Password Security and Management

An ancient, cast-iron padlock

The Setup

In 2010, several popular web sites were hacked and their password data stolen. If you were part of one of these sites, you may already know about this since emails warning of the break-in were sent out to users. If not, then why worry, right?

Why worry, indeed.

The Problem

The problem is twofold. On the one hand, hackers, over time, have managed to get their hands on what turns out to be a very large list of passwords, that have given them clues how passwords are utilized by all sorts of people from different walks of life. The list is in the millions of passwords, so it’s an incredibly large sample size. This has allowed programmers to write increasingly accurate cracking algorithms by which they can crack weak passwords quickly and effortlessly. A 16-character password, virtually uncrackable five years ago, is now child’s play (almost literally, given the cut-and-paste nature of the practice in a so-called “script kiddie’s” hands).

On the other hand, the computing power necessary to crunch through billions—yes billions, with a B—of password combinations per second is relatively cheap and commonplace.

For example, a password that many people would think secure, for example, Rumbl3H0use, might seem secure, but given today’s password-cracking knowledge, coupled with cheap hardware, this is almost a painlessly easy password to crack.

The Solution

A solution, at least for now, is longer, randomly-generated passwords, at least 23 characters long. Passwords that length require immense amounts of computing power and crackers will forego trying to casually break those in favor of the low-hanging fruit of passwords like the above (or even better, your mother’s or kid’s name followed by a number—so trivial).

Of course, committing a 23-character password to memory is not a reasonable expectation, especially if you use a different password (which you should be doing and crackers know you’re not) for each of the average 25 online accounts most people have.

Enter password management software

The idea behind password management applications is that you need remember only one password, the master password that unlocks the password manager itself. Once it is unlocked your list of passwords becomes available to you. From there it is a simple matter of copying and pasting the passwords into the appropriate fields for the sites you want to access. Some password managers have browser plugins that will fill these fields in for you once you enter your master password. Many of them have mobile counterparts to their desktop apps. Three good ones are 1Password ($49), LastPass (free, $12 a year for the “premium” version), and KeePass (free, open source).

Using a password manager to generate random, minimum 23-character passwords is one of the best defenses for your most valuable online assets (or Facebook) against the increasingly sophisticated password-cracking underground. And while it may give you a sense of security (maybe even security-through-obscurity) to think your data would never be a target, think again. They’re out there and they’re harvesting data all the time. Even if it’s true, for now, that you’re not worth their time, why make it easy for them if you ever do become a target?




SEO Tips – Spam Defense Catpchas Vs. Bots

Catpchas for security

Many blogs use comments to provide a more interactive experience for their users. People can share opinions, criticize disagreements, or even just let you know that they found your article helpful. Sadly, when you allow unrestricted access to your comment feed,  spammers and spam “bots” quickly move in and start taking advantage for their own malicious SEO purposes. Furthermore, if you require every commenter on your blog to sign up, many people will be turned off at the seemingly blatant attempt to “capture” their information for the sake of interaction. So how do you allow easy access to posting comments and prevent the spammers from taking advantage?

Catpchas To The Rescue:

A catpcha is a special field added to a form that prevents automated services from polluting your feeds with filth. The concept is that it requires just a little bit of human thought to answer , preventing automated “bots” from spamming you constantly. We chose to use a simple question in written format that makes sense to any legitimate users, but confuses bots and thwarts spamming attempts by denying them access. There are many different categories of catpchas, some visual, some verbal, and some written.

HumanCaptcha

HumanCaptcha is plugin written by Outerbridge which uses questions that require human logic to answer them and which machines cannot easily answer.  Most captchas are based on the requirement to reproduce a number of randomly-generated characters (which are sometimes blurred, jiggled and/or on a fuzzy background).  HumanCaptcha generates a simple question which the user must answer using logical thought.  HumanCaptcha is much more accessible than standard captchas, which many people find difficult to read or understand.  Visually impaired people are more likely to be able to use HumanCaptcha than a character-based one.

Lock it up!

CAPTCHAs are useful for improving security in a number of situations, for example:

1.    Reducing Comment Spam in Blogs
Most bloggers will have come across programs that submit spam comments, often with the aim of improving the search engine ranking of a website.  By using a CAPTCHA, only humans can enter comments on your blog, and people do not need to sign up before they enter a comment.
2.    Protecting Email Addresses From Scrapers
Spammers crawl the web looking for e-mail addresses rendered in text. CAPTCHAs can hide your e-mail address from web scrapers, by requiring users to solve a CAPTCHA before revealing your e-mail.
3.    Deterring Viruses, Worms and Spam
CAPTCHAs may reduce the likelihood of e-mailed viruses, worms and spam, by only accepting an e-mail if it has been established that there is a human behind the sending computer.




The ONLY I.T.A.R. Compliant Transcription Company

When it comes to a project of a sensitive nature, be it legal, militaristic, classified, or otherwise not intended for unauthorized eyes, who are you going to trust? Now, we are not trying to put down firms who have chosen to enter the transcription industry utilizing offshore labor, in fact we capitalists respect and encourage the process of international competition. However, just ask yourself, when push comes to shove, who are you going to trust with your sensitive media? Unknown, untested, and uncertified offshore options, or the only transcription company in the world (Word Wizards) that fits the qualifications for the U.S. State Department’s stamp of approval.

U.S. State Department - DDTC Logo

Compliance with I.T.A.R. (International Traffic in Arms Regulations) does not come easy. This certification, issued by the U.S. State Department, is generally intended for organizations involved with international arms and military applications. When filing for this certification, we laughed as we checked the “other” category to describe our services, other is located somewhere between nuclear warhead production and experimental particle beam weapon research.

Trust But Verify

What transcription compamny do you trust?

Why would a transcription company choose to get I.T.A.R. compliance? In a global economy, our organization now faces extreme pressure from international competition. One of the stipulations of I.T.A.R. compliance is a strict “on shore” policy for work performed due to the often sensitive military nature of the content of these projects. Well, it appears that our modest U.S.A based transcription company is one of the last of its kind. Yes,  our short term profits may have suffered slightly when the economy tanked and clients explored cheaper, lower quality, offshore transcription options. However, our commitment to providing premium quality transcription services and maintaining a workforce of well paying American jobs has paid off once again.

Why are there no other I.T.A.R. compliant transcription companies, simply because nobody else in the world qualifies.