Wednesday, August 29, 2012

(11) Week 4: Digital security

This week we will be thinking about and improving our security online.

Digital security breaches

Recently, there have been significant security breaches such as this story published in Wired magazine of how a technology reporter had his digital identity stolen, and leaking of 6.5million LinkedIn passwords.

Step 1: Test if your LinkedIn password was leaked here.
Mine was - see below.

As our information on increasingly being stored on the cloud, Digital Security is becoming a vital 21st Century skill. Moving to the cloud means
(1) we need to use many passwords on multiple devices
(2) our data is online and easier for hackers to access

Remembering long strings of random numbers, letters and symbols is not something most humans naturally do well. In my work I observe many people set up accounts, and everyone becomes frustrated and stressed at the point of creating or recalling passwords.

So, given everyone is struggling with password management, perhaps we need a better approach?

Auditing your current level of digital security:
Step 1: Let's audit our current password management practices.

Q. Do you have any real or pronouncable words as passwords?
Q. Does your password consist of information that someone could find out about you? (I once guessed a friend's password first go - it was the name of his car - he was besotted with it!)
Q. Do you have the same password for more than one account?
Q. Do you write down passwords or record them digitally?
Q. Do you give others your password?

Just one YES means that your security is not a strong as it could be. (Sorry to be scaring you.  It's a necessary phase to build the case for change :-) I wont do it again I promise. Just this week! )

Now let's check the security of the passwords you use.

Step 2: Audit your passwords
Use this password checker How Secure Is My Password? to find out how long a computer would take to crack your password. Check a few of your passwords. (And remember that hackers have a bank of computers working for them, not just one.)

(A note to the (perhaps justifiably) paranoid among you, I am pretty sure this is not a fraudulent site collecting your passwords :-)

Step 3: Audit your own PC
See where your unencrypted passwords are cached. In Firefox, go to
Tools  - Options - Security - Saved passwords - Show passwords.
Your passwords are displayed.
 (Your passwords are stored here when you click "Save password for next time".)

So what can you do?

Solution 1: Choose and store your passwords more securely.
Choose secure passwords that are unique to each account and don't write them down.

Step 4:  Watch this brief video about good password management.

However, it is still almost impossible to remember a whole set of unique and secure passwords. So you will either need to store them securely with some kind of disguise / encryption, or upgrade to Solution 2....

Solution 2: Use a secure password manager such as LastPass.

Cost: This option takes about an hour to set up and some time to become fluent using LastPass.
Benefits: It saves a great deal of time and eliminates Password Stress. You never have to remember or enter passwords or fill in forms.  It is far more secure - passwords are iteratively encrypted thousands of times.)

It should be clear by now that most of our current password practices are not secure. However you may be having doubts that it is safe to store your passwords in one program such as a password manager. How secure is LastPass?

Read this article explaining the security offered by LastPass.  
Read this review of LastPass.

If you wish to learn how to use LastPass, continue... otherwise, you are welcome to claim your badge for this week and finish here with your new awareness and enhanced practice.

Step 5:  Download and install LastPass here

Step 6: Start using LastPass, with help from me or other LastPass users, or by referring to the instructions
- in short videos here
- or in this 13 min video 

You will need to:
- Install LastPass on your computer and onto the toolbar of each of your browsers
- Save the username and password for each new account you set up (LastPass will offer to save them for you). You may wish to select "Automatically log on" so you get straight in to the site.
- Allow LastPass to enter for you your username and password at protected sites you visit

Note: Remember to choose a very very strong password to be your LastPass password using secure methods we have looked at in this module, such as the first letter of each word of a phrase you will remember with a number and capital as well.



Congratulations, you have earned your
Week 4 badge: Digital Security! 


 Optional - Level up!

(1) Use LastPass on your mobile devices.

Purchase LastPass premium at $1 per month to download LastPass for your phone or tablet.
Here is a comparison of the free version of LastPass with the Premium version.
(Apologies for the cost. I have reviewed other Password Managers and none are as easy to use as LastPass.)
(2) Install free LastPass wallet (iPhone) to store Password information, credit card details etc.
Here are Android user instructions for the mobile version of LastPass.

(3) Advanced users may wish to explore two factor authentication to protect your passwords.

Susie's availability

I am on leave from Sept 3 - 7, but please book in to see me this Friday 31st September, or in the week of Sept 10th  for assistance with LastPass or any other issue. And in the meantime, draw on your Personal Learning Network - there are others around who may be able to assist!



  1. For those concerned about their passwords being on display in Firefox if another user should access their browser during the same login, you can set a master password which needs to be entered to access the passwords itself. Go to Options > Security and tick the 'Use a master password' box.

  2. hmm, scary stuff. My old password took a computer 3 days to hack, new flash one now takes them 5 years! Figure that is ok at I may get around to changing it before 5 years is up. Lastpass is a good program but not without its challenges - if you are giving it a try, set aside some proper time to figure it out and don't try and rush it too much like I did (thanks for the rescue Susie).

  3. Since I started using a password manager, I have not looked back! I strongly recommend KeePass because you can choose to have up to three stages of authentication in order to access your password database. KeePass also includes a password generator, which can be set to produce a password that meets specific criteria. Useful if you need to meet unusual criteria such as the presence/absence of special characters, a certain number of digits, and so on.

    I happen to be a big fan of KeePass because it also plays well with my other apps. I keep my KeePass databases in Dropbox, so I can access it anywhere, and I use KeePassDroid on my Android smartphone, for those times when I need to access passwords but don't have access to a computer.

  4. Strangely enough, my LinkedIn password was NOT leaked, though I wonder whether it's because I've only logged into LinkedIn...twice? First time when I registered as part of Week 1's activity, second time to check updates and statuses!

    I am guilty of reusing passwords and I have slightly different variations of the same password; one will take a desktop PC 11 minutes to crack, the other 15 hours.

    I've noticed that the longer the password (in terms of number of characters), the harder it is to crack. So what exactly does this mean for our Deakin passwords, which have a forced character limit of 8, no more no less? Surely if we have more characters, theoretically, it would be harder to crack?

    1. Also depends on the kinds of characters in the password string. Because Deakin ITSD requires that we include a range of characters (including special characters like !@$), that makes them harder to crack :) But yes, a longer string would typically take longer to crack!