Safe and Secure Online Password Manager - Mitto Blog: Never forget your passwords again.

Entries in General (32)

Wednesday

Feb042009

4 Common and Dangerous Password Habits

Wednesday, February 4, 2009 at 3:23AM

Dangerous Habit #1: Keeping passwords in Emails

When you’re trying to find a password management solution, you want to make sure that you can find your passwords when you need them. A lot of people turn to keeping their password in their email by sending themselves a message with their username and password. This method is totally insecure! Here’s why:

If you are accessing your email from a non-SSL connection, people could be spying on your information. Once they gain access to your email account, they’ll have access to all your passwords.
Some online email services mine your email in order to target advertisements. This mining process can include your login information.
The text of your emails is usually kept in a plain-text database. This means that if your email providers database is compromised, so are your passwords.

Dangerous Habit #2: Keeping passwords written down

Imagine that you want to save the password to your online banking account, so you decide to write it down on a pad of paper on your desk. If you have $5,000 in your bank account, you’ve just turned that pad into a $5,000 pad of paper! Where would you keep that? If this is a practice you’ve adopted, the only place you can keep your various written passwords is a fire-proof vault!

Your passwords have value, and when you keep them hanging around your house, you’ve compromised the things which they protect. Most identity theft doesn’t happen through the internet, but is committed by people who dive through trash looking for scraps of paper with sensitive information on them.

Dangerous Habit #3: Using easy passwords

Be honest, I know you’ve done this at least once. You’re exhausted of passwords, passwords, passwords. So, you decide that you’ll be a little lazy and use a super easy password. It’s your birthday, your name, your mom’s name, your dog’s name, and so on.

This is password management 101. Weak passwords, such as the ones just mentioned, can easily be cracked by ahhem… people of mal intent! The #1 way you can protect your online resources, is to create strong passwords!

Dangerous Habit #4: Using the same password

Imagine you had one key. That key would open the front door of your house, start your car, allow you take money from the ATM, and open your filing cabinets at work. How awful would you feel if that key was lost or stolen? It’s easy to fall into the practice of having one strong password that you use for all of your online accounts, but dangerous. Not all websites are equally secure. Perhaps its unlikely that someone can steal your password from your online bank account, but is that forum you participate in as secure as your bank? If someone compromises that forum, and your password for that forum and your bank account are they same, does it make a difference.

Difficult though it can be, you’ve got try and create strong and unique passwords, especially for your more valuable online resources. By using the Mitto service, you can avoid all of these mistakes.

Mitto Staff |

How Mitto Protects Users Against Phishing and Identity Theft

Tuesday, February 3, 2009 at 3:18AM

Phishing and Identity Theft (which we’ll define here as the illegal and malicious use of another individual’s identity) are growing problems for online users. Mitto helps to protect you against both.

Phishing

Phishing is a problem when you click on a link, most often through your email, to go to a website that asks you to provide personal information. Although you think you are at the site you intended to go through, the site is actually a fraudulent site made to look like the one you intended to go to. To combat phishing, we always encourage Internet users to do two things:

Don’t click links in your email. Always type in the full URL of the website that you intend to go to. So whenever you log into Mitto, you should always type the full URL yourself, https://app.mitto.com. On your own computer, you can make this a bookmark for convenience.
Verify your URL. Before you login or provide any other personal information, always make sure that the address bar in your browser indicates that you are at the site you intended to go to.

Protection #1: Restricted Links Via Email

As a company, Mitto has a strict policy that states that we will never send a user an email that contains a URL to a page that asks them for personal information. Any emails from Mitto will provide URLS to informational pages only.

Protection #2: By using autologins instead of following links, you can avoid becoming a victim of phishing

When you use Mitto to log in to your other password protected sites, you know you are being directed to the sites you want to log in to. Never follow links in email that take you to pages that ask for sensitive data or login information. Whenever you need to log in to any of your password protected sites, use Mitto for added protection against Phishing.

Protection #3 Email Security Phrase

When you create a new Mitto account, you set up an email security phrase. This can be anything you want, but should not be a password hint. When Miitto sends automated system emails to you, this security phrase will be included in the body of the email. If the email does not contain this phrase, you should disregard the email as a phishing attempt. The email security phrase can be changed by you at any time through your account settings, and is an important tool used to help you to avoid phishing and fraud.

Identity Theft

As Identity Theft becomes more of a problem, online users should be taking proactive steps to prevent this kind of fraud and using measures to help early detection of unauthorized use of your online credentials. Mitto helps to be proactive in both of these areas.

Protection #1: Mitto Encourages Different Strong Passwords

You’ve probably heard that having different passwords for different sites is recommended. Using the same password for all or most of your online logins is a bad password habit. Firstly, if someone gains access to that password, now all of a sudden they can potentially access all other accounts with that password. These days not all sites encrypt your password like Mitto does, and quite often they store them in clear text. If you’ve ever had your password emailed to you when you sign up for a new service, it probably means they are not encrypting your passwords, and anyone who as access to their system can see your password. In this scenario, if you used the same password for everything, your other online credentials are at risk. To read more about why using the same password is a bad idea, see our article about 4 Common and Dangerous Password Habits.

By encouraging the use of different passwords for different sites (and providing you a manageable way to keep track of them), Mitto helps you to isolate security breaches of one site from affecting your others. We even provide a password generator and strength meter to help you select strong passwords for all of your sites. By using different passwords, if one of your services is compromised, your others are still safe.

Protection #2: Early Detection

Part of the problem with Identity Theft is that you don’t know about it until significant damage has been caused. With our Last Login Feature and Login History, you can check to see if there may have been any irregular login activity with your account. The history will attempt to show you where and when you logged in from last (time, date, IP address, and country/metropolitan area), what browser you were using, and what operating system that computer was using. By viewing your history, you are alerted to potential unauthorized access so that you can take necessary corrective action.

Mitto Staff |