Keep Your Browser Safe with a Password Manager by Kevin Dwinnell

One of the things I got to do over the holidays was dial up the strength of my passwords across the web.  This was a gift that resulted from the Gawker hack.

I’d been casually improving the strength of the passwords I used, but using very little variety among the passwords.  I was an easy target.  So, when the Gawker notes went out, followed by Amazon’s note and so on.  So, I decided to take my security more seriously.  I explored creating a system that allowed for unique passwords, but was memorable enough that I could still keep them in my head.  But, all the typing quickly got old.

Then a note from a team member who linked to this post “Jesus Christ, Use a Password Manager Already” and it got me looking into password managers.

As a quick overview, there are three basic categories:

• Desktop – stores your passwords on your computers hard drive.
• Portable – For your mobile device whether it’s your smart phone or thumb drive.
• Web based – Online password manager.

What you quickly discover is that each method has its own strengths (platforms or uses where it excels) and weaknesses (where it’s vulnerable). Each also creates additional overhead in terms of what you need to do to access secure sites (cut and paste, authenticate manually).  Don’t get overwhelmed and do nothing.  Choose a path that fits best with your computing habits.  You’re online security will be better for it.

I’m giving KeePassX a try.  It’s a free open source password manager. It keeps my passwords in an encrypted database with either a master password, a key file or both. You only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using secure encryption algorithms currently known (AES and Twofish) which is great.  And it’s available across platforms, so whether you’re on Windows, Mac or Linux, you’re covered.

If you don’t want to get a feel for what others are using, check out Lifehacker’s Five Best Password Managers from their Hive Five efforts.

Good luck and safe browsing.

Posted in Commentary | Tags: browser, linux, mac, password, password manager, security, Windows | No Comments »

Secure Your Browser Wi-Fi Connection with This Extension by Kevin Dwinnell

Here’s a quick and easy add-on to your Firefox browser that’ll make all your coffee breaks a little more secure.  Get the HTTPS Everywhere extension.

If you were attuned to the buzz back in October, you heard a lot about Firesheep and how it made painfully clear how the practices of many popular websites puts user information at risk by not encrypting user information.  CNN did a story on how Firesheep may endanger your computer when using wi-fi.  It discusses the risk, and offers a few suggestions like logging out of your accounts when done to reduce your risk of being automatically logged in when you launch your browser on a Wi-Fi network.

HTTPS Everywhere, a Firefox extension produced as a collaboration between The Tor Project and the Electronic Frontier Foundation, can help in some cases. It encrypts your communications with a number of major websites and its latest version is designed to offer improved protection against Firesheep.

It provides much better protection for Facebook, Twitter and Hotmail accounts, as well as completely new protection for bit.ly, Dropbox, Amazon AWS, Evernote, Cisco and Github. The extension makes your web browser demand an HTTPS connection if it’s available.  (NOTE: the phrase “if it’s available.”)  HTTPS Everywhere only works if a site implements HTTPS; many of the most popular sites still haven’t deployed HTTPS properly, if at all.  And for maximum Firesheep protection, especially on Facebook, you must take two extra steps: you’ll find all the details on the HTTPS Everywhere site.

This is an easy but important step for you to take until major websites implement HTTPS properly and completely.

Posted in Commentary | Tags: browser, EFF, firefox, Firesheep, HTTPS, security, wi-fi | No Comments »