Passwords – Good Practise

Recently I have started to use a new password manager and got asked why I did not just use the same password across all of my accounts online. And this lead to me thinking that people as a rule don’t know effective and secure practice to follow when using online accounts and passwords.

Firstly you should always use a different password for each of your online accounts, this could be having one password with many variations such as different letters or symbols within it. This is necessary these days as it only takes one of the platforms you use to get hacked and you could potentially lose access to all of your accounts.

So Here Are Some Good Password Practice

Password Practise
The steps above are a fairly comprehensive guide to develop a highly secure password, by memorizing a sentence you have written, the arduous task of having to remember your new or complex password is reduces. you can also incorporate information about the account you are logging into meaning each accounts password will be a lot easier to remember.

unnamed
TrueKey is a password manager utility from Intel, and not only does it store information for online accounts you can also put in information like your social security number. This turns out to be very useful when paired with the mobile app. TrueKey also offers a feature that will generate a password for each account, and then log you straight in from the application. Meaning once you have secured all of your accounts you will only ever need 1 password to gain access to them.

6a00d8341cc8d453ef01157025645b970c
This final method is a touch old school I know. But in my opinion nothing can beat a trusty notebook (Granted I am probably one of a few that still like handwritten notes.) But the beauty of using a notebook is that you never have to worry about getting hacked and they can be carried on you at all times. Ok, so this option might not be the best if you tend to lose things but other than that its a sure fire way to manage multiple account details offline.
 

And hopefully if you follow some of the steps listed above you should be able to maximize your online security. As it is commonly known that the weakest point in most security systems is the human element. And that is because a lot of people have poor security knowledge or training. And this can be down to a number of thing such as age or use case.

But again hopefully this helps and you can share it with your friends and colleague to again increase everyone online safety.

RFID Wallets: Are They Worth It?

The title may lead you to believe this is going to almost be a tinfoil hat sort of post, but there are a lot of reasons why RFID protected wallets make sense. Sometime last year the photo below circulated the internet, because it showed someone on a train with a contactless card reader. contactless

Now I’m not sure if I know anyone these days that doesn’t have a contactless card, when they first came out i declined one due to the possible security threats that came along with them. But last year when I opened a new account my bank sent me one, so began the hunt for an RFID protected wallet.

So naturally the first place I turned to was amazon, as it is usually the place to go for items of that type. But after looking through about 4 or 5 pages i just was not happy with the style and quality of the wallets that they had. The images below are some example of the wallets that Amazon had to offer, not that any of them are bad. But I’m personally not a fan of either a hard shell or a tri-fold wallet. I’m a bit of a snob when it comes to wallets, as its like a good pair of shoes if you pay a little bit more they tend to be of a better quality and last longer.

So I held of for a while as i was skeptical of how well these wallets would last, and then I found what is in my opinion the perfect wallet. It was a nice black leather Michael Kors one. I did not at the time realize designer companies were incorporating RFID into there

RFIDWallet4.png

It was a fairly costly investment for a wallet but i felt the combination of the style and technology was worth the cost, personally i feel it blows all of the others on amazon out of the water, but the curious part was that if i had not stumbled upon it in a department store i would have had no idea. It was not overly well advertised on the packaging either other than a little paper tag sticking out of the top mentions the RFID protect. So for anyone out there looking for a nice stylish wallet with the added comfort of RFID protection should defiantly have a look at Michael Kors.

Password Managers: Yay or Nay

Recently I started using Intel’s True Key application across a number of my devices. This includes my iPhone, iPad, Laptop and Desktop PC. I have used some password managers in the past but never really felt the requirement untill maybe the last 6 month, this is due to me not only having a lot of account, but because the passwords are different between them. This would regularly lead to me having to either reset the password using my email or lead to a text to my phone that would then let me log in.

I elected to use Intel’s True Key based on a few things, the first was that I was aware of the fact that Intel owned Mcafee security. This gave me the impression that unlike some of the other password managers out there this is backed by an actual security company. Which you would like to think has influenced the security and design of this product. And the second reason this application was the one I choses was that it able me to use it on all of my devices meaning I could always have a list of passwords with me.

I have seen some password managers that store the information on the devices it’s self meaning if you don’t have that devices or it was to break you could be without your list of passwords. The True Key application has a nice feel to it, it has not been made overly complicated and works well. One of the nice features is the password generator feature, meaning that you can generate a 30 character password using letters, numbers and symbols. This works well with the fact that on the PC True Key will prompt to log into your accounts meaning you don’t have to type out a 30 character password. This means your online accounts can be very secure and the only password you will have to remember is your True Key master password.

It also removes the potential for unauthorized access to any of the accounts you use online as it is common for people to have a note-book with all of their acount details in. This could lead to numerous problem in the form of fraud or having accses to your own accounts removed. When all you really need to do is use True Key, on the iPhone it will use the fingerprint to log into the application meaning you wont even have to type the master password!

Overall as password managers go that I have use True Key feels like the best on out there in my opinion. Not only is it a product from Intel meaning you know it is going to be decent in regards to functionality and quality. But it is not overly complicated to use and offers a ranger of features across a number of devices that I havent seen from any other password managers.

 

Google Cracks SHA-1

A couple of weeks ago a report by Google came out stating they had managed to crack the SHA-1 (Secure Hash Algorithm 1) This Hash function was original developed by the NSA in 1993. And it is still used by a lot of websites today, although there are much newer versions that offers a lot more security as the maths and computing power to crack it is even greater it has not been as widely adopted.

These issue with the Hash Collision is that the idea behind SHA-1 was essentially each file would be given a unique header and in 1993 when this was first developed the for-site that there could potentially be a collision would have seemed impossible due to the amount of computing power required to even entertain this and the fact that PC and computer use was no where near as common as it is today. But although Google has managed to force a collision between 2 items having the same SHA-1 hash it did however take them 2 year with support from the university of Amsterdam. Combine the resources and computing power both a university and Google have and given it took them 2 years to achieve this means as an out-and-out security vulnerability it is not all that feasible that a hacker would be able to force a collision and potentially cause damage.

GoogleCollisionCrackImae
Source: Google Security Blog

Another reason this isn’t to much of a concern to the integrity of cyber security in my option is that SHA-2 is readily available, and already deployed meaning that even if the collision is able to be simulated again in much less time there is a very accessible upgrade path that will offer much greater security and also not lead to a time between SHA-1 is vulnerable and SHA-2 is being developed.

The Creator of both Linux and Git was warned about the possible vulnerability with SHA-1 in 2005 and proceed to continue using it for Git. This is because he felt it would be far to expensive and Git has layered security meaning that one layer might be compromised but that isn’t the end game.

In my opinion although it has been cracked in an experimental setting it would not be as accessable to do for malicious purposes unless it was a state sponsored attack because the resources and time required are not anywhere close to where hackers would feel it a useful tool. And furthermore companies such as Google and Microsoft already use SHA-256 so your average joe who uses YouTube and Gmail will have nothing to worry about in regards to their online privacy and security.

 

If you enjoyed that check out some other posts below

McAfee Cyber Threat Predictions 2017

Paid vs Free Anti-Virus Software