Someone told me recently that they had 22 different log-in IDs. My first thought was, you must get out more. My second thought was, how do you remember 22 different Web services, let alone log-in IDs and passwords?
The answer, of course, is a password manager. These days, I see PC security as a form of insurance. The more you have to risk, the more you should spend to protect it. Anyone who banks or otherwise transacts online will find the investment in a password and personal-data manager worthwhile. Fortunately, if your password-management needs are meager, the protection doesn't have to cost you anything.
Siber Systems recently announced the beta version of RoboForm Online that lets RoboForm users store their log-in data securely online. Just log into the service from any browser and get fast access to the IDs you've saved on your PC. With just one you're logged into your favorite Web sites.
Log into the RoboForm Online service to access your favorite Web services with a single click.
(Credit: Siber Systems)The first time you use the program, you're prompted to enter a master password. You can change the master password via the program's Options drop-down menu and selecting Security settings, but if you forget a master password, you have to delete all the password-protected files and start over.
... Read more
The list of PC security products never ends. For every name that drops off, two more jump on. In fact, determining the best security hardware and software is a full-time job. Sometimes, you just want to throw up your hands and take your chances.
Maybe I'm just a cockeyed optimist, but I think you can stay safe without spending all your spare time doing research, installing updates, and generally becoming a PC-security expert. Here are five relatively easy ways to improve your security.
Use the firewall that's closest at hand
In the computer industry, the reputation of a product, service, or Web site is just about worthless. Yesterday's best firewall, ad blocker, spam buster, virus spotter, or spyware cleaner is today's bust.
Maybe the product got bought and the new owners aren't as conscientious about updates as the previous ones. Or the service's management team decides to go for profits and skimp on support, updates, and enhancements. There are lots of reasons why a good product goes sour, and the computer industry has seen nearly all of them.
So if you can't go by reputation, how do you choose a security product? One way is to go with the tools you've already got. Windows' security is roundly criticized, but the fact is, it's better than it used to be, and third-party security products have their own shortcomings.
Last February, I recommended that you use a third-party firewall rather than the one built into Windows. Six months earlier, I suggested that you pass on the third-party tools and stick with the Windows Firewall despite its shortcomings.
So which side of the fence am I on now? The simple side. The fact is, any third-party security tool complicates your setup. It's not difficult to find weaknesses in the Windows Firewall, but it's safe enough for most PC users, and it's much better than using no software firewall at all.
My previous post included links to information on Microsoft's TechNet site providing technical details of the Windows Firewall, tips for customizing the Windows Firewall, and help troubleshooting the firewall in XP and Vista.
Don't hesitate to try another free antivirus program
Just last week, I switched antivirus programs on my XP test system--for the umpteenth time. Something was slowing the system down, and after defragging the hard drive and doing other standard maintenance tasks, the machine's performance didn't improve as I expected it to.
Rather than go through a bunch of diagnostic tests, I simply uninstalled the system's antivirus tool and downloaded a competing package. The old and new programs were both free, and the switch didn't take much time to complete. The topper? The XP machine's performance perked up immediately.
Two antivirus programs that are free for home use and that are currently highly rated are Avast Home Edition and Avira AntiVir. You'll find a list of dozens of antivirus programs for Windows on this Download.com page.
Change your password...again
I hate those "your password will expire in x days" warnings as much as you do, but one of the simplest ways to protect yourself is by keeping your passwords fresh. Last year, I described the Ten Password Commandments, one of which was to devise a password-creation strategy that's all your own.
Just two months ago, I complained about the shortcomings of passwords as our primary security option, though I concluded that there's nothing better, for now. Lots of people swear by password managers such as RoboForm, but then you have yet another third-party app complicating matters.
For me, it's simpler just to devise a new password based on my unique, inimitable password-creation system, which I share with no one. No need to write it down, enter it in an online form, or encrypt it in a master-password file. Temporary amnesia, well, that's another matter.
For secure e-mail, use encryption
You would think that encrypting e-mail would be a breeze, but doing so is anything but. You and the recipient have to deal with digital certificates, public and private keys, and any number of other time-eating preparations and precautions.
The simplest way I know of to encrypt your e-mail is by using the Mozilla Foundation's Thunderbird with the Enigmail extension. Jason Thomas provides step-by-step instructions in this tutorial on the Lifehacker site.
Gmail users can secure their e-mail communications by enabling the service's built-in encryption. To do so, click the Settings button at the top-right of the main Gmail screen, scroll to the bottom of the General tab, select "Always use https," and click Save Changes.
Select "Always use https" under the General tab in Gmail's Settings to encrypt your messages.
(Credit: Google)
Keep your browser up-to-date
Most people will tell you that the Mozilla Foundation's Firefox browser is the safest way to surf, but a recent report from Google Switzerland and the Swiss Federal Institute of Technology found that "(u)sing the most recent version of a browser will lower the risk associated with drive-by-downloads and other Web-based attacks, which start by targeting the browser."
The report cites Google Chrome's silent updates as the best way to ensure that your browser is protected. The researchers also laud Chrome's lack of a way for users to disable its silent-update feature. Some people will object to software being downloaded to and installed on their system without their knowledge, but the fact is, these behind-the-scenes updates are the best way to keep you safe from the Internet bad guys.
Personally, I'm starting to rethink my choice of default browser. But as I mentioned earlier, you can't put any faith in a computer security product's reputation. And you can't be afraid to switch.
Last week, Steve Bass described in his TechBite newsletter how someone cracked into his PayPal account, hitting him up for $400. Fortunately, Steve caught the theft in time to have the bogus charge reversed, but reading about Steve's experience made my blood turn cold.
The fact is, people get their online accounts pilfered every day. But this is Steve Bass we're talking about. I learned more about PC security from Steve while we worked together at PC World than I have picked up from any other 10 so-called experts. I know how careful he is when making purchases at the corner grocery store, let alone on Web sites.
If Steve Bass can have his virtual pocket picked, it can happen to anyone--and I mean anyone. When I finished reading Steve's tale of woe, I was left thinking, "There's gotta be a better way."
Well, for right now, maybe there isn't a better way to protect ourselves online than using strong passwords that we change regularly. About a year ago, I presented several tips on using passwords. Steve's article goes that blog post one better by including links to Microsoft's password checker and instructions from the company on how to craft strong passwords.
I'm willing to accept the fact that passwords are the best data-security option today, but they're far from perfect, primarily because of the human factor. Either our passwords are too easy to guess or we're too willing to share them, whether inadvertently (by writing them down where others can find them) or on purpose.
My notebook computer (which is currently in the shop; more on that later this week) has a fingerprint scanner embedded in the case. I used this scanner to log into my Windows account for many months, but then the reader started to flake off, refusing to accept my finger swipes and requiring that I type in my password anyway.
It didn't take long for me to abandon the fingerprint reader entirely. I have a feeling that other password alternatives--biometric or otherwise--have similar shortcomings. It might be possible to make one of these access-control technologies more reliable, but doing so could make the cost prohibitive for PC vendors.
Since we'll likely be relying on passwords to secure our systems and data for some time to come, we need to keep in mind that cyberthieves are getting trickier and trickier in the techniques they devise to coax our passwords out of us. Even as we become more mindful of the attempts to steal our passwords, we have to prepare for the day when ours will fall into the wrong hands.
Keep a close eye on those credit-card statements and charges to online accounts. Don't hesitate to contact the financial institution involved if you suspect you've been victimized. Don't think that a strong password--or even a world-class password-management utility such as RoboForm--is all the protection you need on the Web. (You can read more about RoboForm and Siber Systems' other password-management products in Steve's newsletter.)
Organizing log-in information is a painless process with this easy-to-use password manager. Novices will especially appreciate its straightforward user interface. Password Dragon opens with an intuitive interface that isn't overwhelming.
Menu and toolbar items run across the top, and individual log-in information is displayed in the main window. To help users, the program activates only the buttons necessary for the task at hand to avoid any confusion. Click on the New File button to see the Add Record button, which then creates a new entry. The input fields are all self-explanatory, and there are no cumbersome slowdowns to entering account information. That includes your username, password, and site URL. The program rolls in a password generator, and the ability to launch the Web site associated with the record. The Options menu gives you all sorts of settings for masking certain log-in info, setting an inactivity timeout, and copying items to your clipboard at start-up.
When you finish up, an encryption algorithm keeps your saved data safe. This program's no fuss, no muss approach to protecting log-in information is hard to dislike.
Password Prime's straightforward user interface is the perfect balance of simplicity and functionality. It proves that you don't need a lot of fancy buttons to get the job done.
Large, self-explanatory command buttons dominate the program's interface. There's a button for adding new username, password, and Web site information, a button for editing the entry, and a button for deleting the entry. You'll also find a series of buttons for copying the username and password information. We quickly jumped in without referring to the Help file and added our log-in information. One click took us to our entry's corresponding Web site, something that most browser password managers don't do. Username and password information are easily cut and pasted into their respective fields. We were able to just as easily edit and delete the same entry.
A good password manager should make it easier for you to manage and organize log-in information, and Password Prime does just that. It's recommended for all skill levels.
Easily create passwords to your specifications with this password-generation tool. Password Miner's dialog interface is easy to master. Operating Password Miner is as easy as falling down. Enter a master password, a URL or keyword, and a username. Click a few options to set password length and type. Then press the generate button to get a unique password.
Where this app misleads is to claim the passwords are random. If so, they couldn't be recreated by entering the same master, user, and URL. What this program does is use an algorithm to make a password based on the seed data. That makes it a program that will help users remember only their Master Password. Enter it, the URL, and username anytime you need to see Password Miner's recommended password for that site and user.
The app takes an extra step by storing URLs when requested. Passwords can include small or capital letters, numbers, and symbols. Password length is limited to a 1000-character maximum, although I can only confirm that passwords of less than 20 characters work. Having a portable version would be great for a USB key toolbox, but it's a good tool even as it is.
Desktop password manager LogOnce has released a new way for users of the iPhone and iPod Touch to skip having to enter usernames and passwords on sites that require them. You can log in to any site for which you've saved a password just by opening up a special bookmark that plugs in your log-in credentials for you.
There's no software to install and nothing to remember. You can also wipe out any access, just in case you manage to lose your phone, or it gets stolen.
It's devilishly simple, and it works, though the setup is a bit tedious. You must first register with the site, then plug in all your usernames and passwords from various sites, then make sure you're logged into the LogOnce site via your device. After that, it's simply a matter of summoning up the bookmarklet shortcut when you're on the log-in screen at any given site where your registered.
To help make things a bit simpler, you can do all the password management on your PC, if you're willing to download the software version. It syncs up all the log-ins you've provisioned to the your account, so you can access them on the device. In case it's stolen, you simply change out your master password, which will keep any would-be identity thief from being able to access your information.
A far simpler solution, if you're willing to install something on your iPhone or iPod Touch, is 1Password. It's one of my favorites because it gives you far greater control over the fields you can enter, and it blends the management with browsing in the same space, which can be helpful, if you want to make changes on the fly.
Today I had one of those what-the-heck software moments that occurs when a program breaks where it's least expected. A premier feature in the iPhone application I was tinkering with had vanished after a version update.
1Password for iPhone, first reviewed by my colleague Josh Lowensohn, is better known by its Mac counterpart, which encrypts log-ons and passwords on the Mac and automatically fills them in on Web pages. Windows users can think of it as the rough equivalent to RoboForm.
Since a smooth move like that requires multiple programs to run concurrently--something presently prohibited for iPhone applications--1Password for iPhone sports a work-around. Rather than leave the application to sign on to a page from Safari, 1Password launches an in-application Web browser from a log-in detail page. Clicking the icon of a keyhole and then clicking the site name will auto-fill the log-in information, therefore getting by that pesky lack of program multitasking still plaguing the iPhone.
Those last two steps are superfluous in my opinion, but what's worse is that the procedure failed. Over and over again. Could the publisher have pulled the feature? Not likely as long as the Web site is still boasting native iPhone support for autofill. So what happened?
The new log-on reminder option is a must until 1Password's iPhone autofill feature is restored.
(Credit: CNET Networks)It turns out that Dave Teare, co-founder of Agile Web Solutions, 1Password's publisher, had some trouble with the latest release and discovered the mistake after already submitting buggy version 1.3 to the iTunes App Store for approval. Now 1Password for iPhone is stripped of the gem in its password-protecting crown and will remain so until Apple busts version 1.3.2 free from iTunes purgatory, a process that will take anywhere from three days to a week.
Ahem. That's what happens when you let someone else rule the release of your software. Apple's tight control over the contents of the App Store is ordinarily an understandable check against malicious software and bogus software, but in this case, it curbs the publisher's ability to push emergency fixes. This shift in the power dynamic will either: demand greater quality on the publishers' end; feed a few tech scandals when buggy software slips by; create some truly naggy and disgruntled developers and marketers; or all of the above.
I have to wonder if the iTunes team has considered priority accounts like Google AdWords or emergency-attention surcharges like UPS and FedEx. Probably. As long as iPhones are hot and the applications are hotter, future iPhone application flubs by furrowed-brow publishers could become a lucrative opportunity to sell premium customer service.
At any rate, those of you who have already updated your 1Password iPhone application to version 1.3 can still enjoy other fixes, like the newly-instituted capability to delete entries and hide passwords in editing view; a panel that displays your log-on info to manually enter it in the browser window; and a security setting to swallow up the 1Password browser's cookies.
1Password lets you add and manage all sorts of Web log-ins in one place.
(Credit: CNET Networks)iPhone and iPod Touch users have a fantastic new solution for keeping track of log-in credentials from site to site. It's called 1Password, and like the name suggests, you only need to remember one password to access and use your log-ins across hundreds and thousands of sites.
Like RoboForm (download) and other desktop password solutions, 1Password lets you save these log-ins under the protection of a single master password. Unfortunately, due to the limitations of Apple's SDK, you can't run 1Password while you're randomly browsing in Safari, meaning you won't be able to enjoy the ease of autofill. 1Password's workaround is to have you plug in your log-in information and the URL of where that log-in screen is located. From the application, you can simply click on the site you want to go to and it will plug all of that information into the correct fields when it opens in an in-app browser.
The application is already off to a great start, but there are some quirks that need fixing (and will be getting soon). The most glaring omission is the lack of an on-screen keyboard, meaning if there's something like a captcha or another form to fill in later on, you're out of luck. You're also unable to delete saved log-ins, so any log-in you no longer need must be repurposed instead.
Otherwise, there's a lot of power for advanced users. Once you're browsing any site, if you have to log in again for something, you can simply hit the "lock" key, which will plug in your username and password yet again. The same can be done for forms if you're willing to make a preset for that--something just fantastic when you need to enter billing information without killing your thumbs.
Mac users who want to carry over passwords from their browser can also take advantage of cross-platform sync, which will port over log-ins from their desktop to their phone and vice versa with the $35 desktop version.
[via Macrumors]
PassPack is a password-saving service I first checked out back in January of last year. This past week it released a really cool and smart password-saving tool that exists separately from your browser and lets you manage your passwords while offline. It also syncs up with PassPack's cloud storage to let you access your shared passwords, then sync them to multiple, authorized computers.
The application's claim to fame is that you can access your passwords while offline and without the use of your browser. If you don't feel like installing a new, standalone app, you can get similar functionality by trying out the offline version of PassPack that takes advantage of Google Gears to let you do this while away from an Internet connection.
Since Adobe's AIR is cross-platform (download for Mac or Windows), PassPack's developers have chosen to spend more time developing it than the browser-based Gears iteration. Plus, if you're a user of multiple browsers, including some that fall outside the Gears love (like Opera (download for Windows or Mac)), the desktop application will work without issues.
One current weak point with the AIR app (that's due to be remedied soon) is that any locally created passwords will not sync back up with your central PassPack account, so if you're intending to add any new ones you should do that in the Web version instead. The tool also requires the use of an incredibly strong packing password that will roll up all your other passwords. Like I said when I first checked out the service, you're best to write it down somewhere as without it there's no way to recover notes and passwords stored in your account.
PassPack Desktop performs in much the same way the Web version does, although you can access it while away from your browser.
(Credit: CNET Networks)
