Tag Archives: web security

Chroma-Hash

Posted on by

Check this puppy out:
Chroma-Hash Demo — just type in a username and two passwords… you’re not actually registering, it’s just to show behavior. Note the lack of a submit button.

Now, personally, I could care less about hiding a user’s password when they log into a site. I think it’s a waste. I’ve taken too many calls from people who swear they’re entering their passwords correctly when they either a) set them up incorrectly in the first place or b) screwed it up and don’t realize it. Masking passwords in the privacy of my own home or on my own secure computer in my office or whatever is a deterrent to registering and logging on. It’s not quite the waste of a two-factor password system set up as a series of questions, (I’m looking at you, every-goddamned-bank-in-the-country) but these are my personal biases. And if you’re in a situation where you are forced to access secure/personal accounts in an insecure environment (like, I’ll acknowledge, banking) they might not be quite the waste that they are on, say, a badly-drawn sporadically-updated comic/blog site.

All that being said, I doubt we’re going to get rid of the *****ing passwords (heh, literally) any time soon.

So Chroma-Hash struck me as an awesome way to give users a visual representation that their password is typed correctly or incorrectly.

Then it struck me that one of my favorite passwords is really ugly when hashed… and my immediate reflex was to change it to something prettier.

Thinking of registration, I’ve been to plenty of sites that have that little bar next to them that show how secure your password is. If this color doohicky could be tweaked to show more-secure passwords in colors that combine into generally-more-pleasing sets, it could also encourage the use of secure password combinations. And I don’t see any downside to that.

But, what if?

Posted on by

Ah, security questions. I loathe them, because every time I see them I think of scenarios where they don’t work. (Too many years in tech support I guess. Milo could relate, and probably will at some point.) I’ve brought it up in multiple settings, but the usual excuse is that there’s got to be a question or three in the set of eighty kajillion that works for everyone if they just try hard enough. Sigh.

A recent UIE Brain Sparks sums it up nicely. Bonus is comment #10, with the security questions we’d like to see.

Microsoft: Big Security Hole in All IE Versions

Posted on by

It’s the end of the year, and you probably have a day or two off coming to you. If your family and friends haven’t already booked you solid (not that there’s anything wrong with that), you might want to consider doing yourself a few favors to make sure that next year is a good year:

1. Back up your stuff. I’ve said it again and again, because I’ve been burned myself — have a backup of your most critical stuff, or two backups, preferably with one of them off-site. Hoping and praying with not save your hard drive.

2. Make sure you’re running up-to-date virus protection. It won’t save you in all cases (like this
Big Security Hole in All IE Versions, which most virus apps aren’t even picking up) but it’ll definitely help. If you are using Internet Explorer, consider downloading Firefox or Safari and giving them a whirl instead.

3. Triple-check your statements for credit cards, banks, etc. to make sure that only the stuff you bought for Christmas is on there. Any problems or threats you’re experiencing are easier to fix the sooner you find them. If you’re checking them online, also make sure your chosen companies have accurate email addresses, phone numbers, and mailing addresses so that if something odd does happen, they can actually reach you.

OK, soapbox trip over — for now ;)