Feb 22
Do You use the Same Password in Different Places? If you use the same password for your e-mail account, Twitter and your online banking, cracking your Twitter account, for example, makes your other accounts vulnerable to cyber criminals. A recent study by Trusteer (which I cited in an earlier post) based on a sample of more than four million users, many of whom are customers of leading North American and European banks, of the Rapport browser security service found that passwords were being re-used in surprising numbers (73 percent). Although creating a number of different, strong passwords for each of your accounts may at first seem cumbersome, Trusteer's findings suggest that many online users are leaving themselves more vulnerable if they do not. Thus, the first question seems apparent: How does one create a strong password? How to Create a Strong Password
- Create a password that is easy to remember but difficult to guess
- Your password should not contain words found in a dictionary or other personal information that prying eyes may guess, know about you or can easily find (such as your birth date, address, telephone number)
- Your password should contain a minimum of 14 random characters combining upper (A-Z) and lower case (a-z) letters, numbers (0-9) and special characters (@#$%^!)
- Your password should be different for each place (whether your e-mail, your Facebook account or computer log-in) requiring a password .
- To test the strength of one of your current passwords (or to create one to secure 100 passwords at one time), please read about the free Secure Password Generator below.
Free Secure Password Generator PC Tools, the developer of Registry Mechanic and Spyware Doctor offers a free PC desktop-based Secure Password Generator (see the screen capture above) and a password strength tester to test your current or created passwords (see the screen capture above). The 392 KB application, which does not require installation, can be downloaded from the following URL: http://www.pctools.com/guides/password/ PC Tools also offers a Web-based Secure Password Generator if you do not want to download the aforementioned desktop application. Use the SSL connection (which provides an encrypted connection between your computer and PC Tools' Web server) when if you decide to create a secure password via their Web site so your password is not created in the clear. Their online password generator, using a secure (https) connection is located the following URL: https://secure.pctools.com/guides/password/ Whether using the online or desktop version, the password generator can create up to a 64 character password with an accompanying Phonetic Pronunciation (to possibly assist with recall). Using the online password generator, you can create one to 50 passwords at one time and one to100 passwords with the desktop program. For further information about how a non profit organization can develop a productive virtual volunteering program through the use of appropriate technology, please visit this Online Volunteering Resource.
Dec 20
You are about to click on a shortened Twitter link but do you know where this shortened link will take you? URL shortening services such as tinyurl have been available for a number of years. Such services originally provided an easy way to shorten long links that could break within an e-mail message or make long URLs much easier to remember. With the introduction of microblogging services, such as Twitter, where 140 character message limits prevail, shortened URLs became a necessity. This 140 character message limit has in turn spawned numerous new URL shortening services, such as bit.ly, cli.gs, or ow.ly. However, clicking on any shortened URL can pose significant security and/or privacy concerns. Not knowing where a shortened link goes may land you at a malicious Web site. To reduce your odds of being exposed to such security and privacy risks, before clicking on any shortened URL first reveal the underlying full (unshortened) URL. One such free unshortening service is Untidy (http://unhid.co.cc). Unhid claims to be able to "... preview short URLs from every shortening service..." which may prove to be a significant advantage over competitor http://untiny.me (I have been able to reveal shortened URLs using unhid.co.cc that untidy.me currently could not unshorten). Untidy provides two easy options. You can copy the shortened URL and paste it into the box at http://unhid.co.cc and click "Unhide" to reveal the full URL (see screen capture). Unhid also offers a more convenient bookmarklet option (for example, if you are using Mozilla's Firefox browser, just drag and drop the bookmarklet, found on Unhid's homepage, to your Bookmarks Toolbar). When you want to unshorten a URL, first click on the Unhid bookmarklet to activate it. (as shown in the screen capture above, a pop-up will state that the bookmarklet has been activated and that the bookmarklet can be de-activated by refreshing the page). Next, click on any shortened URL. As shown in the screen capture, a pop-up message will ask you if you want to preview the shorteneed link in a new window at http://unhid.co.cc (OK) or view the shortened link (Cancel). Press "OK" to preview the shortened link at http://unhid.co.cc (see the screen capture). At this point, you can decide whether or not you want to click on the unshortned URL. Although you now have the immediate unshortened URL, this revealed link could still be re-directed to another Web site, which could be malicious. At this point, if you are still suspicious about the URL, either do not click on the link or run your browser within sandboxie ( http://www.sandboxie.com) before clicking on the link. This assumes that you are taking other preventive measures, such as keeping your system and applications updated as well as installing the latest anti-virus definitions. For further information about how a non profit organization can develop a productive virtual volunteering program through the use of appropriate technology, please visit this Online Volunteering Resource.
