cyberartisans logoWeb professionals dedicated to
    making your web site work for you...

Back to
Newsletter listCyberArtisans Logo
CyberArtisans Web Developers Newsletter )
Keeping you up to date on the web March 2009
In this issue
  • Keeping Track of Passwords
  • Massachusetts Encryption Law
  • Email problems
  • Browser Icon

    		•

    Welcome to the March 2009 issue of the CyberArtisans newsletter!

    Each month we try to present information that will be useful to you as a website owner and as a user of the web. If these newsletters are useful, please forward this to a friend. To unsubscribe, follow the directions at the bottom of this email.


    		Keeping Track of Passwords

    Passwords can easily become the bane of the web surfer's existence. We are told that there are three simple password rules: (1) they should be secure (the best are a combination of lowercase and capital letters, numbers, and punctuation), (2) they should be changed regularly, and (3) they should never be written down. This sounds like something our airline pilot friends used to tell us: "There are three simple rules for making consistently smooth landings in a 747, but unfortunately nobody knows them."

    There are many ways to manage your passwords. The simplest — use the same password for everything — is also the most dangerous. If someone learns that password they have access to all your online information.

    Most browsers will remember passwords for you. That's a little better but the browser doesn't encrypt the passwords so if anyone knowledgable sat down at your computer (or broke in using spyware) they could easily steal all your passwords.

    The best solutions are applications that keep track of your passwords. These applications do encrypt your passwords when storing them. Their biggest weakness is that the master password provides access to all the others, but the compensating advantage is you only have to remember one password so you can make it fairly secure. The most popular application is Roboform, although there are lots of others. Most cost (Roboform is $30) and most are stand-alone applications that require a separate application to be loaded onto other devices (Blackberries, for example) to be portable.

    But there is now a new one that works as easily as the browser, is very secure, is portable, and is free. It's called LastPass. LastPass is a browser add-on. It captures URL/username/password combinations (but only if you tell it to) so that the next time you go to a site it can log you in automatically.

    The information is stored (encrypted) on your computer, so LastPass will work on your own system even if the LastPass server is down. It also stores your username/password information on the LastPass servers, encrypted again. In fact, the LastPass website warns you that you must remember your master password because LastPass personnel cannot decode your passwords from their server. If you are using someone else's computer you can simply log into LastPass and use it wherever you are.

    If you are using a public computer and are concerned about a keyboard logger capturing your master password, they recommend using the on-screen keyboard. You didn't know Windows provides an on-screen keyboard? Neither did most of us. Go to Start | All Programs | Accessories | Accessibility and you will find it there.

    LastPass also provides a way to generate single-use passwords. This is a little more complex, but with some forethought it might be a good way to prepare for a trip where you will be using different computers.

    We've been using LastPass for a couple of weeks now and so far we like what we see. There are definitely some rough edges. It tried to use our Sears login information (which it had) for our Home Depot account (which it did not have), for example. It sorted itself out once we loaded both the Sears and the Home Depot account information into it.

    But for the most part it works well, it's fast, the website is very convincing that it's secure, and it's got enough settings that you can adjust it to work the way you want it to.

    		Massachusetts Encryption Law

    If you have customers in Massachusetts that state's new encryption law may apply to you. The law, which takes effect January 1, 2010, requires that "personal data," defined as the combination of a person's name with their social security number, bank account number, or credit card number, be encrypted when transmitted over a network or when stored on portable devices.

    Transmitting over a network generally means a website and most websites already use encryption for this data (and if yours doesn't, contact us immediately). But data on portable devices (defined as flash drives, laptops, PDAs, and such) is not routinely encrypted. Note that while the laws of other states require "protection," which can be satisfied with simple password protection that prevents access to the files, the Massachusetts law explicitly requires encryption.

    For those of you who store such information in spreadsheets or Word files, note that Word and Excel have built-in encryption capability. Go to Tools | Options within those programs and then click on the Security tab.

    For other data files, you may have to explore one of the various encryption programs available. PGP is one of the oldest but somewhat expensive ($199 for a Windows installation). TrueCrypt is a free open-source program.

    Both PGP and TrueCrypt are aimed at a technical audience. If you don't fit that description but really need encryption, get a tech support person to install whichever one you choose and give you a guided tour. Once you start using it you will find it's straightforward enough, but the documentation is definitely not aimed at a non-technical user.

    		Email problems

    We take care of everyone else's email, so presumably we should be immune to email problems. Ha! On Tuesday February 17th we moved 3 domains to a new server. One of those domains was cyberartisans.com. Two of the three moved within the day. The one that didn't was cyberartisans.com.

    Usually, when we move a domain, everything works on the old server until suddenly everything moves to new server with no downtime. Not this time. Some incoming email still went to the old server and some simply bounced. Several rounds with tech support finally solved it but it took almost a day and a half.

    		Browser Icon

    If you go to our website on your favorite browser, you will see a little red and white C/A icon next to the Cyberartisans name on the tab. This is a favicon.ico file. It is limited to 16 pixels by 16 pixels, so there isn't much resolution for fine detail, but it's a neat way of adding a little more distinction to your website. If you would like something like this for your website, give us a call.

    Quick Links...