New Technology: November 2011

Saturday, November 19, 2011

5 Tools for Keeping Track of Your Passwords

This post originally appeared on My Life Scoop, where Mashable regularly contributes articles about using social media and technology for a more connected life.

Time and time again, we’re warned of the importance of having strong, secure online passwords. Phishing scams — where legitimate looking e-mails and websites try to trick you into entering in your sensitive login information to a bank site, e-mail host or social network — are bad enough when a scammer is able to compromise your account, but the result can be many times worse if you use that same password for a number of online accounts.

Likewise, when crackers breach servers for various web services and expose the user information to other ne’er-do-wells, your accounts could be at the fate of many shady characters.

That’s why it’s more important than ever to use strong, secure and unique passwords for each of your online accounts. Of course, that sounds great in theory, but the main reason we often reuse the same password or passphrase is because trying to remember 50 different logins, each with various alphanumeric strings, is just not realistic.

Fortunately, there are some great tools and services available to users to not only keep your passwords secure, but to also make them accessible and usable from multiple computers or web browsers. Here are five of my favorites.

1. 1Password

1Password from Agile Web Solutions is my favorite way to manage, create and securely access my passwords from a Mac, iPhone, iPad or Android device. The program is $39.95 (a family license for 5 users is available for $59.95) but you can install it on as many of your own computers as you want. It’s a great way to create and fill-in passwords across the web.

The application has plugins for all the major web browsers — Safari, Firefox and Chrome, and you can also pull up your passwords from the application itself. The app works like this:

When you’re on a website and you create a new account, 1Password will prompt you to save that account to its database. In the future, rather than having to type it in manually or rely on your browser’s built-in manager, you can just use 1Password to automatically fill in your username and password data.

Even better, 1Password includes a truly fantastic password generator that lets you create robust passwords of a length that you choose. You can generate a password for an account and then automatically save it.

1Password saves all of your passwords and login information into its own secure database that is stored on your computer, but where 1Password really shines is with its ability to sync with Dropbox. Dropbox is a free service that lets you keep a cloud copy of anything within the Dropbox folder on your desktop. That folder is then accessible across computers and devices. Any change to that folder is synced across every connected computer. 1Password can use Dropbox to store its secure database, which means that if you use multiple Macs or want to have constant syncing on the iPhone, iPad or Android, you can.

1Password has a beta version of its app available for Windows. Like the Mac app, the Windows version can connect to a Dropbox account and sync its database with other platforms.

1Password can even store other form information like credit cards, address information, server logins for your website and software serial numbers.

2. LastPass

LastPass is a very popular cross-platform password manager that stores all of its data in the cloud. It works on Windows and Mac and in every major web browser. Like 1Password, LastPass can automatically save your logins, help you generate safe and secure passwords and automatically fill in your passwords when you visit a site.

The difference is that instead of storing its database on your computer or in Dropbox, it’s all stored on LastPass’s servers. LastPass actually has a really robust set of security around your data and if its center is compromised, your data still can’t be accessed.

LastPass is free to use but for $12 a year, you can gain access to LastPass’s many mobile apps (including iPhone, BlackBerry and Android) and gain access to priority support. It also means you get to skip any advertisements.

3. KeePass and KeePassX

KeePass and KeePassX (which is KeePass but for Mac or Linux) is a free, open-source password manager. It works very much like 1Password, in that the database is stored on your local computer. Like 1Password, you can use Dropbox to keep KeePass synced across machines and profiles.

KeePass can run off a USB drive, which makes it a great choice for users who frequently work on different machines but don’t want to leave any of their personal data on those machines.

KeePass isn’t as user-friendly as LastPass or 1Password, but its dedicated userbase loves it because it can be extended and used in a variety of ways. Plus, it’s free.

4. RoboForm

RoboForm is very similar to 1Password, but it’s just for Windows users. It works with Internet Explorer, Firefox, Google Chrome and with Safari and Opera via a bookmarklet.

RoboForm also has mobile apps for Android, iPhone, BlackBerry and Symbian. Like KeePass, you can even run it off of a USB drive, which is great for users who want a way to keep their passwords with them and use RoboForm on various computers they use, but don’t want to have to install a program on each of those computers.

You can also use RoboForm with Dropbox, which makes using it across machines that much easier. RoboForm is $29.95 for a single-user/computer license and you can get RoboForm with two computer licenses for $39.95.

5. Firefox Sync

Formerly known as Mozilla Weave, Firefox Sync is a plugin for Firefox 3.5/3.6 that will also be an integrated feature in the upcoming Firefox 4. Firefox Sync is a pretty cool concept and it takes a slightly different approach to password management and syncing from the other tools in this list.

Firefox Sync securely syncs and protects your passwords, bookmarks and browser tabs (you can choose to sync all or none of these items). When you login to another computer with Firefox on it, you can just login to Sync and have access to your existing data and even pull up tabs that are open on your other computer. When you log out, all of that information disappears.

Sync also has iPhone and Android apps so you can bring your tabs over to those mobile devices. The upcoming Firefox Mobile for MeeGo and Android will let you access your passwords securely and remotely as well.

By being built into the browser, Sync is a great way for Firefox users to keep track of their passwords. Because it is part of Firefox, Firefox Sync is really designed for people who use Firefox as their primary web browser. If you use Google Chrome, Internet Explorer or Safari, you’ll want to look at the other options listed above.

Do you use a password manager or syncing tool? Let us know in the comments and also share any of your best password tips.

Update: Several readers in the comments mentioned Passpack, a tool that’s really great for sharing and keeping track of passwords for teams and groups.

HOW TO: Protect Your Company’s Passwords

This post originally appeared on the American Express OPEN Forum, where Mashable regularly contributes articles about leveraging social media and technology in small business.

It’s almost impossible to understate the importance of having and using strong, secure online passwords. As important as it is for consumers to heed this advice, it can be even more important for businesses to use and secure the passwords of their various accounts. As tools like Firesheep have shown, gaining access to an email or Facebook account can be alarmingly simple.

Fortunately, there are tools and precautions companies can take that will help simplify the process of keeping passwords safe and protected.

Use Unique Generated Passwords for Different Accounts

No matter how often we’ve been warned, the reality is that most of us use the same password or group of passwords for all of our major accounts. At first, this doesn’t seem too bad — especially if that password is a unique and long mix of numbers, letters and cases. The problem with using the same password or group of passwords, however, is that if one account is compromised, other accounts can follow.

This is especially true for users that associate an e-mail address with an account. When Gawker Media’s web servers were breached last year, thousands of commenters had their usernames, passwords and e-mail addresses exposed. As a result, some of these users had their email, Facebook and Twitter accounts compromised as well.

For business accounts, using a separate, unique password for each major service — and making sure that none of these passwords are the same as those associated with personal accounts — is essential.

Good password management applications typically include a password generator, however, websites like Strong Password Generator are great in a pinch. Using more than 7 characters is a good idea, but be sure to check with your application or service for rules associated with the use of special characters.

Password Management Tools Are Your Friend

One of the primary reasons individuals reuse the same passwords is because keeping track of 100 different logins is difficult, if not impossible. This is where password management applications become crucial, especially in a business environment.

In the past, I’ve written about password management apps for Mashable and here are a few of my favorites:

1Password: 1Password is a solution for Mac OS X and Windows that allows users to not only store their passwords safely, but also access those passwords from within their web browser. That means that rather than relying on the built-in password manager, a user can use 1Password to fill in logins instead. These logins are protected by a master password, and Agile Web Solutions also makes an iPhone and Android app for accessing and securely logging into websites while on the go.

1Password starts at $39.95 for a single license and is $59.95 for a 5-user license.

LastPass: LastPass is a cross-platform password manager that works with all major web browsers to securely store and generate passwords. LastPass also has an Enterprise option for businesses that includes support for applications as well as websites.

LastPass Premium is $12 a year for individuals and starts $24 a year for Enterprise customers.

Passpack: Passpack is a tool designed for teams and businesses that want to make passwords accessible without making them insecure. What we like about Passpack is that it lets users store their personal and work-related passwords in one place, but then choose who has access to what passwords. Plus, Passpack makes sharing passwords secure and also makes it easy to update or change group passwords in bulk.

Passpack for departments and workgroups is $4 a month.

Use HTTPS Logins

Beyond just using unique, secure passwords and password management tools, it’s also important that businesses use secure logins, especially when accessing web services from outside of a corporate network.

In the last few months, a growing number of websites, including Twitter, Facebook, Gmail, Foursquare and HootSuite have started to implement HTTPS as a login option. Using HTTPS, logins are encrypted over the network. This means that even if the network itself is open, the password and username to your account isn’t visible to those sniffing the network.

Turning on HTTPS as a default login option in the web services that support it is a good idea for all users, but it makes even better sense in a corporate context.

Feel free to share your password protection tips in the comments.

25 Worst Passwords of 2011 [STUDY]

Pro tip: choosing “password” as your online password is not a good idea. In fact, unless you’re hoping to be an easy target for hackers, it’s the worst password you can possibly choose.

“Password” ranks first on password management application provider SplashData’s annual list of worst internet passwords, which are ordered by how common they are. (“Passw0rd,” with a numeral zero, isn’t much smarter, ranking 18th on the list.)

The list is somewhat predictable: Sequences of adjacent numbers or letters on the keyboard, such as “qwerty” and “123456,” and popular names, such as “ashley” and “michael,” all are common choices. Other common choices, such as “monkey” and “shadow,” are harder to explain.

SEE ALSO: HOW TO: Protect Your Company’s Passwords

As some websites have begun to require passwords to include both numbers and letters, it makes sense varied choices, such as “abc123″ and “trustno1,” are popular choices.

SplashData created the rankings based on millions of stolen passwords posted online by hackers. Here is the complete list:

1. password
2. 123456
3.12345678
4. qwerty
5. abc123
6. monkey
7. 1234567
8. letmein
9. trustno1
10. dragon
11. baseball
12. 111111
13. iloveyou
14. master
15. sunshine
16. ashley
17. bailey
18. passw0rd
19. shadow
20. 123123
21. 654321
22. superman
23. qazwsx
24. michael
25. football

SplashData CEO Morgan Slain urges businesses and consumers using any password on the list to change them immediately.

“Hackers can easily break into many accounts just by repeatedly trying common passwords,” Slain says. “Even though people are encouraged to select secure, strong passwords, many people continue to choose weak, easy-to-guess ones, placing themselves at risk from fraud and identity theft.”

SEE ALSO: 5 Tools for Keeping Track of Your Passwords

The company provided some tips for choosing secure passwords in a statement:

1. Vary different types of characters in your passwords; include numbers, letters and special characters when possible.
2. Choose passwords of eight characters or more. Separate short words with spaces or underscores.
3. Don’t use the same password and username combination for multiple websites. Use an online password manager to keep track of your different accounts.

Are these lists helpful? Do you need to rethink any of your password choices? Let us know in the comments.

Monday, November 14, 2011

Humans vs. Computers Infographic – How smart is your Laptop?

We’ve grown up with pop culture images of computers taking over the world. The ever popular Terminator franchise showed us battles between Skynet's intelligent machine network and human resistance. HAL 9000 is the antagonist in Arthur C. Clarke's science fiction Space Odyssey saga and in Blade Runner, replicants fought for freedom.

How far has does technology have to go before its starts to live up to science fiction? How long do we have before our laptops rule the world? Below is a light hearted look at computers v.s humans today.

If computers are going to take over the world I’d like them to start off with a few more simple tasks to make life easier like cleaning the oven and finding my missing keys. What weird and wonderful things would you like to see?

New Technology