Google Website Translator Gadget

Friday, September 17, 2010

Three Great Password Management Systems to Keep Hackers on the Run

A good friend of mine told me this week he manages more than 200 separate password-protected online accounts.  At first I thought he was exaggerating, but after further discussion with him, I realized it's fairly easy for any of us to get close to that number.

Consider all of your password protected media sites (free and paid), banking and brokerage accounts, personal and professional email accounts, retails sites, project management sites, social media channels, etc.  You can see how someone who goes online only out of necessity, and not desire like many of us, can quickly accumulate a significant number of password protected online sites without really trying.

And as the hackers out there know, people generally use the same one or two easy-to-decode passwords (like their first name, or qwerty or letmein) for all of their accounts. It keeps things simple.  Unfortunately, it also makes the hacker's job that much easier.  All a hacker has to do is to figure out one of these passwords and suddenly he/she has access to a large number of your accounts and to potentially critical personal information.

What now?

Well, as I learned earlier this week, after you get hacked is not the time to be looking for the additional security you need to guard against getting hacked in the first place.

Still, better late than never.

It's like trying to buy a snow blower in a blizzard, a generator in a power failure, sandals in July.  Your best bet, and for the best deals, is to purchase these things before you need them.

And in the case of added security for your protected online sites, many of the software products that fortify your electronic fortress are free, up to a certain point.  You still need a comprehensive security suite running on your computer and you may also want to invest in an email security-specific product as well.

But in addition, and on the heels of my Gmail account betting hacked earlier this week, I've become a big proponent of password management systems as an added layer of steel between you and the hacker.  My friend with the 200 password protected online accounts became a proponent some years ago when his Gmail account was hacked. And now, I too am convinced. You should be too.

There are a lot of great products out there that more or less do the same thing, but here are three password management solutions I researched and want to share with you.  We'll never put the hackers completely out of business, but we can make their job as hard as possible:

KeePass:  This is a free open source password manager.  They talk about themselves this way:  You can put all your passwords in one database, which is locked with one master key or a key file.  So you only have to remember one single master password or select the key file to unlock the whole database.  

RoboForm.  Lots of awards and great reviews from leading trade pubs like PC Magazine, Bloomberg and Morningstar.  RoboForm says on its website:  Security is our highest priority.  RoboForm Password Manager has gone through multiple security reviews and is used by Fortune 500 companies and the government. 

Passpack.  This is the solution my friend uses.  Here's how Passpack talk about themselves:  We believe access to data privacy applications should be an unalienable right. We're working hard to make that a reality.

The truth is, it doesn't matter too much which one you pick.  As long as you pick one.

Thursday, September 16, 2010

Don't Let This Happen to You

Earlier this week my Gmail account was hacked.  It left me with the same feeling of violation I experienced about 25 years ago when my then beautiful Toyota Celica was broken into and my AM/FM in-dash cassette player was stolen.

I realize this has happened to many of you before, but having my email account hacked was a first for me and it really took me by surprise.   Just as the break-in to my titanium silver Celica did.


Because I thought I was protected -- in both cases.  After all, on my two computers I run the latest version of the Norton Security Suite -- courtesy of my Internet service provider, Comcast.  And I also run the free version of Malewarebytes Anti Malware.

And the Celica had a motion-sensor security system. What could go wrong?

As it turns out, all of these well-known and dutiful security solutions gave me what has turned out to be a false sense of security.

The nastiness started just before 8 p.m., just after I finished a great dinner and as I was settling in on the couch to check out what financial funny-man Jim Cramer had to say on his nightly show, which I DVRed.

I powered up my Toshiba Satellite L305-S5968 laptop, which had been in sleep mode, and opened Gmail.

And then - wham!

Once loaded, I saw that my inbox was filled with dozens of out-of-office responses from Gmail contacts around the world, dozens of delivery failures (I guess I need to update my address book), and a number of emails from a few former clients, co-workers and friends wondering what was going on.  I also received a few alerts from Twitter and Facebook friends.

Many of the recipients I heard from immediately recognized the email they received from me as a bad case of spam.  Most recipients didn't open up the message (story of my life). But for the more adventurous souls who did click through, they saw the goat (or is it a ram?) pictured here along with this verbiage:

"This journal has been suspended. Its contents are no longer publicly visible. LiveJournal cannot discuss the reasons for a journal suspension with anyone except the journal owner.about being suspended." 

Now, I have nothing against a goat (or ram) wearing an eye-patch and a pirate's hat, but ....

So before I share some information (coming in tomorrow's post) about how you can better protect your email account from being hacked, even though you too may think you are already protected, I want to share a few of my favorite responses from a few of the hacker's victims:

"This seems a little dodgy--did you get hacked? I didn't click through...figured I would check with you first. Hope all is well!"   ...from a fellow PR pro working at a big IT management company.

"Jim -- Long time, no contact ...good to hear from you.  The note below, however, looks suspiciously like something might have hijacked your address book and is sending out emails to all of your 'C' contacts. ...Hope all is well."   ...from a former client who works at a big IT management company (not the same company as above).

From another:  "virus or real?"   ...from a former client who works for the world's largest technology company.   

And another:  "Hi Jim, is this legit?"   ...past client now working for a leading data governance solutions company.     

Finally:  "Are you toying with me?"   ...friend and former colleague working for the world's largest technology company.

Tomorrow, I'll share what I learned from someone who has over 200 password-protected accounts and  is passionate about password management systems as a way to keep email hackers at bay.