Equifax Crisis Worsens

The Equifax security breach just keeps getting worse. At the end of the day this sad situation proves a point I have been pressing for years now. You can not trust others with your digital security. You must take security very seriously. The first thing everyone should do is – take passwords seriously, very seriously.

Think about this, would you leave your wallet or your purse on a table – all alone – in a public place? Of course you would not. Your passwords are even more important then this.

Image result for password managers

My reccomendation is to find a password manager, like LastPass and take some time setting up unique, encrypted passwords for each of your accounts. This is not as difficult or as expensive as it sounds. You can learn more about LastPass here.

OK – lets get back to the lastest disaster that is Equifax.

One month after news came out about a massive breach at Equifax, the credit bureau is still struggling with the fallout. The latest blow arrived yesterday when an independent security researcher reported discovering that links on the Equifax Web site were attempting to redirect him to a malicious URL.

In a blog post last week, analyst Randy Abrams said that he visited the Equifax site to check and see whether false information from another credit bureau had made its way into his credit report on Equifax. When he tried to access his personal information, he said he was redirected to a site with a fake Flash Player update screen. In a tweet yesterday, Abrams said it appeared that the issue might indicate Equifax’ Web site had been breached again.

Image result for equifax breach

Equifax revealed in early September that its systems had been compromised sometime between May and July, causing sensitive personal data for around 143 million Americans, as well as a number of Canadian and British citizens, to be exposed. Early this month, the company increased its estimate of the number of U.S. victims by 2.5 million. The U.K.’s National Cyber Security Centre reported earlier this week that nearly 700,000 Britons might have been affected by the breach.

Abrams noted on his blog that he “just sort of tripped over” the latest problem at Equifax’ Web site while trying to view his credit information. The appearance of a Flash update site was an immediate red flag, according to Abrams.

“Seriously folks, Equifax has enough on their plate trying to update Apache,” he said. “They are not going to help you update Flash. I know that nobody is surprised at my find, but watching Equifax is getting to be like watching a video of United Airlines ‘deplaning’ a passenger . . . It hurts.”

The fake Flash download links appeared during at least four separate visits Abrams made to the Equifax site, according to a report today in Ars Technica. An analysis by the German IT firm Payload Security gave the malicious file that attempted to load a threat score of 96 out of a possible 100.

Meanwhile, U.S.-based security writer Brian Krebs has pointed out that the Equifax breach could expose not only people’s names, Social Security numbers, and birth dates, but also details about their salary and employment histories. Krebs also criticized the Web site that Equifax created to keep people informed about the issue.

Share This:

Yahoo’s Security Breach Grows Worse

In December 2016, Yahoo revealed it had been hacked back in 2013. It was reported at the time that this security breach by an “unauthorized third party” saw the user data associated with 1 billion accounts stolen. However, it turns out that this epic hack was even worse than Yahoo thought.

This hack didn’t just affect 1 billion random Yahoo users. Instead, it hit every single Yahoo account that existed in August 2013. And there were 3 billion of them at the time. Let that sink in for just a minute: 3. billion. accounts. Making it the largest data breach in history. That we know of…

The Most Epic Security Breach Ever Recorded

Since Yahoo first disclosed the hack Verizon has acquired the company. During that acquisition new intelligence was uncovered that clued Yahoo into the fact it had underestimated just how epic this hack was. Rather than “just” 1 billion users being affected, all 3 billion users were caught up in it.

Image result for yahoo hack

Yahoo has subsequently sent out a notice revealing the truth. The company states it now believes that “all Yahoo user accounts were affected by the August 2013 theft”. And Yahoo, now called Oath, has drawn this conclusion “following an investigation with the assistance of outside forensic experts”.

Thankfully, although the size of the security breach has been scaled up significantly, the information stolen has remained the same. Which means that “names, email addresses, telephone numbers, dates of birth, hashed passwords […] and, in some cases, encrypted or unencrypted security questions and answers” were stolen.

However, Oath (formerly Yahoo) is ultra keen to stress that no “passwords in clear text, payment card data, or bank account information” was stolen from its servers. This should be of some comfort to anyone who had a Yahoo account in 2013. Which is probably most people reading this right now.

Please Follow Yahoo’s Common Sense Advice

Oath has created a full page of FAQs related to this data breach. And this provides the common sense advice the company suggests you follow in order to safeguard your information. Which basically amounts to changing your passwords and security questions and answers for any and all Yahoo accounts, and, crucially, all other accounts that share the same or similar information.

Share This:

Was Your Data Stolen in the Equifax Breach?

Yesterday we first reported about the massive Equifax security breach. Today more details have emerged as well as additional details regarding how you can see if your data is at risk. Sadly I checked mine this morning – and indeed my data was possibly “exposed”. Also, surprisingly I was advised to wait until September 13 for more details.

Image result for equifax

This data breach could affect up to 80 percent of all U.S. credit card users, and – as I reported above – the credit reporting giant Equifax is doing a terrible job of reassuring customers. As of this writing, getting through to the company on the phone is nearly impossible and online access is not much better.

What Data Was Stolen in the Breach?

Equifax revealed what is potentially one of the biggest data breaches in U.S. history, and the company could be facing a $1 billion lawsuit as a result. Though the hack was discovered on July 29, it was only just revealed by the company. This delay is reporting the hack to the public is almost always the case – which is why password management is so critically important. I have written about this many times.

Hackers were able to access sensitive data including names, social security numbers, addresses, dates of birth, phone numbers, and driver’s license details for 143 million consumers between May through July 2017. Approximately 209,000 users also had their credit card details stolen, and about 182,000 users had details from their Equifax dispute documents stolen.

The breach mostly affects U.S. residents, along with some U.K. and Canada citizens.

How to Find Out If Your Data Was Stolen

There’s been plenty of confusion on how to find out if you were affected.

Equifax has set up an online tool that lets customers check if they were part of the data breach, but it requires entering more personal information (last six numbers of your social security number) and the results are vague & inconclusive (as I experienced). You may be understandably skeptical about handing over more information to a company who’d find itself on the receiving end of such a large breach.

If you prefer to call the company, you can reach them at 866-447-7559. Good luck getting through1

For immediate results, go to the web tool provided by Equifax and click “Begin Enrollment.” Do NOT click Continue Enrollment! (According to the terms of service, enrolling in TrustedID will waive your rights to legal representation, including participation in any class-action lawsuits.)

You’ll see a screen where you can enter the last six digits of your social security number and your last name.

If your data was stolen, you will see the message below. Again, do NOT click the Enroll button!

Up until last night, customers may have seen one of three messages. The one listed above, another saying they were not affected, and a third providing a date on which they could enroll in the company’s TrustedID Premier service.

What Should You Do?

Consumer Reports offers some suggestions for those who find that their information may have been compromised.

Credit Monitoring: You can sign up for Equifax’s free TrustedID Premier service which is a credit monitoring service that is currently free. As mentioned above, enrolling does preclude you from participating in a class-action lawsuit against the company.

Credit Security Freeze: One of the most common suggestions from security experts in the wake of the breach is to place a credit security freeze. This will not affect your credit score and will not impact prescreened credit offers.

In order to place a freeze, you must request a security freeze with all three credit bureaus:

There is a BIG problem with this move however!

First, this is not free. The fee varies from state to state, but it shouldn’t cost you more than $10 per credit bureau.

Secondly, the freeze will prevent new lines of credit being opened in your name, which of course means that if you were planning on purchasing or renting a home, financing a car, applying for a job, or getting a new credit card, you will have to lift the freeze first.

Finally, Lifting the freeze may also cost up to $10 per credit bureau.

Stay Vigilant: Keep a vigilant eye on your bank accounts for any suspicious activity. Consumer Reports recommends setting up alerts on your bank accounts for unusual activity: suggested parameters include your balance and the size of transactions. While Consumer Reports does not suggest it, you should also be vigilant when it comes to your online accounts. Set up two-factor authentication, create secure passwords, and don’t click on links in emails claiming to be from Equifax.

Equifax has said that it will mail out notices to consumers who credit card numbers or dispute documents with personal identifying information were impacted.

Share This:

Mastering Password Managers

It goes without saying that everyone needs to use stronger passwords, and the best way to do that is with a password manager. The truth is, passwords that are hard to hack are very hard to remember, however you really do need long and complex passwords.

Top 3 Password Manager Apps for Android

That’s where password managers come in handy. There are all kinds of password managers out there, including some as basic as your browser’s rudimentary list of saved passwords list and some as elaborate as entire cloud systems that work across multiple devices and platforms.

All of these models have some basics in common: they store your passwords, they auto-fill details on login forms, and they keep your passwords encrypted in databases. The differences are where those databases are kept, the types of encryption and recovery options available.

Weaponized Math: Encrypted Passwords

Your browser can save passwords, but that often isn’t very secure. One of the main appeals of a password manager is that it saves all of your passwords behind one password in a single database.

Of course putting all your plain text passwords in one place isn’t much of a security measure in and of itself. Instead, your passwords must be encrypted, which secures your passwords. But since the amount of control over password databases can vary, you’ll want to figure out which model works best for you.

When boiled down, encryption is the use of math to disguise your data. The key used to transform the plaintext is randomly generated, the strength of the encryption is based on this key size in bits. In layman’s terms: the more bits, the more security. This is because the more compelx the key, the more complex the resulting output is.

Depending on the algorithm, that substitution is repeated. In certain cases, they key is transformed to further obscure the output. This process is creates what’s called a hash, which often has added salt—additional randomization added to the hashing process. This ensures the original value is completely obscured without the correct starting input, key, and salt.

There are additional factors like block size, initialization vectors, and other more advanced concepts. If you’re interested in the gory details, check out our detailed breakdown of encryption

Local Safes: Keeping Control

The best way to keep a secret is to never tell anyone. If you don’t want your passwords anywhere other than on your hard drive, a local password manager is your best option. This keeps your data on a device that you physically control, leaving your security directly in your own hands.

One of the more popular password managers is KeePass, an open source Windows solution with ports on Mac and Linux. It offers a lot of flexibility and control, including the ability to select between multiple encryption algorithms.

best password managers 2016 keepass

And if you’re looking for a complete escape from passwords, you can even use key files to unlock your passwords. (You put key files on a USB drive or other portable storage, then use the physical device as a key to authenticate with the machine.)

The downside to KeePass is the same as its strengths: you control the keys to the kingdom, so if you lose your key files or master password, you’re out of luck. In such a case, your only option would be to start over from scratch and set up every password again.

Your file is also limited to where you save it, so you’re responsible for any backups you want to maintain. If you want mobile sync, you’re going to need to do it manually (or with a separate syncing service like Dropbox) and a compatible reader on your tablet/phone. And if something goes wrong, you’re on your own.

Local managers give you a lot of security and control, but you lose a rescue plan and out-of-the-box portability.

Syncing Systems: Multiple Devices

If you’re juggling multiple devices with many passwords, keeping a master file locked on a PC somewhere is not the best solution — especially if you’re trying to log into Amazon on your phone or check your bank balance on your tablet. Don’t weaken the password just to make it more memorable!

That’s where hybrid approaches like 1Password come in, which uses Dropbox or your local network to automatically sync your password between devices. This gives you the ability to keep everything working across devices, but you are still the only one with the key to your data.

Image result for 1password logo

But you lose some of the crunchier options, such as multiple encryption algorithms and key file logins.

This fixes a lot of the downsides of the local-only option, as you can keep your phone, tablet, and computer all in sync. You’ll also need to trust Dropbox as a cloud host, though 1Password does add an extra layer of security on top with its own strong encryption, so you can rest assured of any security worries.

If you’re really worried about interceptors and other vectors of attack, you can just use your local network to synchronize your passwords across devices. You won’t have any hope of recovering a lost master password if you choose this route, but it does ensure that 1Password won’t have access either.

Cloud Services: Any Device, Anywhere

Keeping all of your passwords in the cloud requires a certain amount of trust in a company to do things the right way. My favorite choice here is LastPass.

LastPass keeps an encrypted copy of your password database in the cloud, making it available on almost every platform and browser imaginable. You will need a premium membership for several of their features, but the basics are there for free.

Image result for lastpass logo

Your devices do all of the encryption and decryption, ensuring that your master password is not on LastPass’s servers. If you don’t have access to the Web, a copy is cached locally so you can still unlock. There is an additional layer of protection in two-step verification as well.

You have to trust their security is as robust as promised, as LastPass makes for an obvious target for hackers. However, with a good master password and two-step verification enabled, you should be confident about the security of your password safe. And if you ever forget your password, you can recover your safe.

Literally the Least You Can Do

If you’re a Mac and/or iOS user, you already have access to a password manager built into your operating system: iCloud Keychain. This is an extension of the OS X keychain that uses iCloud to keep all of your passwords synced across devices.

Windows has a similar feature called Credential Manager, but it does not have the same cross-device syncing.

This is pretty comparable in terms of security to LastPass, but it’s limited to Apple devices. Unless you’re only running exclusively on Apple products, you’re going to be missing your passwords on some of your other devices, which can be a huge nuisance.

Yet even if you’re a big Apple fan, you still may not want to lock yourself into the platform because you never know what kind of other devices you may get in the future.

You Really Need a Password Manager

Unless you have an iron-clad memory, using different passwords across all of your accounts is going to prove difficult. Doing so with hard-to-crack passwords? Near impossible. Getting a password manager ensures that you can keep all of your accounts safe and secure using a single master password.

Find the model that works best with you and find the product that works best for your devices. Almost every manager has a free trial or free tier that you can try out. Once you’ve made your choice, go through all of your online accounts and update the passwords to be more complex.

That’s really all there is to it.

Share This:

Has Your Password Been Exposed ?

You know by now that you should be changing your passwords regularly. I have have been strongly recommending password managers for several years now. This is because every day there seems to be another cyber security crisis. If you haven’t changed your passwords recently, it’s now officially time: a massive database containing login credentials is floating around the internet.

Image result for password hack

We don’t know who’s behind the breach, but over 560 million leaked emails and passwords — 243.6 million unique email addresses — are compromised. First uncovered by the Kromtech Security Research Center, the leak has been confirmed by security researcher Troy Hunt, who created the “Have I Been Pwned” website.

What kind of information does it have?

The good news is, there hasn’t been a new hack: the trove of credentials is a collection of data from previous breaches at LinkedIn, DropBox, LastFM, MySpace, Adobe, Neopets, Tumblr and others. Some of these breaches are years old.

What makes this database troublesome from a security standpoint is how accessible it makes sensitive information. It basically compiled private data from various prior hacks to create one convenient database for hackers to illegally access.

Who is at risk?

Essentially, anyone who never updated their credentials at the time of the original breach. If you haven’t stayed on top of every hack and checked your status each and every time, then you could be at risk.

How to check if your credentials are compromised

The easiest way to see if your credentials are vulnerable is to go to Hunt’s site — Have I Been Pwned. Here, you can type in your email and find out if your email and password are safe or not.

Image result for pwned

You may have changed your password at the time of a given breach, but let’s be real: you may not remember. If you scroll below the results, the site shows you which breaches you were impacted by. To view information on sensitive breaches, subscription is required. If this is your first time on the site and you get the dreaded “Oh no—pwned!” message, then it’s best take a screenshot of the result and change your password immediately.

Why a screenshot? The site tells you how many “breached sites” it’s on (in other words, how many unique incidents took your credentials) and if there are any “pastes” — a paste is when the information is shared on a public website. Saving this information (you can also jot it down somewhere safely) can let you know in the future if you’ve been breached again if the information in the results change.

Don’t understand what’s going on? It’s okay. Just go change your email password to be safe. And be sure to create a strong password.

Share This:

Protecting Your Passwords with Ice Cream

As a reader of this fine technology blog you no doubt are taking your security seriously. One of the most important things you can do to protect your personal data is adopting a strong password plan. I have recommended LastPass many times in the past – and it remains my password manager of choice.

The problem has remained the same since the dawn of the internet. People generally do not always use effective passwords. They’ll often use things like their birthday or the name of their pet in their login information. To make matters worse, people have a tendency to use the same password for multiple accounts. This happens because birthdays and pets are easy to remember. The same goes for recycling the same password for multiple accounts. In an attempt to get users to create better passwords, some companies like Apple force them to include special characters, numbers, and an uppercase letter in the password. Browsers offer to remember your password for you and all you have to do is set a good one. Another solution is to use a password vault. A password vault is an app that stores your logins. It allows you to set complicated passwords and remember them.

If you have a shared computer, multiple vaults can be used to separately store information for everyone that uses it. The vault locks itself automatically after a set period of time. If you walk away form your computer and forget to lock it, the vault and the information in it will still be safe.

Storing Information

Ice Cream Password Manager lets you store more than just your login information and it’s duly sorted by the type of information it is. You can mark information that you frequently use as a ‘Favorite’ but it is otherwise sorted into categories like Login, Credit cards, bank accounts, identities, passports, etc.

These categories don’t just sort information. Each one has fields that make it easy to enter information. For example, the passport category has essential fields like issuing authority, the date it’s been issued and when it will expire, your date of birth, etc.

Similarly, the Bank accounts category has fields for entering your bank’s Swift code and your account’s IBAN number. What this essentially ensures is that you enter all relevant information that’s related to an entry. You might have to take the time out to fill it all in but once that’s done, you’re never going to have to search online or through physical papers to locate the information you need.

Desktop App And Chrome Extension

The desktop app and Chrome extension don’t need one another to function but, if you have both of them installed your information is synced. The extension makes it easier for you to add login information. Every time you log in to a new domain, the extension offers to save it.

One advantage that comes with the Chrome extension is that it has a password generator. The password generator doesn’t just give you a random password. You can specify the length and how many special characters you need in your password.

The Chrome extension syncs all the vaults you’ve created, password and all. Like the desktop app, the Chrome extension locks itself after a period of inactivity and you need to enter your vault password to access your information.

Backup

Ice Cream Password Manager lets you schedule regular backups. In fact, you can keep multiple, incremental copies of your data.

Additionally, you can sync your information with Dropbox.

Security

I mentioned early on that the Ice Cream Password Manager automatically locks itself after a period of inactivity. The app lets you choose what that period of inactivity is. You can also set it to automatically clear the clipboard one minute after you’ve copied any information from your vault.

Shortcomings

Ice Cream Password Manager is an overall well developed app. It has a couple shortcomings. (1) it doesn’t lock down characters for known fields. For example, passport numbers are only 9 characters long. Similarly, IBAN codes are 14 characters long. In both these fields, you can enter as many characters as you like. This is problematic because you might accidentally repeat a character when entering your information and never know it happened until you try and use it.

(2) Another problem is that there is NO mobile app. We often need our passwords while on the run and this is a serious flaw. However if you want a free password manager this looks like a fairly good option and hopefully a mobile app is on the way.

Ice Cream Password Manager is pretty well made. It’s stable and the information is quick to sync between desktop and browser. There’s a Firefox add-on in the works so there isn’t much left wanting. If you struggle with remembering your password, or your purposefully keep simple ones, give this app a try. It will help you set complicated passwords and remember them. It will also make sure you always have all your important information in digital form on your computer at all times.

You can learn more about Ice Cream Password Manager here.

Share This:

Worst Passwords EVER!

In its sixth annual Worst Passwords report, SplashData, a provider of various security applications and services, listed the 25 weak and easy-to-guess passwords most frequently posted on various hacker forums and websites.

Related image

Presenting the list of the top 25 bad passwords people use. I hope that known of you, my dedicated readers are relying on any of these to protect your information.

  1. 123456
  2. password
  3. 12345
  4. 12345678
  5. football
  6. qwerty
  7. 1234567890
  8. 1234567
  9. princess
  10. 1234
  11. login
  12. welcome
  13. solo
  14. abc123
  15. admin
  16. 121212
  17. flower
  18. passw0rd
  19. dragon
  20. sunshine
  21. master
  22. hottie
  23. loveme
  24. zaq1zaq1
  25. password1

The list is based on 5 million leaked passwords, and almost 4% of hacked users used “123456” as their password of choice while more than 10% used another from the list.

Most had a single word password, which is a dream come true for any hacker planning a quick and effective dictionary attack. Using this method, a hacker pretends to be the user and tries to log into their account, using a predetermined set of words or phrases from a list called “dictionary”.

Frequent usage also applies to another group of passwords on the list: sequences. “123456”, “qwerty” or “zaq1zaq1” are key sequences, which means the used symbols are near one another on the physical keyboard. This kind of passwords is another dictionary favorite, but is also susceptible to a brute force attack. This tactic is similar to a dictionary attack, since it also happens on the login screen, but instead of using ready-made lists, a hacker uses a special algorithm which attempts to enter different character combinations until a password match is found (i.e. attacker will try using “1234”, then “12345”, etc.).

I recommend again friends, take the time to select a good password manager and use distinct, unique & complex passwords for all of your online accounts. The time you spend doing this may save you much hard-ache later.  You can check out our previous articles regarding password managers here.

Share This:

OneLogin Hacked

Its the same old story all over again. Another online company has been hacked and thousands of accounts exposed. This time, ironically it was a “password manager” services company that was hacked.

Image result for onelogin hack

Password manager OneLogin suffered a massive data breach Wednesday, and the attackers may have gained access to sensitive customer data, such as login information for a variety of companies. OneLogin manages login credentials for a variety of cloud applications for more than 2,000 enterprise clients.

OneLogin has stated that its investigation is ongoing, wrote on its blog Wednesday that the attacker was able to access database tables that contain information about users, apps, and various types of keys. “While we encrypt certain sensitive data at rest, at this time we cannot rule out the possibility that the threat actor also obtained the ability to decrypt data,” the company wrote in a letter to clients.

The attack began on May 31 when a malicious actor somehow obtained access to a set of Amazon Web Services (AWS) keys and used them to access the AWS API from an intermediate host with another, smaller service provider in the U.S., according to the company.

Through the API, the attacker was then able to create several instances of the company’s IT infrastructure to probe the company’s system. The company said it was alerted to the unusual database activity seven hours later, at which point it shut down access to the affected instance and the AWS keys associated with it. The breach is thought to be enormous, as all of company’s data centers in the U.S. were hacked.

The possibility that the hacker may have obtained enough data to decrypt the encrypted credentials, meanwhile, could mean that thousands of businesses, including Yelp and Pinterest, may need to change their login information for every cloud service they use.

The details are still hazy, and OneLogin has yet to make a public announcement about exactly what data has been stolen. But in the meantime, the company has apparently contacted all of its clients to advise that they immediately reset any passwords stored on OneLogin’s servers.

This is not the first time that OneLogin has suffered a breach in recent months. The company also suffered a breach from July to August when an attacker using a OneLogin employee’s password was able hack its servers and access company analytics and logs.

Share This:

Mastering Password Managers

With this past week’s WannaCry ransomware scare I thought I would take a little time, again to write about how incredibly important password management is to the security of your data. Passwords are of course, inconvenient, time consuming and memory challenging which is why many people do not handle them seriously. However without good password management you are seriously taking a chance with your security.

I also wrote earlier this week that Microsoft is looking to kill passwords altogether for their services, however we are not exactly sure when that is going to happen and Microsoft not withstanding passwords are going to be around for quite a while yet… so you might as well master them.

Here areof my favorite password management applications, each with a free option. My favorite is LastPass, however each will do the trick if you want to lock out the cyber-criminals from getting a hold of your data.


Image result for lastpass logo png

 

There are two versions of LastPass – free and premium. Both can store an unlimited number of account logins in a secure vault protected by a master password, will complete online forms for you automatically, and can employ multi-factor authentication.

The premium edition also syncs across multiple devices, stores passwords for desktop programs, and lets you share secured folders with other people. with customizable permissions.

One of LastPass’s best features is its ability to generate strong, unguessable passwords for all your accounts, which it then stores for you. There’s no need to remember long, awkward streams of characters, or re-use the same password for multiple accounts. It’s a class act.


Image result for dashlane png

Dashlane is LastPass’s most serious rival, and like LastPass it’s absolutely superb with strong password security, exceptional ease of use and ability to store notes for future reference.

In addition to the Windows desktop password manager, there are browser plugins and mobile versions, and as with LastPass there’s a premium edition of Dashlane that adds unlimited syncing and sharing.

The premium edition of Dashlane costs US$39.99 per year, but the free version provides all the essentials: you get the core password manager, autofill and digital wallet features, all of which work flawlessly.


 

Image result for roboform logo

RoboForm claims to be the world’s best password manager, though its free version only lets you store up to 10 logins and lacks the breadth of features offered by some of its rivals. If you need to store more passwords, a premium account costs US$9.95 for the first year, though the mobile apps are free.

It’s available for Windows, Mac, iOS and Android, and is a good option for anybody who wants a simple and secure way to sync passwords between desktop, laptop and mobile devices.

RoboForm doesn’t have quite the same features lists as Dashlane or LastPass, but it’s a very good tool nonetheless and the free mobile apps are excellent.


Image result for keepass logo png

It isn’t the prettiest password manager around, but KeePass Password Safe is both free and open source with strong security, multiple user support and a whole bunch of plugins to expand the app further.

The password manager is small enough to run from USB without installing on a PC, it can input from and output to a wide range of file formats and there are stacks of customization options to play with.

The fact that KeePass Password Safe is open source means anybody can inspect the code for potential weaknesses, which means that any security issues can be identified and fixed quickly. It’s a great little app, if a bit intimidating for absolute beginners.


Image result for sticky password logo

Sticky Password comes from the team behind AVG Antivirus, so you can be confident that security is its top priority.

There are two versions of Sticky Password: free and premium. The latter adds cloud syncing and backup, and costs US$29.99, £19.99 (about AU$40) a year. There’s also a lifetime license available for $149.99, £96.99 (about AU$200) – an option not offered by any other premium password manager.

The app works on PC, Mac, Android and iOS, supports fingerprint authentication on mobile, is available as a portable USB version and offers lots of synchronisation options including Wi-Fi syncing with local devices. It doesn’t support the Edge browser just yet but it will once the Anniversary Update introduces extension support.


There you go. Give these a try. Anyone of them will help you lock down your accounts, secure your data and perhaps prevent a security disaster from impacting you. The time you spend doing this will be well spent… believe me.

Share This:

It’s Time to Change Your Password… Again

Looks like it’s time to change passwords again. Security researchers have discovered a massive database of login credentials, over 560 million emails and passwords  to be exact, put together by an unknown person. All of the information is unsecured.

Image result for security passwords

The database was discovered by the Kromtech Security Research Center. Most of the information is already easily available, which allows users to see if their accounts have been compromised in previous data breaches.

That means most of the information contained on this database was compromised during other incidents at sites such as LinkedIn, LastFM, Tumblr, and Dropbox. So if you didn’t change your password recently on any of those sites it is definitely the time to do it.

No one knows who actually put the database together, but the researchers are calling them “Eddie” after a user profile name in the data.

Share This:

1 2 3 5