Password manager

The days of widespread, biometric-based security (voice recognition, fingerprint reading, eye scanning, etc.) are coming, but passwords are still required in many organizations and at most websites.  The problem:  How do I manage (let alone remember) all of the different usernames and passwords I have out there?

Personally, I use Tasks within Microsoft Outlook, which is secured by my network login:  Within a folder I titled “Usernames”, I create a task for each application and website and then copy-in the date and user information.  This limits my “need to remember” to only one complex password (my network login).  However, I must have access to my Outlook account to retrieve all other user information.

There are better tools called password managers.  These are software applications that “help a user organize passwords and PIN codes”1, which are held in a secure, encrypted file or database.  Many include the ability to automatically fill-in a form-based webpage with the username, password, and any other login credentials.

Most password managers can be categorized thus:

  • PC based – Application running on your PC
  • Mobile based – Application running on your tablet or smartphone
  • Token-based – Requires a separate smartcard, memory stick, or similar device to authenticate
  • Web-based – Credentials are located at a website and must be viewed and/or copied from this site
  • Cloud-based – Credentials are web-based, but are securely transferred for processing to an application running on your PC or mobile device

Most password managers are hybrids and many fit into two or more categories, but all share one trait:  You still need a master password to access your information (although some offer two-factor authentication).

Important characteristics include:

  • Access – Accessible from all devices and browsers
  • Detect – Automatically detect and save from any account
  • Secure – Advanced encryption, two-factor authentication, etc.

Pricing varies from free (for the slimmed-down, single-device versions) to annual subscriptions that range from $9.95 to $49.99 per year.

Several publications2 have reviewed password managers; the top performers:

  • LastPass 3.0 – Cloud-based and powerful yet flexible; free version available, but upgrade (at $12/year) to LastPass Premium for mobile-device support
  • DashLane 2.0 – Feature laden with an easy-to-use interface; free version, but $29.95/year to synchronize all devices and get priority support
  • RoboForm Everywhere 7.0 – Cloud-based at $9.95 for first year

Other password managers (in alphabetical order):

  • 1Password for Windows – $49.99 per user
  • F-secure Key – $15.95
  • Handy Password – Starts at $29.92
  • KeePass – Free
  • Keeper – Subscription at $9.99/year
  • My1login – Free for 1 to 3 users; $22 for 4 to 10 users
  • Password Box – Free version with subscription at $12.00/year
  • Password Genie 4.0 – Subscription at $15.00/year
  • PassPack – Free version with subscription at $12.00/year
  • PasswordWallet – $20.00

I like LastPass; the free version is easy to use and my login data is available from anywhere (with Internet access).  Plus, I like having the application locally on my PC (even though my data is stored at LastPass in encrypted format).

1. Taken from Wikipedia at http://en.wikipedia.org/wiki/Password_manager.

2. Recent password managers reviews:

Summer Fun!

The weather cooperated as Bryley’s summer outing on Sunset Lake in Ashburnham was sunny, warm, and dry. The menu included standard-issue, summer-cookout fare with hamburgers, hot dogs, veggie burgers, salads, and desserts; plenty of desserts. Bryley also hosted SwiftecIT and other friends; daylight fishing and pontoon-boat rides (pictured) gave way to roasting marshmallows around the evening campfire.

Boating at the Bryley Summer Outing

They’re back: Telephone scammers

Yes, they have returned:  The IRS and National Grid are both warning of telephone scammers that call and demand fictional, past-due payment.

The IRS scammers1 are very specific; they call and threaten immediate arrest, loss of driver’s license, and seizure of assets.  They may leave a message requesting a callback; follow-up callers may pretend to be from the local police or the DMV.

Characteristics of these scams can include2:

  • Scammers use fake names and IRS badge numbers. They generally use common names and surnames to identify themselves.
  • Scammers may be able to recite the last four digits of a victim’s Social Security Number.
  • Scammers “spoof” or imitate the IRS toll-free number on caller ID to make it appear that it’s the IRS calling.
  • Scammers sometimes send bogus IRS emails to some victims to support their bogus calls.  (Note:  The IRS does not use email to contact taxpayers.)
  • Victims hear background noise of other calls being conducted to mimic a call site.

Best advice:

  • Do not engage the caller in a conversation
  • Do not provide personal information
  • Hang-up the phone immediately
  • Call the IRS at 800-829-1040

National Grid3 will call and request payment and will notify of potential for service interruption due to non-payment, which makes it tougher to separate a legitimate call from a scammer.  If in doubt:

  • Ask the caller to provide the last five digits of your National Grid account
  • Do not provide your account number or any other personal information
  • Contact National Grid at 800-322-3223

1. Thank you to Nancy Goedecke, EA, of Taxes and Money Management who provided the notice on the IRS scammers.

2. Taken from http://www.irs.gov/uac/Newsroom/IRS-Releases-the-“Dirty-Dozen”-Tax-Scams-for-2014;-Identity-Theft,-Phone-Scams-Lead-List.

3. Taken from National Grid’s July/August 2014 issue of WeConnect.

We Have A Winner!

Congratulations to Geary at USI!  You’ve won the drawing for “Roy’s Almost 20th!”

For those who may have missed the news, Roy Pacitto, our Director of Sales, has been an employee at Bryley Systems for nearly 20 years!  Since we tend to get excited about this sort of thing, we decided to have a little celebration in honor of his many years of service, only to realize that Roy hadn’t actually finished his 20th year yet.  By this point, however, the drinks were already open, the cake was already out, and we were already assembled, so we decided to go ahead and celebrate Roy’s (almost) 20th anyway.

It was about this time that we made another realization.  Over the past (almost) 20 years, Roy has come to know a lot of people, and we wanted to get all of you in on the celebration as well.  As a result, we put together a little contest in which we hid an image of Roy’s (almost) 20th cake somewhere on our website, and those who found it were entered in a chance to win a $35.00 gift card.

To make a long story short, the contest is over and Geary is our lucky winner!  We hope that you will all join us in congratulating Geary and Roy in their respective achievements.

3 Simple Steps To Secure Your Mobile Device

Three simple steps to keep your mobile device secure:

  • Turn off the Wi-Fi capability when not using it
  • Turn off GeoLocator when not needed
  • Logout and lock when finished

See Ray Ramon’s article at http://www.smallbiztechnology.com/archive/2014/02/3-simple-ways-to-be-secure-no-wifi-no-geolocation-logout.html/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Smallbiztechnologycom-SmbNewsAndInsight+%28Smallbiztechnology.com+-+small+biz+tech+news+and+insight%29 for more information.

Bryley Basics: Encrypt your iPhone

iPhones, versions 3GS and later, offer hardware encryption; it is activated through the data-protection feature by enabling a passcode:

  • Tap Settings > General > Passcode.
  • Follow the prompts to create a passcode.
  • After the passcode is set, scroll down to the bottom of the screen and verify that “Data protection is enabled” is visible.

Note: Your encryption protection is only as good as the passcode; try to make this difficult to guess and keep it hidden.

You should also encrypt your backup for added security.  Check the “encrypt local backup” in iTunes if you back up to your computer.  If you back up to iCloud it is automatically encrypted, but be sure you have a really good iCloud passcode.