Mobile blog post!

Today I decided to walk away from my desk with nothing but my sunglasses and my Motorola Cliq XT. So, what can I do remotely?
Well, I can blog because I downloaded the wordpress app for Android and setup “Jaime’s Online Password Security Blog”. I elected to save my WordPress credentials on my phone because I have other security measures in place to prevent unauthorized use. I also am using 3G not a public wifi hotspot, so my vulnerability level is no different on WordPress than it would be on anything else I choose to do on my phone.
Along with security we must also balance risk… I am also willing to have my twitter profiles @ssjaime and @OnlinePwordSec on my phone. I use those accounts often enough to feel comfortable putting them out there on the 3G network.
This blog post was a bit of an experiment too… I wanted to see how it would be received!

Hope you enjoyed and please comment.


Plaintext Passwords

What’s worse than forgetting your password?

I say it is resetting your password with a nice strong complex one using one of those Forgot Password” tools on the website and then receiving an email confirmation that contains your password in plaintext!

Here are my recommendations on how to avoid this problem:

  1. Don’t forget your passwords! (but if that’s going to happen, perhaps the other ideas below will suit you better)
  2. Use a password manager, so you always have your passwords available.  There are many different programs/apps/websites available to facilitate this.  I will delve into the different kinds in an upcoming post 🙂
  3. Read the rest of this entry »

Anagram Your Passwords!

Remember those puzzles that require you to rearrange letters to make words and phrases?  They take a sequence of letters like alarepirctl and you manipulate them to become the word caterpillar.  Why not take that game, give yourself a few rules and create your passwords in the same way?

How to do it:

  1. Take an 8-character minimum word or phrase as your seed word
  2. Use a numeric replacement (such as those listed under common replacements) or add a number
  3. Use a special character replacement or add a special character
  4. Read the rest of this entry »

Expiring Passwords

Can you answer with “in the last 3 months” to any of these?

When was the last time you changed your password for …

  1. your primary email account?
  2. your bank account?
  3. Facebook?
  4. eBay?
  5. iTunes?
  6. WordPress?

If the answer is: Read the rest of this entry »

Machine-generated passwords

There are many websites and programs that can generate a password of any length and complexity.  Here are some of the pros and cons for adopting these passwords for day-to-day use.


Using a Seed Word to Generate Category Passwords

 I highly recommend organizing your online accounts into categories.  (If you need a refresher, here’s my original post.)

For sites which fall into categories 8 – 11, it is okay for your passwords to be similar to one another.  However, they should each have at least 3 unique characters and be no shorter than 8 characters long.  It is only for websites in these categories that I would advocate using the method outlined below.

This method uses a number mapping schema.  Read the rest of this entry »

Password Tip #3 – Type-ability

The best passwords are those that you can recall from memory and those that you can type easily.  Combining the two is not always easy, but I believe it is worth taking a few extra minutes to make sure that a password is type-able!

While the sample password ssP!0Nnkge from this post, might be easy to recall from memory, is it easy to type? Read the rest of this entry »