Saturday, 25 February 2012

How Secure Are Your Passwords? How to secure them...

Hello again guys. A few days ago I was speaking to a good friend of mine who had his password hacked, unfortunately this password was the same for all of his online accounts including his online banking! This obviously meant that his whole online 'persona' was compromised. Since I work in IT security he came to me for advice. This conversation got me thinking just how secure most peoples passwords are so I thought I would write a post on how to secure yourself online.

Use complicated passwords
During my conversation with this friend, he explained that his universal password was his surname followed by 123. This is obviously very insecure, along with things like 'password123', 'password', 'abc123' etc. Basically stay away from the word 'password' in your password(s) or any kind of personal information about you or generic statement. You can have a password that is complicated yet easy to remember. For example, let's say my friends password was 'jones123' this can be made more complicated yet still be easy to remember by substituting letters for similar looking numbers and adding a capital letter. So our password now becomes 'jOn3s123'. This password is now a lot more secure than before, but we're not finished yet. To make it really secure we can add a special character, again using ones that look like the original letter, so now our password has become 'jOn3$123' so it's still 'jones123' but a hell of a lot harder to crack or guess.

Some examples of substitutions that you could use are below:
  • o = 0(zero)
  • o = *
  • i = !
  • s = $
  • e = 3
  • i/l - 1
  • and - &
Another good method of making secure passwords is to have a long one. Most people don't know this but a space is a valid character in a password so you can use a sentence as a password. For example, 'My favorite t-shirt is green and has 11 printed on it.' This password is long, has upper case letters, numbers and special characters - it would be extremely difficult for a hacker to crack that bad boy!

Using Password Managers
Not everyone can remember very secure passwords like the ones above and even if you can, having the same password for everything still isn't ideal. That's where password managers come in. This is how I personally remember all my passwords. There a many password managers out there but in my experience there are 2 main contenders, KeePass and LastPass. I have used both but I personally prefer LastPass.

KeePass is an encrypted password database that is stored on your computer. You need a password to open up the database and from there you can access all your passwords and accounts. It can generate extremely secure passwords such as 'FrdjgTdki3u4yFRJTF2894hdggTFD34455f32fdTY'. You can then drag and drop your password from KeePass to the password field on your website and KeePass will enter the password for you. This means that you only have to remember one password and all of your website passwords can be different. Here are some screen shots:

You can download KeePass for free from HERE.

LastPass is my password manager of choice as it integrates with your browser and logs you into websites completely automatically. All of your passwords can be synced between machines automatically as they are stored on LastPass Servers. All of your passwords are encrypted before they leave your computer so once they get to the LastPass servers they are fully encrypted and LastPass have absolutely no access to your passwords. Like KeePass, you simply add all of your accounts to your LastPass vault along with the web address they coincide with and LastPass will then be able to automatically log you in next time, LastPass can also generate very secure passwords like KeePass.

The big advantage that LastPass has over KeePass (apart from syncing) is the fact that it supports multi-layer authentication. This means that you can have a special USB stick that provides an extremely long, one off password each time you need to logon to your LastPass vault. So, in order for anyone to get access to your account they would need your username, password AND USB stick - extremely secure I think you will agree. By default the USB multi-layer authentication is turned off.

LastPass also had apps for all smart phones so you can have your passwords anywhere. For this though you need a premium account which costs just $1 a month (normal accounts are free). Here are some screen shots of LastPass:


You can find more out about LastPass and also download it for free from HERE.

Luckily my friend managed to change all his passwords in time and only 2 of his online accounts where accessed, he is now a LastPass user also. The thing to take away from this is simply, use complicated passwords where possible but if you have a bad memory then use a password manager. I hope some of the information helps you guys to secure yourselves online a little more!

If you want to see how secure your password(s) are then why not take a look at here are the results for a password I use and the results for my friends old password:

My friends old password:

My password:

Wednesday, 22 February 2012

Pear OS Linux Review

Hey guys, welcome back. Today I will be looking at a Linux distro that is growing in popularity, Pear OS. In this review I will be looking at the latest stable release of the distro called Panther. There is a newer version of the distro called Comice but that is still under development and the developer has taken the download link off the site.

First Impressions
At first glance one would think that you are running some kind of Mac OSX (hence the name I assume) version rather than a Linux distribution. It is heavily developed and well put together and if you like the Mac environment then you are likely to love Pear OS.

When you first boot the OS up you are greeted to the Ubuntu 11.10 LightGM login screen with a different wallpaper. I haven't seen it any distro's yet apart from Ubuntu itself, it's good to see this as I personally think the LightGM logon screen is an excellent addition. Here is how the screen looks:

Once you get past the login screen you will see that the distro is running a heavily customised version of Gnome-Shell (GS), whilst I personally don't like GS as an environment to work in, I could grow to like this environment with time (as I have done with Unity). There is a global menu on the top panel and a dock to the bottom where you will see open applications and quick launch buttons to selected apps. To the right of the top panel there is also a 'pear menu' where you will see your session information when you click on it. Again, I assume this is to emulate an Apple look to the OS.

Default Applications
Pear has a number of changes to the usual line up of Linux Distro default applications. The browser is Opera, Mail client is Sylpheed and the media player is Clementine. Personally, I don't like Opera as a browser, I've never used Sylpheed and I really like Clementine so I have mixed opinions on the default apps that the developer has picked. I would have liked to see Chrome/Chromium, Thunderbird & Clementine if it where my choice...but it isn't and these are easily changed anyway.

Look & Feel
As mentioned before, it looks a lot like a Mac with the top panels 'Pear Menu' & Global Menu and the dock down the bottom but added to this, the developer has replaced the Nautilus icon with a 'Finder' icon, again adding to the mac feel. Once you open 'Finder' though, it's just Nautilus.

Possibly the most interesting thing in this distro is the 'Launchpad', again name to replicate Apple. This is the Pear OS equivalent to your Activities Menu, Unity Dash or Start Menu if you're a Windows user. The developer has done a good job of making this look good. It's kind of a mix between the Unity Dash and the GS Activities menu. From here you can launch any application on the OS. It's a really good feature that works well.

Things I Didn't Like
Although I liked a lot of what this distro does, its wasn't 100% there for me. I think if the developer had paid a little more attention to detail then that would have made the difference between a good distro and a great distro.

First of all I noticed that some applications where displaying their menus in French. This is (I assume) because the developer is French. I would have expected that the language setting change during setup. This isn't a big deal as the language settings can be changed to English quite easily but still, it's not the type of thing I should be changing really.

The Window theme on this distro is the Elementary theme, I really like this theme but I feel it could have been more polished. The default font for GS is poor at best in my opinion so I would have liked to have seen a better looking default font on the distro. Again this would just give it that final look of polish, this can also be changed easily but first impressions last.

The final thing I didn't like in this distro was the custom software centre dubbed the 'Pear OS Appstore' (another Apple-ism). My experience of this application was very poor indeed. It regularly crashed and just didn't seem finished. The look and feel of the 'AppStore' was very poor and counter intuitive at time. It only seemed to list the applications that where currently installed and I couldn't seem to find any other sources within the interface. If I where to use this distro I would definitely remove the Pear AppStore and replace it with the Ubuntu Software Centre.

All in all a good distribution but there are somethings that let it down. I also feel that the developer has gone to close to Mac OSX for my liking, if I wanted a Mac then I would get a mac :). Some people may like this but my personal opinion is that a Distro should have an identity of it's own instead of mimicking another Operating System. Definitely worth a look though.