Encrypt Without Any Effort

March 11th, 2012 No Comments

Encrypt Without Any Effort

Encryption is a tricky topic that is often misunderstood. I’m no expert (this guy is), but I strongly recommend everyone encrypt information when possible and it’s not a gigantic burden. This is after all the risk/reward scenario all security decisions are ultimately based on.

When we surf the web most traffic is not encrypted, more of it can be with little to no effort. Why do you care?  Remember that your traffic that is not encrypted can be seen, recorded and generally used for and against you by anyone between you and the person sending it.  So your ISP (Internet Service Provider)  might be tracking where you go and what you shop for, a hacker might be learning the answers to all your security questions. There is an endless list of possibilities here.  Would you be OK if someone was staring over your shoulder for every action you take on the Internet? Sure your banking is probably encrypted. How about your email? Facebook? Amazon shopping?

If you use Chrome or Firefox (and I suggest you do use one of them, chrome for me), you should install HTTPS Everyhwhere.  It’s free and requires no user interaction.  It was created by the Electronic Frontier Foundation, a non-profit organization helping people online.

Here is how it works:

  1. Install the plug-in into Chrome or Firefox browser.
  2. Surf the web.   With each site you visit HTTPS Everywhere will check its ruleset and attempt to secure the traffic via HTTPS (that’s the same method your bank and everyone uses on the Internet).   If the site supports HTTPS, your traffic will be secured. If not, it wont.

That’s it.  I should point out that the web site owner has to enable HTTPS, this is not something you can do. What happens is that HTTPS might be enabled, but you didn’t ask for it, so you don’t get it.  With this installed, and no effort by you, more of your Internet traffic will be encrypted from snooping eyes, like Facebook.com.

Read More »

Change Your Password for the Last Time

February 1st, 2012 No Comments

I hate passwords, and I’m fortunate that I can memorize them very well. I can remember mine and yours from years ago if you ever shared it.  That doesn’t make them fun for me however, it’s more like taking up space I should be storing some more useful information.

I’m done changing passwords and you should be as well. The short version of this blog is:  find a good tool to help you use really obscure passwords and use it well.  I recommend LastPass.

So why do we use passwords? Sounds simple enough right? Well the technical answer is that we use them to confirm we are who we say we are. I type in a login name and the password is my method to confirm I am indeed that person.

Well then, why change them if we don’t share them? (you don’t share them right?) If your company makes you change your password every 30 days they are in fact telling you that they expect your password will be figured out by someone else around day 31. In theory they have looked at the risk (password compromised) and picked a time frame forcing you to change just less than the expected compromise time.  In reality almost no one does this complicated analysis.  Companies have a lot of mitigating controls to prevent password compromise through policy controls – you know when you get locked out from mistakes for example.

So back to your connected life on the cloud… there is a good chance the last time you changed your password was when you forgot it and were forced or your bank or Facebook specifically told you it was compromised.  To fix this is simple. Use LastPass (or another tool like it).

With LastPass you have a master password. A single hard password to remember. You install the software in your browser and let it capture all your other passwords as you use them.  This by itself is a wonderful productivity gain as it can autologin to most sites.  The magic really happens when you use LastPass to make your passwords secure and stop using the same password for every site.   This doesn’t take much time and suddenly if your cloud storage provider loses your password, you only change one and no other online identities are comprised. Your passwords are long and random and very hard to crack.

There are several reasons why you should do this today:

  1. Its free! (for most versions, cheap for others)
  2. It saves you time everyday.
  3. It works on all your platforms & Broswers– PC, Mac, iPad, Iphone, Android, etc
  4. You don’t want to memorize another password do you?
Read More »
Subscribe to RSS Feed Follow me on Twitter!