Starfish Software

Conventional “wisdom” says change all your passwords at once to very different impossible to guess 12 character passwords. The chances of making mistakes in times of stress are great.

To change a whole bunch of passwords, first of all change them all to the same hard to guess password.

These days it would be foolish to suggest anything less than 8 chars employing a variety of character set types, letter number triplets are easy to remember and not predictable but far easier to remember (or recognise).

The triplet method

Examples (how secure)
g4j 2e4 sde (secure enough)
h45 3r4 2H7 (more secure)
r!E 9(8 73x (most secure)

in an emergency use the paired method – but only for 24 hours or so. Good paired passwords are hundreds of times less secure than the ones above! But if you are locking down you want a character sequence that you will not get wrong, which is why this works for low security.

h2 j3 u8 – it easy to remember

It is not good advice to leave your passwords changed to short passwords, but it is important to execute your password change quickly, quietly and without hesitation or error.

Therefore close all the doors first, then put the heavy locks on the financials. Record everything with a pen and notebook clearly labelled “Oatmeal and corn recipes”

Increasing Facebook Security

What can you do right now to increase security on Facebook?

1. Do not ever send money due to a Facebook request – speak on the phone first (like in the good old days, before social networking) or require an email and ask a revealing question.

For example: How is your mother, these days? Or – for security – please include the name of your cat in a confirming email.

2. Be fairly impersonal about what you put on Facebook – even though it says only your friends can see it, that is never guaranteed. Read the current terms and conditions of service. Facebook appeared to react slowly to security issues possibly they did not expect.

3. A secure password respository seems like a good idea. Government have wanted this for years.

4. OpenID seems the right solution. When will vendors get their heads around collaboration to make the web a safe place?

5. The purpose of social networking is NOT to beg from your friends. Ignore such requests as probably spam. Confirm using phone. It is still harder to steal a phone number than a domain name.

6. FB should work on validation of everything and add a panic button. Freeze my friend should be allowed if three friends agree on it, say for time it takes Facebook to react?

7. The ONLINE world has a different philosophy to the “real” world. One wonders if this is not corrosive of human instincts.