IT Security Blog

Managing Your Passwords

By

passwordmanagerscreen.jpgAre you like me who has the bad habit of forgetting the passwords to your online accounts? Except for sites I frequently visit, like those for web-based services, I can’t keep track and lose passwords all the time. There’s no true solution to this problem. I’ve tried using the same passwords for multiple accounts, but that’s pretty dangerous – if one of your accounts gets hacked, they can guess what sites you frequent and gain access to your data. Writing it down can be downright dangerous – it’s even easier to lose paper and notebooks during your daily routine. It also boils down to an issue of trust with the people you live and work with.

The situation’s pretty dire if a relative passes away and all his contacts are in an online address book. The was the the case of William Talcott, a San Francisco poet who passed away in June and basically took his password to the grave. His daughter was unable to contact his friends, and though the web provider will grant them access after a court order, it will take months of legal haggling in court, causing needless emotional pain for his descendants

The solution? A password manager that keeps track of your passwords. Some users make their own with their database and password locking it, but these makeshift databases aren’t encrypted and they’re quite easy to crack. There are commercial and open source password managers available for download online. All you need to do is add the website, your account name and password, select one password to lock your data, and then it will keep track of your passwords for you. They offer different features, which can include password generators, autoform filling, and different levels of encryptions. Some sites, like those of banks and other e-commerce activities, don’t allow autoform filling for security reasons. Though most of these are currently made for Windows, there are also versions for other operating systems. A word of warning though: if you forgot your password to your password manager and it doesn’t have a retrieve password option, you can’t access your database. So make sure to remember your database password!

[tags]passwords,e-commerce,operating systems,online security,phishing[/tags]

New Secure IM Software

By

NTT Communications (Japan) have created a new secure Instant Messaging system. This system communicates over TLS (Transport Layer Security), the successor to the SSL standard.

Communications on most IM systems are secured between client and server – where password exchange typically takes place, but once the initial connection has been established, messages themselves are usually passed directly between clients. In the new messaging system, all communication goes through the sever, and is performed over an encrypted TLS connection.

This allows, apparently, restrictions on the server to govern which users can talk to each other, which types of files may be sent, and so on.

This sounds like a great idea, but there is a reason for current systems to communicate directly between clients – a single relay server is a single point of failure, and also serves as a bottleneck in the network. Using TLS only serves to further slow down the server, and I am not sure how well this solution would scale (though a network of servers, IRC style, might work…)

Meanwhile, for small to medium corporations, this could be the secure solution that has been needed for a long time. It will be a while before it becomes scalable to the entire Internet, though, I expect.

[tags]IM software,bottleneck,encryption,data centers, instant messaging, online security[/tags]