PasswordManagement
Latest
Mac 101: Securing your passwords after the Gawker breach
Thanks to questionable security practices at Gawker Media (publishing parent of many high-profile websites including Gizmodo and Lifehacker), a number of people are busy scrambling to change their passwords on a lot of different sites today. Gawker stored encrypted passwords on its servers instead of password hashes (and stored those passwords using the deprecated DES standard), so as a result of some weekend hacking, a lot of email addresses and passwords were stolen. Gawker Media is asking anyone who uses its comment system to change their password immediately, and if they used the same email address and password on other websites, they should change those passwords as well. If you have used any of the Gawker sites in the past, you can use Slate's Gawker Hack widget to determine if your email address and password was part of the group that was compromised. Some other sites like LinkedIn are proactively disabling the accounts of users who were included in the data dump, requiring them to reset their passwords before they can get back in. Common sense dictates that for the best security, every website account should have a separate password; you should never use a dictionary word, birthday or family name as your password; strong passwords always need a mix of capitals and lowercase letters, numbers and (if acceptable to the service you're logging into) punctuation/non-alphanumerics. (The number of people who used 'password' or '123456' as their comment login in the Gawker system is truly shocking.) However, our puny human brains don't work well with strong passwords; we just can't remember a lot of passwords that are random gibberish, and even using mnemonics and other tricks for password generation can fill up the ol' brain pretty quickly. There are some ways to generate strong passwords that are associated with just one website -- and keep them recorded securely on your Mac or in the cloud -- so click that Read More link to see how.
1Password updated to 2.5.8
Today, Agile Web Solutions updated their password manager, 1Password. As many Mac users may already know, 1Password is an indispensable application for managing passwords and browser auto-fill for Mac OS X. Now that it has been updated to version 2.5.8, it boasts some new features along with bug fixes. New in 1Password 2.5.8 is support for the Firefox 3 beta; you're now able to import from Passwords Plus and Password Safe 3, and you can now store UK bank account information.1Password is available for $29.95 from the 1Password website, and a demo is also available. [via Mac Update]
Password Manager roundup
We all have tons and tons of usernames, passwords, and credit card numbers that we need to remember. Luckily, OS X has a great utility, that is under appreciated, commonly called the Keychain that'll store all of that info for you securely.For a single user Keychain is great, but what if you need to share these passwords amongst a group like in an IT shop? Nirlog.com has a great roundup of several Mac only and cross platform apps that'll help you out.
