Monthly Archives: May 2010

32 Million Skyrock Passwords Stolen and What You Should Do About It

By Joe Golton | Published: May 31, 2010

On May 21, 2010, Skyrock informed users of their social network and blogging platform to change passwords (mots de passe), because of an intrusion detected on May 19. Skyrock does not know what the intruder accomplished. If the password list was stolen, then the passwords of all 32 million users were compromised because they were stored as plaintext.

What should you do if you are a Skyrock user? What should you do if you are not a Skyrock user? Read More »

Share         

Filed in category: Password management

Password Management for the Average Joe

By Joe Golton | Published: May 14, 2010

If you’re like most home computer users, you use the same 2 or 3 passwords for your various accounts and your passwords are easy to crack. As you keep reading news reports about hacked accounts and stolen identities, you think you should do something about your passwords, but you keep putting it off.

<div xmlns:cc="http://creativecommons.org/ns#" about="http://www.flickr.com/photos/wysz/44830826/"><a rel="cc:attributionURL" href=

Like personal security, password management is something most people don’t think much about until after something bad happens. Unfortunately, the Internet is not secure. Just as you need to be “street wise” when venturing onto streets, you need to be “net wise” – especially with passwords – when venturing onto the Internet. Because, like it or not, your passwords are currently the main barrier between you and the bad guys.

Most password management advice seems designed to torture you as opposed to help you. For the average Joe with average security needs, password management advice needs to be simple and usable, not just secure. Luckily, there is a reasonably secure form of password management that is simple and usable. Here it is: Read More »

Share         

Filed in category: Password management

Use a Password Manager to Assign Unique, Random 15 Character Passwords for all Accounts, Protecting them with a Strong Master Password

By Joe Golton | Published: May 14, 2010

Securing a computer is hard. A highly skilled hacker can easily break into to your accounts or computer. But the same can be said of home security. A highly skilled thief can easily bypass a locked door or alarm system.

Most thieves are not highly skilled, and even thieves with greater skill prefer easier targets. So locking doors will discourage many thieves, and a big, barking dog will discourage even more.

The same is true with hackers – most are not highly skilled and even those who are prefer easy targets. If you are a typical consumer without data of great value to criminals, then using a password manager as I describe here can act as the equivalent of a locked door combined with a barking dog, an alarm system, and a sprinkler system – which will keep out all but the most highly skilled and determined hackers.

Unfortunately, the way most people manage their passwords can be easily exploited by automated malware or as part of larger attacks that harvest thousands of passwords. Even more unfortunately, the vast majority of advice about password management is either misguided or too complicated. In this post I explain why I believe using a Password Manager (to assign unique, random 15 character passwords for all accounts, protecting them with a strong master password) strikes the best balance of usability and security for the average Joe.

The title of this post sums up the password management approach that I believe provides the most benefit for the least effort. In the rest of this post, I explain why. Read More »

Share         

Filed in category: Password management

Which Password Manager?

By Joe Golton | Published: May 14, 2010

There are dozens of password managers, including some built into browsers. Many of them do the basic job you need, which is to use a master password and strong encryption to securely store your passwords. More important than selecting the “best” password manager is to use such software wisely. I describe how to use a password manager here (basics and index to password series) and here (tips).

If you’re already using and liking a password manager not mentioned in this post, by all means keep using it so long as it offers master password protection in combination with strong encryption. While most password managers offer password import and export functions, the actual practice of switching password managers and learning a new one is cumbersome.

However, if you’re selecting a password manager for the first time or dissatisfied with your current password manager, you may as well benefit from my efforts to identify the best password managers for individuals. My efforts included extensive use of two password managers and poring through hundreds of reviews, forums, and comments about many others. Read More »

Share         

Filed in category: Password management

Tips For Wise Use of Password Managers – Including Master Password Selection

By Joe Golton | Published: May 14, 2010

In the first post of this series, I describe four steps to secure your passwords with a password manager. This post describes a number of additional tips for using your password manager software most effectively. The “Tips for Standard Use” section is for everyone. The “Tips for Extra Password Security” section is for those who need additional security, with less regard for convenience. Read More »

Share         

Filed in category: Password management

Bad or Useless Advice about Password Management

By Joe Golton | Published: May 14, 2010

I’ve read dozens of tutorials and guides on how to manage passwords. I dislike most of them for the simple reason that they are far too cumbersome to implement and have you memorize a dozen or more rules without telling you why. The only way an average person will use secure passwords is if it doesn’t take up too much time and attention. Here are a few pieces of advice on password management dissected and dismissed: Read More »

Share         

Filed in category: Password management

How Attackers Steal Passwords

By Joe Golton | Published: May 14, 2010

Many people don’t understand how easy it is for attackers to take advantage of weak passwords, and therefore don’t use a password manager or other means to make their passwords stronger. This post describes 9 common ways passwords get captured, roughly ordered from most to least common. Proper use of a password manager can thwart some of these attacks and limit damages from most other types of attacks. Read More »

Share         

Filed in category: Password management

The Usual Way to Manage Passwords and How Attackers Exploit it

By Joe Golton | Published: May 14, 2010

According to various studies, most people use the same few passwords for all of their accounts, most of these passwords are weak, and many people don’t realize how weak their passwords are. Using the same 2 or 3 passwords for many accounts is analogous to storing all of your keys under the outside doormat of your locked front door – it doesn’t take much effort for a thief to have access to everything.

In this post, I describe the typical home user system for managing passwords and how attackers exploit this system. Read More »

Share         

Filed in category: Password management

Definitions for Common Password Security Terms

By Joe Golton | Published: May 14, 2010

Like anything to do with computers, password management has its share of jargon. To avoid cluttering up my posts on password management, these terms are defined here. Read More »

Share         

Filed in category: Password management

The Next Batch of Posts

By Joe Golton | Published: May 14, 2010

In 2009, I had a few ideas that I wanted to get out into the world, and I wrote up a few of them for this site. I then took a break for a variety of reasons. One reason is that the next planned article turned into a lengthy research project on password security.

Read More »

Share         

Filed in category: Password management