Posts Tagged ‘computer security’

My password security fiasco: Part 3 of 3

May 7, 2017

By Matthew E. Milliken
MEMwrites.wordpress.com
May 7, 2017

The first installment of my password security fiasco is available here; the second part is available here. 

Nearly five years ago, I wrote about my propensity for opening oodles and oodles of tabs on my web browser. Those who know me will not be surprised to learn that my email accounts are similarly stuffed with tens of thousands of messages.

Every so often, I try to weed out outdated, obsolete and unnecessary emails. I was doing that the other night when I spotted a notification on my Gmail web page stating that I was using something like 2.5 gigabytes out of my 15GB allotment. I’d seen this information before, but on this particular evening, some combination of boredom and idle curiosity prompted me to click the link that said “Manage.”

That opened a new tab that had three components. One was a solicitation to buy more storage from Google (15GB is the company’s free basic offering). The second component was a pie chart showing me how much online Google storage I was using. The third thing was a reminder that my Google storage was shared by three of the company’s services: Gmail, the Google email service; Google Drive, the company’s cloud (read: online) file storage service; and Google Photos, their cloud photo storage service.

Read the rest of this entry »

Advertisements

My password security fiasco: Part 2 of 3

May 7, 2017

By Matthew E. Milliken
MEMwrites.wordpress.com
May 7, 2017

When I left off my pulse-pounding story about forgetting my master password, I was discussing the trouble I had in recovering — that is to say, guessing — my password.

One of the problems was that I couldn’t just keep entering password guesses until I found the right one. If I entered enough incorrect phrases, LastPass would lock me out for five minutes. I’d wait a few minutes, repeat the cycle, and get no closer to having my passwords. Unfortunately, there seemed to be no other options for regaining access to my account.

Because practically everything on the Internet, and at least half the things on my smartphone, involves a password-protected account, I felt paralyzed.

For weeks, I contemplated setting aside a day just so I could guess my password. But the prospect was dismal, so I never did it.

Read the rest of this entry »

My password security fiasco: Part 1 of 2

May 6, 2017

By Matthew E. Milliken
MEMwrites.wordpress.com
May 6, 2017

In April 2014, I wrote about an Internet security flaw and my use of the password manager LastPass. Since then, I joined LastPass’s premium service, which costs what I consider to be an eminently reasonable $12 a year in return for the ability to use the service on my mobile phone.

I try to be diligent about updating important passwords every six months or so. But you know what they say about good intentions — as in, the road to hell is paved with them…

In February, Yahoo issued a warning about hacking that had affected its site. Alng with that caution came a wave of articles advising Internet users to change their passwords because of a newly discovered web infrastructure vulnerability. Since it was about time to update the entry codes on my accounts anyway, I spent the last night of the month at home getting started on just that arduous task.

One of the passwords I changed was the one on my LastPass account — my master password, as they call it. Unfortunately, when I went to log in to LastPass a day or two later, I found that I couldn’t remember my password.

Read the rest of this entry »

Computer CPR: How to respond to the Internet’s Heartbleed security hole

April 12, 2014

By Matthew E. Milliken
MEMwrites.wordpress.com
April 12, 2014

The other day, I spent about an hour updating several of my Internet passwords. The spur for this, in case you didn’t know — and if you didn’t, you really should — is Heartbleed, the gaping flaw in World Wide Web security protocols that may have given snoopers access to supposedly secure passwords and other information over the last two years.

It’s not yet been determined whether anyone actually exploited the vulnerability in the OpenSSL code, which perhaps half a million websites used. (Another article estimates that this code is used on perhaps two-thirds of Internet servers. SSL, by the way, stands for secure sockets layer.) Samantha Murphy Kelly reported Wednesday that there’s no indication that hackers were aware of the bug before it was announced at the beginning of the week, and on Friday, the National Security Agency denied that it had either known about or used the flaw.

Still, in the wake of these revelations, Internet users have been advised to change their passwords. There are a couple of wrinkles, however. One is that if a site you use has been compromised, a password change won’t make a web account more secure unless that website has patched the vulnerability.

There are workarounds, of course. On Thursday, Mashable compiled a table listing popular sites and whether or not a password change was advisable. Also, Internet denizens can go here and enter specific web addresses to see if those pages have been affected.

Read the rest of this entry »

%d bloggers like this: