How Strong Is Your Password?


See on Scoop.itGabriel Catalano human being | #INperfeccion® a way to find new insight & perspectives

 

 

October is National Cyber Security Awareness Month (NCSAM 2012)

So what can you do? The idea of NCSAM is to help get the word out and to protect yourself.

It more important than ever to safely manage your passwords. Password theft has increased by 300% so far in 2012, and that trend will continue to grow. So how can you manage those passwords safely?

With social media, email, shopping, banking and dating, a lot of your life is online and on your phone. Each one of these applications uses a password to protect your sensitive data, but how do you keep them all straight?

Here are some tips from DHS.gov to share with friends, family and your social networks: Leer más “How Strong Is Your Password?”

Anuncios

How to Improve Workflow in a Multi-Author WordPress Blog | @ProBlogger


 

@ProBlogger

This guest post is by Syed Balkhi of WPBeginner.

Running a multi-author blog can become a hassle, especially if you do not have a dedicated content manager for your site.Having run several multi-author blogs myself, I understand the issues you face and decisions you have to make.

If you’re running a multi-author blog, you may have asked yourself questions like, should I give the writer access to my WordPress dashboard? Is it secure? How do I monitor their activities to see they aren’t messing up my website? How do I improve my workflow?

In this article, I will share my personal experience in managing a collaborative WordPress site safely and effectively.

The “t” in “team” is also for “trust”

If you want to improve your workflow, then you will have to give your writers access to your WordPress dashboard. Otherwise, you will find yourself copying and pasting a lot of elements from a Word Document into your WordPress dashboard, attaching images, adding styling elements, and so on.

Fortunately, WordPress comes with numerous user roles with various permission levels.

user capability

If you look at the charts above, the two permission levels that make the most sense for multi-author blogs are Contributor and Author.

The biggest issue with Contributors is that they can’t attach images because they do not have the ability to upload files. Since you want your authors to have the ability to upload and attach images to their articles, you will want to give them Author-level permissions.

The big issue with that is that it gives them the ability to publish posts, delete posts, edit published posts, and so on. While I trust all of my authors, I don’t want things to go live without going through an editorial review. So I don’t want them to have this capability.

The good thing about WordPress is that there is a plugin for just about everything. You can use a popular plugin called Members to modify the capabilities of the Author role. Once you install the plugin, go to Users > Roles and modify the Author role. Your final permissions settings should look something like this:

The roles editor

As you notice, the only abilities we’ve given Authors here are editing posts, reading posts, and uploading files.

Security and monitoring Leer más “How to Improve Workflow in a Multi-Author WordPress Blog | @ProBlogger”

How to Harness the Power of LinkedIn – INFOGRAPHIC | Written by Jeff Bullas


Written by Jeff Bullas | http://jeffbullas.visibli.com

A presentation on the topic of how to cook a chocolate tart is  going to “bomb”at a cheese maker’s  convention.

How to Harness the Power of LinkedIn – INFOGRAPHIC

It will be the wrong audience for an interesting topic, but the cheesemakers didn’t pay $1,200 for a conference ticket to hear information about “Tarts”!

A paying participant at a car dealer expo will want to hear about horsepower and handbrakes and will either leave the hall or fall asleep if the speakers start talking about knitting and slipper making.

The art of successful communicating and engagement  involves selecting the right audience and providing them with information and content that resonates with their needs and wants.

Not all Social Networks are Equal.

When it comes down to sheer popularity Facebook is the social network that wins.

Facebook is also about “Identity” whether that is a personal profile or a “business brand” persona.

Twitter is about “Events” which could be the next plane crashing into the Hudson river or letting your audience know that your latest blog post is published…that is an event!

Google plus is “Core”  and is woven into the science of search as Google embeds it into every one of its web properties from Picasa to YouTube.

It cannot and should not be ignored by marketers as  social signals are now being measured and monitored by Google machines and is being woven into the DNA of search. Optimizing your online assets (blog and website)  for search engines is vital.

Different social networks will be need to be included in your social media marketing strategy depending on your goals, audience and tactics.

LinkedIn User Portrait

Linkedin Infographic

Don’t Ignore LinkedIn Leer más “How to Harness the Power of LinkedIn – INFOGRAPHIC | Written by Jeff Bullas”

5 Ways Windows 8 Is Better Than iOS and Android

Semantic zoom is useful for navigating through the Start Screen, or in apps with a lot of different sections. Photo: Ariel Zambelich/Wired

When Microsoft revealed the “consumer preview” of Windows 8 on Wednesday, it didn’t just give the world a glimpse at a new OS — it also showed us that it can be a leader in touch-based user interface design. Yes, Microsoft’s new tablet UI isn’t merely utilitarian. It’s actually innovative, and even cool.

And in some ways it trumps the best that Apple and Google currently have to offer in iOS and Android, respectively.

Here are five of our favorite new Windows 8 features.You can choose both the photo and its related gestures for your picture password. The more that’s going on in a photo, the harder your password will be to crack. Image: Christina Bonnington/Wired

We’ve known about Microsoft’s picture password feature in Windows 8 since its developer preview was unleashed in mid-September. But now that we’ve had a chance to give it a spin, we can definitely say it’s a fun, convenient alternative to other system unlocking methods. In a nutshell, you choose a photo for your lock screen, and then define three touch gestures to draw on top of the photo in order to unlock your device.

When Microsoft first detailed picture password, some were skeptical: Won’t evil hackers be able to figure out your gesture-based password based on the smudges you leave on the display? In a blog post,Microsoft said no: “Because the order of gestures, their direction and location all matter, it makes the prospect of guessing the correct gesture set based on smudging very difficult even in the completely clean screen case, let alone on a screen that sees regular touch use.”

In that same blog post, Microsoft provided a detailed mathematical explanation of why a picture-based password is every bit as secure, if not more so, than a PIN-based one. And independent security experts agree that the likelihood of someone being able to decipher the intent of smudges on your device is slim to none.

Of course, character-based passwords and number-based PINs are an old standby. Apple uses four-number passcodes in iOS. They’re quite secure, but not particularly innovative. Google is more creative with its unlock security, offering a facial recognition-based unlocking feature in its Android 4 Ice Cream Sandwich OS. This, however, has proven not to be so secure. In fact, it can be defeated if you hold up a picture of the Android device owner at the right distance from the display.


Semantic zoom is useful for navigating through the Start Screen, or in apps with a lot of different sections. Photo: Ariel Zambelich/Wired

When Microsoft revealed the “consumer preview” of Windows 8 on Wednesday, it didn’t just give the world a glimpse at a new OS — it also showed us that it can be a leader in touch-based user interface design. Yes, Microsoft’s new tablet UI isn’t merely utilitarian. It’s actually innovative, and even cool.

And in some ways it trumps the best that Apple and Google currently have to offer in iOS and Android, respectively.

Here are five of our favorite new Windows 8 features.

Picture Password

You can choose both the photo and its related gestures for your picture password. The more that’s going on in a photo, the harder your password will be to crack. Image: Christina Bonnington/Wired

We’ve known about Microsoft’s picture password feature in Windows 8 since its developer preview was unleashed in mid-September. But now that we’ve had a chance to give it a spin, we can definitely say it’s a fun, convenient alternative to other system unlocking methods. In a nutshell, you choose a photo for your lock screen, and then define three touch gestures to draw on top of the photo in order to unlock your device.

When Microsoft first detailed picture password, some were skeptical: Won’t evil hackers be able to figure out your gesture-based password based on the smudges you leave on the display? In a blog post,Microsoft said no: “Because the order of gestures, their direction and location all matter, it makes the prospect of guessing the correct gesture set based on smudging very difficult even in the completely clean screen case, let alone on a screen that sees regular touch use.”

In that same blog post, Microsoft provided a detailed mathematical explanation of why a picture-based password is every bit as secure, if not more so, than a PIN-based one. And independent security experts agree that the likelihood of someone being able to decipher the intent of smudges on your device is slim to none.

Of course, character-based passwords and number-based PINs are an old standby. Apple uses four-number passcodes in iOS. They’re quite secure, but not particularly innovative. Google is more creative with its unlock security, offering a facial recognition-based unlocking feature in its Android 4 Ice Cream Sandwich OS. This, however, has proven not to be so secure. In fact, it can be defeated if you hold up a picture of the Android device owner at the right distance from the display. Leer más “5 Ways Windows 8 Is Better Than iOS and Android”

Firefox Data Visualization Shows You How Dumb Your Passwords Are

Do you reuse passwords across multiple websites? The habit is alarmingly common, despite being a well-known security risk. You know how the warning goes: If you use the same password across a number of different websites and one of those accounts is compromised, some evildoer could infiltrate the other sites, potentially exposing a wide range of personal data and even putting one’s finances or identity at risk.

Mozilla knows all too well the online privacy and security issues that its users face. Its Firefox browser is the gateway to the Web for millions of people, and it doesn’t take that responsibility lightly. Mozilla Labs recently launched what it calls the Watchdog initiative to help users understand and manage passwords and privacy-related matters.

The latest Watchdog project to see the light of day is a Firefox add-on called the Password Reuse Visualizer. Once installed, it allows users to see a data visualization of their stored passwords and how they’re being used across sites.


Do you reuse passwords across multiple websites? The habit is alarmingly common, despite being a well-known security risk. You know how the warning goes: If you use the same password across a number of different websites and one of those accounts is compromised, some evildoer could infiltrate the other sites, potentially exposing a wide range of personal data and even putting one’s finances or identity at risk.

Mozilla knows all too well the online privacy and security issues that its users face. Its Firefox browser is the gateway to the Web for millions of people, and it doesn’t take that responsibility lightly. Mozilla Labs recently launched what it calls the Watchdog initiative to help users understand and manage passwords and privacy-related matters.

The latest Watchdog project to see the light of day is a Firefox add-on called the Password Reuse Visualizer. Once installed, it allows users to see a data visualization of their stored passwords and how they’re being used across sites. Leer más “Firefox Data Visualization Shows You How Dumb Your Passwords Are”

A Flexible ID Field Helps Forgetful Users Log In

A flexible identification field would allow users to enter either their email address or username to log in. This not only helps users who forget their username, but also users who forget which email address they used to sign up for your site. A user might forget the email address they used, but remember the username. The flexible ID field adapts to the user and what they remember. Users have the freedom to choose to log in with their username or email. If one fails, they can always try the other option.

Adding a flexible ID field on your login form has many benefits. A username and email address are both unique to a user. It makes sense to allow them to choose what they want to use to log in if they forget one or the other. Limiting the user to only one login ID runs the risk of users forgetting it and getting locked out of their account. Getting locked out isn’t fun for anyone. But with a flexible ID field, you can prevent this from happening to your users. Giving users the help they need when they make errors is important part of interface design. But preventing users from making those errors in the first place is a more important part of interface design that designers should strive for.


http://uxmovement.com
by anthony

Everyone forgets things from time to time. But forgetting a username on a website can keep users locked out of their account. It’s like forgetting your keys and getting locked out of your house. Getting locked out is a frustrating experience in life and online as well.

Luckily, there’s a way you can help users who forget their usernames log in to their account. Most users remember their email address more than the usernames they use across different websites. This is because most users check their email regularly and are more familiar with their email address. However, some sites don’t allow users to log in with their email, but rather username only. This can force forgetful users to create a new account all over again. Users are not only frustrated that they forgot their username, but now they have to do extra work. In addition to the frustration, forcing forgetful users to create a new account can populate your database with ghost accounts. This isn’t good for you or the user.

Leer más “A Flexible ID Field Helps Forgetful Users Log In”

Trojan Forces Firefox to Save Your Passwords

Most security researchers recommend that users tell Firefox not to remember their passwords, since saved ones are so easily extracted by malware.

The Trojan-PWS-Nslog malware discovered by security company Webroot, however, gets around user preferences altogether by actually deactivating the Firefox code that asks if it should save those passwords when the user logs into a secure site.

“Before the infection, a default installation of Firefox 3.6.10 would prompt the user after the user clicks the Log In button on a Web page, asking whether he or she wants to save the password,” Webroot researcher Andrew Brandt explained in a blog post on Wednesday. “After the infection, the browser simply saves all login credentials locally, and doesn’t prompt the user.”

Specifically, the Trojan adds a few lines of code and “comments out” other portions of code from the Firefox file called nsLoginManagerPrompter.js, with the result that all passwords get saved locally without any input from the user.

Clues Left Behind

With that information, the Trojan creates a new account under the name “Maestro” on the infected computer. It then “scrapes information from the registry, from the so-called Protected Storage area used by IE to store passwords, and from Firefox’s own password storage, and tries to pass the stolen information onward, once per minute,” Brandt added.

The Web domain intended to receive the stolen data has already been shut down, but code inside the malware revealed the author’s name and email address, which led Webroot to a Facebook page for a hacker based in Iran who provides a free keylogger creator tool targeting users of Microsoft Windows.

Webroot can easily identify and remove the Trojan from infected machines, it says. To fix the modified Firefox file, users should download the latest Firefox installer and install it over the existing installation. No bookmarks or add-ons will be lost in the process, Brandt said.


By Katherine Noyes, PCWorld

A Firefox Trojan has been found to force the Internet browser to save user passwords and then use those passwords to create a new user account on the infected computer.

Most security researchers recommend that users tell Firefox not to remember their passwords, since saved ones are so easily extracted by malware.

The Trojan-PWS-Nslog malware discovered by security company Webroot, however, gets around user preferences altogether by actually deactivating the Firefox code that asks if it should save those passwords when the user logs into a secure site.

“Before the infection, a default installation of Firefox 3.6.10 would prompt the user after the user clicks the Log In button on a Web page, asking whether he or she wants to save the password,” Webroot researcher Andrew Brandt explained in a blog post on Wednesday. “After the infection, the browser simply saves all login credentials locally, and doesn’t prompt the user.”

Specifically, the Trojan adds a few lines of code and “comments out” other portions of code from the Firefox file called nsLoginManagerPrompter.js, with the result that all passwords get saved locally without any input from the user.

Clues Left Behind

With that information, the Trojan creates a new account under the name “Maestro” on the infected computer. It then “scrapes information from the registry, from the so-called Protected Storage area used by IE to store passwords, and from Firefox’s own password storage, and tries to pass the stolen information onward, once per minute,” Brandt added.

The Web domain intended to receive the stolen data has already been shut down, but code inside the malware revealed the author’s name and email address, which led Webroot to a Facebook page for a hacker based in Iran who provides a free keylogger creator tool targeting users of Microsoft Windows.

Webroot can easily identify and remove the Trojan from infected machines, it says. To fix the modified Firefox file, users should download the latest Firefox installer and install it over the existing installation. No bookmarks or add-ons will be lost in the process, Brandt said. Leer más “Trojan Forces Firefox to Save Your Passwords”