Secusmart moves forward

Germany says yes to Secusmart acquisition

Enterprise

BlackBerry Identity tools for enterprise announced

News & Rumors

New malware exploits USB, but isn't really that scary

Special Coverage

Hands-on with Secusmart voice encryption

News & Rumors

BlackBerry acquires mobile security company Secusmart

News & Rumors

Blackphone fires back: 'BlackBerry betrayed its customers and jettisoned its credibility'

News & Rumors

BlackBerry discusses Blackphone and why its consumer-grade privacy is inadequate for businesses

News & Rumors

UK government set to rush through emergency surveillance legislation

News & Rumors

UK officials follow US counterparts by banning electronics with no charge from boarding flights

News & Rumors

First smartphone 'kill switch' bill in the US passed by… Minnesota

News & Rumors

BlackBerry kicks off security-focused Be Mobile Conference

News & Rumors

Bitly alerts users of widespread account compromises, claims no accounts have been accessed

Enterprise

BlackBerry earns two Govie Awards for outstanding security

Enterprise

BlackBerry CEO says Good is not good enough when it comes to security

BlackBerry Apps

BlackBerry tightens up on app security with BlackBerry Guardian and Trend Micro

Enterprise

BlackBerry issues statement on Air Force switch: 'There is nothing more secure than a BlackBerry'

CrackBerry Polls

CrackBerry Asks: Are you using Picture Password?

Editorial

Despite growing security concerns, President Barack Obama stills trusts his BlackBerry

BlackBerry Apps

Your WhatsApp conversations may not be as safe as you think

Enterprise

BlackBerry 10 Receives NATO Approval for Restricted Communications

< >

Using strong passwords and keeping your online self secure

By Adam Zeis on 21 May 2014 12:28 pm EDT
9
loading...
0
loading...
34
loading...

Earlier today, eBay issued a press release letting users know that a cyberattack "compromised a database containing encrypted passwords and other non-financial data." Users will be asked to change their passwords just in case, though they noted that eBay "has seen no indication of increased fraudulent account activity." This is sadly just one of many attacks recently, and something that won't be going away anytime soon, if ever.

Attacks like this are nothing new, over the years plenty of big-name sites have become victim to similar cyberattacks. Retial chain Target has been all over the news lately, and there's also vulnerabilities like the recent Heartbleed Bug that affected Google, Facebook, Yahoo and dozens of other sites.

As we go further and further, putting more and more of our personal information and lives online, it's even more important to keep that data safe. Your personal life (and data) is strewn out across the web in more places than you really know, so keeping what you can private and safe is more important now than ever before. At Mobile Nations we've always been big on security and keeping yourself protected online, but what are you really doing to make that happen?

Hack me once, shame on me

I was never big on passwords. In fact, the two passwords I used for everything were ones that were given to me by my original ISP nearly 20 years ago. I memorized them at the time and since they were a random jumble of letters and numbers, didn't give much thought to using anything else for any site. These were my go-to passwords, one I used more than the other, but I never considered just how bad of a practice this was until the day I almost lost my Gmail account.

A few years back I woke up to a slew of password verification notes from Google, and I instantly dove into a panic. I scrambled to login to my account with no luck. After a few hours of work, I managed to reclaim my account. I noticed that all of my account info was changed by the hacker, and the sent spam messages that numbered in the hundreds. I then realized that if finding my password here was this easy, I was extremely lucky it wasn't taken to the number of other sites that all shared the same password.

It was then that I started using a password manager and spent the next few days making sure my passwords were different across all of the sites I frequented. I only had to remember my master password, which I made so long it took me over a week to memorize. Since then I've had no issues with hacking and I've been sleeping soundly know that my online life is (mostly) safe.

Two-factor Authentication

Recently I've even taken things a step further by enabling two-factor authentication (or two-factor verification) where available. I use this now across all of my Google accounts as well as other services like Facebook, Twitter and Dropbox. Two-factor authentication adds an extra layer of security to your accounts, requiring you to enter a code provided either in an app (like Google Authenticator) or as a text message. The ensures that only you can get into the account, even if someone has your password.

Password Managers

The best bet for keeping your passwords secure, while also keeping them organized, is a good password manager. There are a few options available depending on your platform, but all are great choices and offer values far beyond writing all of your passwords down in a "safe place".

Strong Passwords!

If you're not up to using two-factor authentication or a password manager — at least use a strong password. Mix up numbers, lowercase letters, capital letters and special characters. The longer the better. And never use the same password twice. If a hacker does track down your password, the last thing you want is for them to have access to all of your accounts, just because you used the same password across the board. Stay clear of using passwords like your kids name, birthday, anniversary, "1234567", or the ever popular, "password". Apps like LastPass even offer a secure password generator so you don't have to do any thinking on the matter.

Are you using a password manager to cover your bases? What are some of your favorite tips for staying secure? Hit up the comments and let us know!

Reader comments

Using strong passwords and keeping your online self secure

94 Comments

+1 but still dont trust random generated password, I set it to 19 characters but I manually change at least 5 or 6 every time.

All your suggestions except for two-factor authentication are employed by me. BB Password Keeper works just fine to keep track of long and complex passwords all of which are different. And all of which are changed at intervals depending on the importance of the function.

Agree, Password Keeper on BB is absolutely amazing...keeps everything in alphabetical order and creates a unique passwords :)

+1.
You can generate random password with Password Keeper. It's Settings allows you to change password length.
You don't have to remember these passwords either. Use copy Password feature to copy and paste to BlackBerry browser and you're good to go.

 CB10 

I use Keeper since it allows me to use the service online and on my phone. I often just update or add password info on my computer and it automatically wirelessly syncs to my phone.

Thank sin-co. This I know. I was replying to the post that wondered why Password Keeper wasn't a *default* app. It comes installed with BBOS, but not BB10. But like you said, it can be acquired after the fact.

I like my coffee BlackBerry Black! What?

I wish it integrated with apps/browser and also allowed import from lastpass/keepass.

Posted via CB10

Ah, silly me, I missed that! I just downloaded the latest version from Snap instead, it works fine.

Posted via CB10

I just do it the best way, don't leave anything on the net to be found.

Posted from a Nintendo Entertainment System

Highly recommend Enpass. They are the only Password Keeper (other than BlackBerry) to have a BB10 app - and a good one at that.

Also they have every other platform support. Desktop support. Dropbox & Box support (nice as a Box user - go PlayBook 50gb deal!).

And you can even import your existing BlackBerry Password Keeper entries. Great product!

Posted via CB10

AFAIK, it's not native BlackBerry code. It's extremely slow in response and ugly. Both of them: KPD (Keepass) and KeepassB.

I gave Enpass a quick look and didn't see any mention of Box support. I saw restore options through OneDrive & Dropbox though. What do you mean when you say "Box support"? I primarily use Box and so would be interested in this

Enpass syncs with Box, Dropbox and Onedrive. You can download the app to your PC also and your passwords will automatically stay in sync across your devices and PC using one of the three mentioned above. Great app.

Posted via CB10

Just downloaded Enpass and see the Box integration - awesome! When I first downloaded Enpass onto my computer it was there that I saw no mention of Box.....hence the confusion.

+1 for enpass. Also has mac program to allow sync to my mac book. Excellent program and strange it wasn't listed in the write up. Instead we see lots of android / iOS apps.

A new app that is in a beta (not BlackBerry beta) and just received crowd funding is Symple ID. I have been using it and it is fantastic for the two factor authentication. Even has the ability to change your password every time you log in for some websites (Facebook).

Keep an eye out for it, I've quickly become a fan of this. I use it in combination with Enpass and feel as safe with my passwords as one can in this digital age.

Posted via CB10

Please don't forget keepass.. it's open source and it's available on win, mac, linux, android, ios, wp and bb10 (and it's native!)

Posted via CB10

It appears the link I posted doesn't work.. btw it was about the app 'keepass for blackberry '. Give it a try, it's smooth and it's arguably the most secure one ;)

Posted via CB10

If you don't have a premium last pass account, use the bookmarklet in the BB10 browser it works great, $1 a month for premium is not too much anyways for the pro service

I have been looking for a cloud based password manager but having a hard time trusting something as much as BlackBerry one. What if your password manager provider is compromised. Ouch.
You can use great encryption but implement it poorly that makes it vulnerable.

Posted with my Z10

Lastpass is a 14 day trial. Problem I have with cloud based pass managers is if some one gets the password for that they have all your passwords. Probably better keeping it local or the native blackberry one built in. Obviously have a strong password on your device.

Posted via CB10

Same here. And while the cloud services do offer some convenience, they run the risk (albeit minimal) of being compromised and leaking all your passwords. I like Password Keeper because all of my info stays on the phone. Someone would have to get their hands on my phone and figure out the password before any damage could be done.

Posted while peeking and flowing on my incredible BBQ10! 

I am also a Password Keeper satisfied frequent user.
Keep my credit cards passwords, websites, etc.
Great program!!

Z10 aficionado since March 2013

Just noticed as well that the Keepass free version although it works is no longer supported by the developer.

Posted via CB10

I didn't know that! Well, let's hope that it will keep running for a looong time, because I use it all the time...

it means that there will be no developments anymore on this specific built but the app won't disappear.

Posted via CB10

Yeah, I get that, but you never know if the app will keep working on newer OS builds. Maybe it will on 10.3 but not on 10.6 or 11.0 or wherever we stand in a year or two. But for now, it works and I have it on my two desktop pc's, my laptop and my Z30. And on my iPad, although there it doesn't work as smoothly.

Posted via CB10

The main source for KeePass is fully support. There are several apps, free and paid in BB World, as well as APKs. It's my favorite. I did settle on KeePassB ($1.99) and it is great. Serves my needs very well, full cross platform compatibility (I use it on desktops, tablets, and my Z10). So glad I found this, so much better than Password Keeper (as probably any of the ones in this article are).

Strong, 15-18 characters long password for me. Not too keen on 2 step verifications as I had a lot of issues with them once. As for Password Managers... Say what happens to eBay happens to LastPass. What then? Hmm?

And a prime target for GCHQ, NSA and other three/four-letter gov't organizations.

I believe that's just like the cream pie for them.

"No Q10?" -> "Buy from Chen... "

I'm a huge fan of LastPass, been using it for years. I also adopted two-step verification on accounts that do offer that.

I backed Symple ID, want to see how that goes.

Posted via CB10

Probably because this article was posted across all the Mobile Nations sites so it was meant to be more or less OS agnostic and be general advise for anyone.

I use Enpass, and couldn't be happier. It backs up changes automatically on my computer, and this is a huge bonus to me!

Posted via CB10

Sites that allow pass phrases instead of restrictive passwords are the way to go... allowing you to string together a very long phrase or sentence that is much easier to remember than odd combinations of letters, numbers, and special characters, and the long phrase provides even higher security because math.

Posted from my awesome Z30 :-D

Considering keepass or BlackBerry password keeper. I need to stop keeping passes in remember/memopad! Lol

Posted via CrackBerry 10 (CB10) application using my BlackBerry Q10.

Password protection is very important if one is serious about security... Let's see how BlackBerry is doing with its most secure mobile OS which protects data and identity...

2 factor auth for BlackBerry ID? Nope
Password manager in the browser? Nope
Password manager in the OS which can fill passwords in apps or the browser? Nope

Oh, maybe all mobile vendors suck then, let's see...
Google accounts support 2 factor auth
Lastpass has a plugin for Mobile Firefox
Lastpass can fill passwords in Android apps and the Chrome browser
Lastpass has a flexible strong password generator which can also be used on BlackBerry 10, thank goodness for the Android VM

The apps and online services can help to generate and input passwords but can any of them help to automatically change your online password? Say to your eBay or Gmail account?

???! BlackBerry Password Keeper is not in the article list! It's a terrific app!

Most likely posted via CB10 from my amazing Z30, but may have been posted from my awesome PlayBook.

BlackBerry Password Keeper from BlackBerry World is my preference. It's easy to use and has every feature I've needed. I'm surprised it wasn't mentioned in the article, as I'd much rather have a native app looking after the keys to my house than an Android or ported-Android app.

Keeper also looks quite well made, though I don't have any personal experience with it.

Via CB10 on  Q10

And it's great for masking it email address and generating email for sites that want you to sign up

Posted via CB10

I use masked emails with Do NOT track me extension for Opera Browser. They also have masked phone and credit card nunbers

Posted via CB10

Ridiculously complex passwords? Check! 2-Factor authentication? Check! LastPass? Check! Nice article.

Posted via CB10

I really wonder why not even the blackberry browser has a password manager. Not even a favorite manager! No swipe left and right for forward / backward website, lol even Evolution Browser has that.

Sometimes when I'm browsing the internet with my dell venue 8 pro tablet and touch internet explorer I think the blackberry OS10 Browser is just a bad copy of it.

Media Player also very bad, not even a equalizer lol come on Blackberry we have 2014

Posted via CB10

The problem is not with password keepers because it is these companies can't keep the hackers out and stealing the passwords from them.

I have lost passwords to...Sony, Google, bit.ly, yahoo, facebook X3, and twitter and now ebay.

The problem lies with them...I can keep track of passwords with great apps like Blackberry's password keeper...it is the need to constantly re-enter them as these companies get hacked.

I know this is the cost of being on the Internet, and this falls to the category of doing laundry as a job that just never ends...Just frustrated is all.

Authored on the Q10

I use Password Keeper to generate my passwords and when using SSH I use a certificate combined with a passphrase generate by Password Keeper. I usually add two-factor authentication for password change requests.

Posted via CB10 on BlackBerry Q5

"Mix up numbers, lowercase letters, capital letters and special characters."

A common, even prevailing, viewpoint -- which is quite wrong. I'll let Randall Munroe explain it, as he does so well: http://xkcd.com/936/

The only value in using special characters and random strings is that they result in a password which is better than what the typical user would use, like their birth or wedding date, or their dog's name.

Hushmail.com does not recommend these passWORDs, but so-called passPHRASEs just as described in this comic strip article

furry cat defluffing device for weekend use

tomato juice colored drink makes vampires happy

(with or without spaces)

Password length is more important than complexity:

doG...................................123#
is apparently better than
FNydTg8p

"No Q10?" -> "Buy from Chen... "

Well, let's look at this mathematically. I counted 93 different symbols, letters, and numbers on my BB10 keyboard that I think are standard enough to use in a password. If you use a completely random assortment of these for an 8 character password, the number of different combinations is 93^8, or 5.6E15 (roughly 5.6 quadrillion)

Meanwhile, if you have a 20 character password, but it is only lower case letters (of which there are 26), the number of combinations becomes 26^20, or 2E28. Since there are over a trillion times as many possible combinations, it is far more secure to have a password that's long, even if it's only lowercase, than a completely random password.

On the other hand, I've come across a surprising number of websites where passwords must be 8 characters or fewer, so you can't always have a long password, but the most secure password, if you can get it, is to have a long password with completely random characters, since using all characters in a 20 character password would have 93^20, or 2.3E39 possible combinations, which is over a billion times as many as using lowercase letters.

Posted via CB10

Last pass is great if you need a cross platform solution. Their BB10 app is a laggy android port but at least they made an effort to make it available in BlackBerry World. Wish they would make a native BB10 version.

Posted via CB10

If you use Password Keeper and lose your BlackBerry....... do you lose all your passwords?
I'm not using a password keeper / generator at the moment. I'm just about to start using enpass, which wasn't mentioned in the article for some reason.

Posted via CB10

I use a hak proof method. I have a little agenda I keep in a drawer on my desk. I write the passwords with pencil so I can change them as needed. I don't trust any password storage app. What if they break into it? Then you really are screwed.

Posted using my awesome Z10