Posts Tagged ‘passwords’

Techie Tip of the Week: Use 2-Step Authentication for Extra Security

Friday, January 4th, 2013

Hackers, identity thieves, and other nefarious folk are constantly trying to gain access to your information. Although having a good password is a great idea and is important to protecting your information, using 2-step authentication really makes it quite difficult for others to obtain your data.

Two-step authentication (also known as 2-step verification or 2-factor authentication) uses two types of authentication to verify your identity: your password and an authentication code. In order for a thief to steal your data, they would need to know not only your password, but also have access to the the code (which can be set to change every 30-60 seconds).

Google has been allowing people to use two-step verification for a while now. And now, it’s available at Stanford.
Two-step authentication is required to access Stanford systems that have higher than normal levels of security, such as critical business or infrastructure systems. In addition, two-step authentication can help protect your Stanford account should someone other than you learn your password.

To learn more about two-step authentication, go to https://itservices.stanford.edu/service/webauth/twostep

To enable two-step authentication:

  1. Go to http://accounts.stanford.edu
  2. Click Manage.
  3. Click Two-Step Auth.
  4. Click Enable and follow the on-screen instructions.

Then, to use two-step authentication:

  1. Visit the protected site.
  2. At the SUNet ID login screen, enter your SUNet ID and password, as always.
  3. If you are using Google Authenticator, launch it and enter the Google Authenticator code.
    If you are using Text Messaging, enter the code that comes with the text message.
    If you are using the Printed List method, enter one of the codes (each code can be used once).

Techie Tip of the Week: Yahoo! Usernames and Passwords Exposed – What to do

Friday, July 13th, 2012

You may have heard that hackers recently exposed thousands of credentials for users of Yahoo! Voice.

What can you do to ensure you’re not one of them? Sucuri Malware Labs has set up a web site that checks to see if your account was one of those that were hacked:

  1.  Go to the Sucuri Malware Labs Yahoo Leak Password Checker website:
    http://labs.sucuri.net/?yahooleak
  2. In the Your email field, enter your email address (note that you can sign into Yahoo! Voice using other email addresses, so you may want to check all of your email addresses, not just your Yahoo! account).
  3. Click Check email.

Hopefully your account wasn’t one of the nearly half million accounts that were leaked. But if it is, what should you do? As Sucuri notes in their blog posting “What Should I Do If My Email is in the Yahoo Leak”:

  1. Immediately change your Yahoo password.
  2. Change the password of any account that was using the Yahoo password.
  3. If you use Yahoo! Voice, you should change your password even if your account isn’t on the list of compromised accounts. When security has been breached on a secured site like Yahoo!, you should assume that all of the data are compromised, not just those that have been shown to be exposed.
For an analysis of the leak, including an analysis of the passwords people had been using, visit Sucuri’s analysis:
http://blog.sucuri.net/2012/07/analysis-of-yahoo-voice-password-leak-453441-passwords-exposed.html

Techie Tip of the Week: Password Protect Adobe Acrobat (PDF) Documents

Friday, November 4th, 2011

Did you know that you can restrict access to or prevent unauthorized users from modifying a PDF file using passwords?

To add password security to a PDF file:

  1. On the Advanced menu, point to Security, and then click Password Encrypt.screenshot of advanced>security
  2. Confirm that you wish to change security settings by clicking Yes.
  3. Enter the security settings, and then click OK.
    screenshot of confirm security settings

  4. Confirm your password and then click OK.
  5. To finalize the security settings, save the PDF.

Techie Tip of the Week: Pick a Good Password

Friday, March 11th, 2011

Setting a good password is critical to ensuring computer security.

Here are some tips for creating a good password:

  1. Longer is better — at least 9 characters.
  2. Remove all the vowels from a short phrase (e.g., llctsrgry — “All cats are gray”)
  3. Use an acronym: choose the first or second letter of your favorite quotation (e.g, itsotfitd — “It’s the size of the fight in the dog”)
  4. Mix letters and non-letters in your passwords. (Non-letters include numbers and all punctuation characters on the keyboard.)
  5. Transform a phrase by using numbers or punctuation (e.g., UR1drful — you are wonderful).
  6. Consider using a phrase instead of a word. Pass phrases are sentences or parts of a sentence, and, as such, tend to be easier to remember than passwords. When picking a pass phrase, try to have the phrase be at least 15 characters in length. The reason pass phrases work (and, in fact, are better than passwords) is that the increased length provides so many possible permutations that password-cracking programs have greater difficulty in cracking the code.
    • Decent password: tgT!b8tu  (stands for the good, the bad, and the ugly, with some alternating uppercase and lowercase letters and substituting numerals and punctuation for letters or spaces)
    • Better pass phrase: The good, the bad, and the ugly is my number 1 favorite movie of all time because of the acting, the themes involved, and the plot.
    • Even better pass phrase (substituting ‘zero’ for ‘o’): The G00d, the Bad, & the Ugly is my #1 fav0rite m0vie 0f all time because 0f the acting, the themes inv0lved, and the pl0t.

More tips like these can be found at https://itservices.stanford.edu/service/unixcomputing/unix/passwords