mgroves

Posts Tagged ‘security’

Vault login in Opera

After the recent Gawker issues, I decided that I need to take a better approach to password management.  I saw someone tweet about LastPass (“the last password you’ll ever need”), so I decided to give it a shot.  It’s an online “vault” for all your passwords, coupled with plugins for every major browser (including an extension that is available for the new Opera 11 and its new extension framework).  Most browsers have password managers built in, but this one crosses over each browser, and indeed, each computer where you have LastPass plugins installed.  So if I happen to be using Chrome on my desktop to create a new account somewhere, then LastPass will save that username and password to an organized vault.  Then later, if I happened to be using Opera on my laptop, LastPass will pull that login information for me.

Additionally, LastPass will optionally generate very strong random passwords for you.  And if you need to retrieve your password at any point, you can view your entire vault through the browser plugins, or login to their site.

Give it a try.  If you use the same password everywhere, or are constantly forgetting your passwords (like me), then LastPass may be just the thing you need.  Just make sure your LastPass password is very strong, and not used anywhere else.

If you’re like me and you don’t have an IT department for your home network with rigorous security standards, you need to be even more vigilant when it comes to security, because you have no one to blame but yourself.

I’ve been using Secunia PSI (Personal Software Inspector) for some time now, and I’ve found it to be an excellent product for identifying out-of-date and insecure programs. Not only does it identify programs that need updated, but also how to update them, how to patch them, and even specific forum threads if I have a problem getting the update to take. It handles insecure, end-of-life, and even browser security. In “advanced” mode, I can see at a glance what needs updating, how serious the threat is, links to patches/updates, and links to the forum thread:

(Note that screenshot was taken before I had run Windows Update on a new box).

It’s always surprising to me what Secunia is able to find that I wouldn’t have found on my own. For instance, PhpStorm (an excellent PHP IDE, by the way) comes with a copy of Java (JRE) for convenience, but the JRE gets updated frequently and PhpStorm doesn’t update the JRE on its own. I had no idea the JRE was there until Secunia found it and told me it was out of date and a 4/5 threat rating. Simple solution: delete the outdated JRE and PhpStorm was able to find the updated version on my system with no problem.

I was logging in to a new bank account that I created recently, and they asked me to create some security questions.

This is typically stuff like “mother’s maiden name” and whatever, just to increase the amount of barriers to unauthorized access.

At this particular site, you can select from a couple dozen pre-written questions and then supply your answer in a textbox. So, here’s an example:

I was just about to submit this when I though to myself: “Wait a second. That last question would have the same answer for every single person who doesn’t live in New York.” OH, EXPLOITABLE!