers make it 62. And so on.
Length counts. Assuming the choices of characters for a password are large and small letters and digits (62 choices), a password of length one has 62 choices. Of length two, there are 62*62 or 3844 choices (versus 26*26 or 676 choices if we used only capital letters). Eight characters gives us 62 to the 8th power (62^8) or 218,340,105,584,896 choices. Yes, over 218 trillion choices. Only using capital letters gives us 26^8 or 208,827,064,576 or over 208 billion choices.
All this math assumes that each character choice in a password has an equal chance of being selected. Unfortunately, most passwords chosen are words out of a dictionary which makes it much easier for someone to guess it…but that’s another article.