Earlier this month we were all informed that the Heartbleed bug which affected versions of OpenSSL, a widely used data encryption standard had potentially compromised our personal information. Around the world the response was the same “change your password”. Seems like a simple enough solution, but if you are using an unsecure password changing it will not protect you for long. In addition if you did not wait for each website to patch their OpenSSL before changing your passwords, then your new passwords may have already been compromised too.
The topic has been trending since it exploded in March. There are numerous stories of companies who have coerced their employees (or future employees) onto giving them access to their personal Facebook accounts. In the U.S., where this “trend” has been spotted, the latest victim is Kimberly Hester, a teacher’s aide at Frank Squires Elementary in Cassopolis who is currently involved in a legal fight against the board after she was suspended without pay when she refused to provide her Facebook password. And she’s not alone, earlier last month the Associated Press reported of earlier cases of employers asking prospective employees to disclose their passwords or “friend” an HR representative on the social media site in order to have a look around their profile.
Mashable.com has recently reported that Google, Yahoo, Microsoft and AOL have put their differences aside and come together to create DMARC.org – the Domain-based Message Authentication, Reporting & Conformance. It will provide consistent authentication results across their email services: Gmail, Hotmail, Yahoo Mail and AOL.
Have you ever received a phone call from a person claiming to be from Microsoft? Well, Microsoft has now started to warn people that they may receive a call from scammers claiming to work for Security Departments of various well known organizations such as Microsoft.
Like most of you, I've had many different passwords I have had to remember over the years. Some professional (network, servers, applications), and some personal (facebook, twitter, online banking). Up until about a year ago, I thought I had a fairly secure system for managing my passwords for all these different things: I had 3 different passwords memorized, and would pick one at random. Each one was fairly complex (letters and numbers), but none would stand up to a brute-force or dictionary attack. The downside to this method is that when I would go back to a site I haven't visited in a while, I would have to guess which password I used - not so handy, but manageable when there are only 3 options. In some cases, I would have to modify one of them to meet required password complexity rules, such as including a non-alpha character, which would only serve to confuse me more (and often resulted in clicking the "Forgotten Password" link).