Top
About This Blog

This blog is a place to read more about Mitto, our free online password manager, and how to more effectively use our service.  We highlight many of our benefits, and we also discuss topics related to password management. It is usually updated weekly.

Follow Us Elsewhere
Syndication
Search
Categories

Entries in Security (13)

Thursday
Oct072010

Mitto Endorses Security Awareness Month Through Strong Password Encryption

DateThursday, October 7, 2010 at 7:50AM

October is National Cyber Security Awareness Month (NCSAM) and Mitto is proud to work with the National Cyber Security Alliance to endorse and educate our users on the shared responsibility of cyber security. Most directly, we continue to educate our users about password security, and offer them tools such as two-factor authentication (through their cell phones) to help add extra layers of protection to their sensitive information.

“National Cyber Security Awareness Month (NCSAM), conducted every October since 2001, is a national public awareness campaign to encourage everyone to protect their computers and our nation’s critical cyber infrastructure.” - National Cyber Security Alliance

At Mitto, we build many layers security into our service, but we also recognize that educating people about security is important for everyone. The more you know about cyber security and how to protect yourself, the better off everyone is. As such, we offer security tips through our blog posts and Twitter messages. We want you to use Mitto because it’s a safe and secure way to remember your passwords, but we also want you to know why password security is important, and what behaviors are security risks.


Cyber Security is a 365 day a year priority at Mitto, and it should be for you too. If you haven’t yet changed some of your bad password habits, we challenge you to take the first steps this month. You can find some additional security tips at http://staysafeonline.org. Let us know what steps you take to do your part by leaving a comment below.

 



AuthorMitto Staff | Comments Off |
in ,
Monday
Jun212010

Using different passwords for all of your websites: a medical analogy

DateMonday, June 21, 2010 at 11:39AM

Recently, while watching an episode of the medical TV series Grey’s Anatomy with some friends, one of my friends asked me why it was so important to use different passwords for every website. Since the friend was in the medical profession, and we were watching a show about surgeons, I thought, let’s make an attempt at a medical analogy. The conversation went something like this:

Me:
Would you want a surgeon to use the same exact bandages from one patient to another? I mean the same exact piece of cloth.

Friend:
Probably not

Me::
Why not?

Friend:
Well because they might be dirty or infected?

Me:
Why is that a bad thing?

Friend:
One patient could get another patient sick?

Me::
What if the doctor is really careful? Say they check to make sure there is no disease on the bandages?

Friend:
It still seems like a better idea to use new, different bandages on every patient.

Me:
Well, it’s the same with passwords and websites. Think of your passwords as the bandages, and your websites as the patients. When you use the same passwords [bandages] on all your websites [patients], if one website [patient] is compromised [sick], then all the other websites [patients] are at risk as well because you are using the same password [bandage].  Let’s extend this a bit. When someone in the hospital gets a highly contagious sickness, what do you do?

Friend:
We isolate them and take extra precautions so that the sickness doesn’t spread to anyone else.

Me:
So you are isolating the patient so that they can’t get other patients sick, correct?

Friend:
Yes.

Me:
Well, when you use different passwords, that’s what you are doing as well, isolating potential problems.  You see, whether someone gets your password from looking over your shoulder while you type, or they get your password because they steal it from a site that doesn’t protect your information, the outcome to you is the same. If you use the same password on all of your sites, someone who has access to the password for one site, has access to all of your sites. This is why you should use different passwords for each of your sites.

Friend:
Ok, that makes sense. But then how is putting all my passwords in one place, like in Mitto, safer?

Me:
That’s a great question. So when surgeons prepare for surgery, what do they do to protect a patient from getting an infection?

Friend:
They scrub in.

Me:
So they wash their hands. What else?

Friend:
They wear gloves, protective masks, and head coverings.

Me:
And?

Friend:
They use sterile equipment, they prep the area on the patient where the surgery will happen.

Me:
And.

Friend:
They work in a sterile operating room. You know, a number of other things.

Me:
So they do a number of things?

Friend:
Yes.

Me:
Why not just wash their hands?

Friend:
That’s not necessarily enough.

Me:
Exactly. They go through a number of steps to protect the patient, and the same is true with Mitto. To access a Mitto account, a person always needs to go through at least two layers of protection. If someone gets your Mitto password, that’s not enough for them to access your account. They’re going to need to also have enter a unique code which is sent to your cell phone, answer additional security questions, or have access to your remembered private computer. There are several security steps taken to protect your information.

Friend:
OK. That does make it more difficult to gain access to my Mitto account. But if someone got my password, and also got a hold of my cell phone, they could get into my account, right? I mean, the extra steps are still potentially beatable?

Me:
Yes. But let me ask you this? If given the choice to have an operation in an operating room where multiple protections were in place or in just a room that was just cleaned, which would you chose?

Friend:
The operating room.

Me:
As would I, since they take a number of steps to protect me as a patient from getting an infection. As far as it goes in the online world, there is no one thing alone that provides sufficient security for your passwords, and so the best way to protect them is securing them with many layers of protection. That’s what Mitto does for you and your passwords.

Friend:
OK, so I can see now why it makes sense to use different passwords. Before Mitto, there is no way I would have been able to do that AND remember them all.

Me:
Great! Just make sure that you never use your Mitto password for anything else.
AuthorMitto Staff | Comments Off |
in ,
Monday
Apr192010

Frequent password changes are useless, but never being able to change your password is also lame.

DateMonday, April 19, 2010 at 11:54AM

Most people hate changing their passwords, especially when they are forced to do so. In fact, a recent study by Microsoft showed that frequent password changes are proving to be useless. Results suggest that that not only is it a waste of time for administrators to implement password changes to every user in their databases, but also that it is useless for users to spend the time changing passwords. The study has provided significant information that it really doesn’t make sense to make password changes because if someone has stolen your password, they will most likely use it immediately. We’ll also go ahead and argue that forcing people to change passwords makes them do silly things like write them down because they can’t remember them. By now, we should all know that writing passwords down is a bad idea.

Let’s jump for a moment to the other end of the spectrum: sites that never let you change your password. Once such site, fring, recently admitted to the fact that you can’t change your password on their site. According to their site, fring is a mobile internet service & community that enables users to talk, chat & interact with other fringsters and their online communities, from their mobile phones. In a recent interview, the company said:

“…you cannot change your password on fring, once registered. The way around it is to ask us to delete your account and have you re-create it with a new one”

This is, as you can imagine, unacceptable for most web users, especially considering fring actually stores all of your messaging passwords (Skype, MSN, Google Talk, AIM, ICQ, SIP, Facebook, and Twitter to name a few).

Using Mitto Can Help

By using Mitto as your password manager of choice, you can combat both of these scenarios:

  • When you are required to change your passwords, you can store them in Mitto so that you don’t forget, and so they’re not lying around on your desk on a sticky note.
  • You can make unchangeable passwords strong and unique.  It’s always a good idea to use different, strong passwords for every site, and Mitto can help you generate strong passwords that you’ll never need to remember (because we do!). For sites like fring where you can’t change your password, create a strong unique password which is different from all of your other passwords. By never using that password for any of your other sites, you greatly reduce the chances of having your online identities compromised.

Let us know what you think about sites that force you to change your passwords, or about sites that won’t let you change your passwords by commenting below.


AuthorMitto Staff | Comments Off | Reference1 Reference |
in ,
Monday
Jan182010

Phishing Scams: Avoid the Bait & Never Give Out Your Passwords

DateMonday, January 18, 2010 at 11:37AM

Phishing schemes are looking to lure you with bogus emails and pop-ups that seem safe. Will you take the bait or live to swim another day? Check out this game from OnGaurdOnline.gov and see what your score is!

Don’t forget to read our article about how Mitto Protects Users Against Phishing and Identity Theft. For those of you who haven’t read it, now may be a good time to check it out to see how using Mitto can make going online safer.

AuthorMitto Staff | Comments Off |
in
Friday
Dec182009

Why the latest Twitter hijacking means it’s time to change your password

DateFriday, December 18, 2009 at 5:46PM

On Dec. 17th the Twitter website was once again compromised, this time by a group identifying themselves as the “Iranian Cyber Army.” The hijacking appears to have been a result of compromised DNS records (according to the Twitter blog), which made it so that when users tried to access Twitter.com, they were redirected to a webpage on the hackers’ servers that looked similar to the picture below. 



We suggest that all Twitter users change there passwords because although a DNS attack doesn’t mean that the hackers had access to the Twitter database, the hackers could have set up a fake login page and collected usernames and passwords. To be safe, it’s probably a good idea to change your password.

As always, we recommend that you use a unique, strong password for each of your websites. If your Twitter password was different from your other passwords (which it should be), a hacker who might have obtained that password would be isolated to accessing your Twitter account, and not any others. Changing your Twitter password now will help protect against someone gaining unauthorized access to your Twitter account.

Of course, if you are using Mitto, remembering your new password is no problem because you can easily use our Bookmarklet (shown in our video below) to log yourself in.

To see installation videos for Internet Explorer, visit our Video support page.

 

AuthorMitto Staff | Comments Off |
in
Page 1 2 3 Next 5 Entries »