Categories
Security Software

Quicken Security Theater

Quicken Password Confirmation

I don’t understand this one. The reason many (most) sites require you to confirm your password is to ensure you typed it correctly when creating your password, otherwise a typo would prevent you from logging back in correctly later. We’ve all “fat fingered” a password before. That simple confirmation step prevents it on creation. How does entering my password twice when logging in provide any additional security? If the password is compromised, the extra field does nothing.

I presume the reason is to make Quicken look/feel more secure than it really is.

I should note that I like Quicken. I like it enough that even though the native Mac version is so disappointing on paper that I never purchased it, I did I purchased the Windows version and continue to use it there. I think that demonstrates my not hating Quicken. It does however have its quirks that just make me wonder what they were thinking.

Categories
Security

How To Clone ePassports

How to clone ePassports (the ones that use RFID).

Yet another piece of evidence that shows the technology is not ready for prime time. I’ve mentioned several times before what a failure RFID deployments in high security situations has been. This is just another example.

[Via Bruce Schneier]

Categories
Firefox Tips Mozilla

Firefox Tip: Master Password

Love the password manager? Previously I provided a tip for haters. Here’s one for the lovers. Use a master password, this allows you to use one password to provide security, but without needing to remember all those others you have. To set one go into the
“Tools” menu and select “Options” and click on the “Security” tab. Now check where it says “Use a master password”. You’ll be prompted to create one. It will even show you how good your password is.

If you need help generating a good secure password, check out SafePasswd.com.

Categories
Around The Web SafePasswd.com

20,000 Passwords Analyzed

An interesting perspective on 20,000 Passwords. As noted in the comments, the data collection skews the results a bit, since most people who fall for phishing scams aren’t knowledgeable enough to know a good password form a bad password.

But it’s possible to generate a safe password with ease even if your not a technically inclined ;-).

Categories
Mozilla

Most anoying bug almost done

Password Manager forgets password when checking mail might be the most annoying bug in the entire world.

Thankfully David Bienvenu seems to have found a fix.

Hopefully 1.5 isn’t ready yet, so we can test this on 1.6, and perhaps get it in for 1.5? What do you say Asa? Any chance?