Longtime favorite password manager 1Password just teamed up with Pwned Passwords, a new service that helps you find out if your passwords have been leaked online. The database boasts more than 500 million passwords collected from various breaches.
I want to spare you some of the pain that recently greeted me after a night out with friends. I returned to my car to find the rear window smashed out and my backpack gone. It contained my brand new MacBook and iPad.
The worry, of course, was whether my backpack was in the hands of tech-savvy crooks, so I prepared for the worst.
What I learned over a long weekend about my own approach to security is the subject of this week’s Kahney’s Korner.
As anyone who’s worked with technology in the past decade can tell you, the thorniest technical challenges aren’t typically those that deal directly with hardware and software. No, in most cases, the toughest things to troubleshoot and fix lie along the human spectrum. System administrators have long known this, coming up with acronyms like PEBCAK and ID-10T errors.
The same goes for security, which in Apple’s case affects an ever-increasing number of people who not be savvy to the ways of information security.
Apart from “correct horse battery staple,” the most secure passwords aren’t words, they’re phrases. You don’t even need crazy symbols or hard-to-determine numerals (is that an l or a 1, a 0 or an O?) – just a good, longish phrase made out of words.
And now you don’t even have to make one up. Using the XKPasswd generator, based on but not associated with Randall Munroe’s amazing comic strip XKCD, you can generate secure pass phrases easily.
If you’re particularly concerned about the security of your passwords, you might want to stay away from Starbucks’ official iOS app: the Seattle-based coffee maker has just confirmed that passwords, credentials and location in the company’s app are stored in plain text, and are not hashed or encrypted at all.
When you browse the web with mobile Safari, you’ll come across sites that ask you to create a login, and that usually requires a password.
You can save your passwords in mobile Safari automatically, but there are some sites that request passwords not be saved. There’s a workaround, though, if you feel like you should be able to save whatever passwords you darn well please, and it’s buried in the Settings app.
The peeps behind Kaspersky Labs’ Securelist blog have uncovered an Easter Egg in Safari, which they claim lists user IDs and passwords in plaintext.
The problem relates to Safari’s retention of browser history as used in the “Reopen All Windows from Last Session” feature — which enables users to easily revisit sites they opened during previous Safari sessions.
If you store your user name and password details via the Keychain in OS X, you know that Keychain makes it a lot easier to do so. You can store login details for all those websites you visit, including banking info, social network details, and the like, right in the Keychain.
At some point, though, you might forget the actual passwords. It’s like how we used to know all our close friends’ phone numbers by heart, but with the advent of the smartphone, I doubt many of us even know too many of our buddies’ actual digits.
If you want to remember the passwords that are stored in Keychain, though, you’re in luck.