Friday, September 26, 2008

Homeland Security begins at home.

When gov folks talk of homeland security, they immediately refer to threats from outside our borders. It's so apparent that gov policies, postures, stances and attitudes all contribute to the tensions expressed by people who are involved and then it's all aggravated by the media, giving us the play by play. But threats and intrusions come at us a number of ways and many don't require a misplaced nuke. If you own a computer, have online accounts and privileged access, you should be concerned with something called "the password". Shhhhhhh........., it's a secret that every user harbors and unfortunately easy to circumvent. A birthday, a pet name, even a social security number are commonly used to protect vital info. If you make it too cryptic, you yourself can't remember it, so you use reverse encryption and spell your name backwards. I am so surprised that with all the computers in use that the gov didn't insist that each citizen would install secure passwords to protect and cover ourselves. On our side we say we couldn't remember all the passwords to all the things we need them for. Yes, we could write them down, keep them hidden but handy, but that too is risky. I say go ahead, write them down, but lock them away somewhere away from your computer. Then employ a password safe on your computer. What's a password safe. It is a program that stores your passwords in a file/database in a highly encrypted format and either allows you to see the required password when needed or fills in the required password when needed. Access to this feature is often hidden behind a master password which should be cryptic but, you only have to remember one of them. So with the layers of encrypted strong passwords, you have adequate defence against intrusion and theft.
Most average folk are not under direct threat, but you just might be lucky. And you should know that these intruders don't guess your passwords, they use computers, so you should make it hard for them.

Ubuntu Linux has a few password safes or managers, I am looking at one called KeepassX. This was made for MS windows platforms years ago, is now open source and has a Linux version, hence the "X". Installation is too easy but how to use it must be a secret because I can't seem to find a tutorial on the home page or the project site. For more info go to KeepassX.org and to get a partial instruction check out this blog, Keepassx password manager.

So, the trick is to make your easily guessed passwords sound like Charlie Brown's mother, "Wah, wah, wah, wah!?!", then hide them behind another encrypted password. Do copy them down but store them elsewhere, off site preferred. Being safe takes a little practice, may be a bit inconvenient, but in the end you have one less backside to cover.

This is your Linuxville guide with this security bulletin and public service announcement. Please deadbolt your routers, PC's and padlock your mouse to the desk.

No comments: