Tag Archives: password

Hover Asks Users to Reset Passwords



hover logoI use Hover to handle all of my domain name registrations. Yesterday, I received an e-mail from the company asking me to reset my password. From that e-mail:

We are writing to let you know that we reset your password today. If you are unable to log into your Hover account, you will need to use the ‘I forgot my password’ option on the sign in page to change your password.

We did this as a precautionary measure because there appears to have been a brief period of time when unauthorized access to one of our systems could have occurred. We have no evidence at all that any Hover accounts have been accessed, but even the possibility that this could have happened moved us to err on the side of extreme caution.

We apologize for the inconvenience.

I’m never surprised to receive notices like this. It seems like we’re being asked to deal with security breaches in our online accounts on a daily basis these days. But I haven’t been able to find any further information online as to what exactly happened at Hover. The company didn’t post anything about the breach on its blog and none of the usual tech-news outlets have mentioned it. I understand that this isn’t exactly the kind of thing Hover would want to publicize. But the company probably has many customers who’ll never see the notice I received, just due to the nature of e-mail and how people use it.

Regardless, I did change my Hover password today without incident. If you’re also a Hover customer, be sure to create a new password for yourself as well.


Sonavation’s IDKEY Secures Your Passwords



IDKEY M-SeriesAt last count, I had over 300 usernames and passwords in my password manager. It’s a ridiculous state of affairs and not one that is likely to change soon either. Whatever technique or tool you choose to use, there’s a balance to be struck between convenience and security. Sonavation’s IDKEY might help increase both convenience and security, so Todd puts on his white hat with Jason Oliver from Sonavation.

The M-series IDKEY combines 16 GB of encrypted storage with a fingerprint reader, a small screen and a built-in database to manage confidential information. Simply, it’s a secure password manager that goes on a keyring – no need for any cloud storage here. Once unlocked with a fingerprint, usernames and passwords can be read off the screen, or more usefully the information can be passed securely to a web browser or mobile device via wifi, bluetooth or USB. It’s FIDO-compliant and physically meets FIPS 140-2 Level 3, meaning that anyone who tries to take the hardware apart will destroy the data in the process.

Pre-orders are open now for the M-series with availability expected in Q1 for $279. It appears from the IDKEY website that there is a cheaper X-series version but no detail on price.

Interview by Todd Cochrane of Geek News Central for the TechPodcast Network.

Become a GNC Insider Today!

Support my CES 2024 Sponsor:
$11.99 – For a New Domain Name cjcfs3geek
$6.99 a month Economy Hosting (Free domain, professional email, and SSL certificate for the 1st year.) Promo Code: cjcgeek1h
$12.99 a month Managed WordPress Hosting (Free domain, professional email, and SSL certificate for the 1st year.) Promo Code: cjcgeek1w
Support the show by becoming a Geek News Central Insider

StickyPassword Password Manager at CES



StickyPasswordOne of the plagues of modern life is the need to remember umpteen passwords and it’s getting worse as hackers get more sophisticated and passwords need to get longer and more complex. The ex-AVG team at StickyPassword have put together a comprehensive cross-platform password management solution. Todd sits down with Thomas to learn more.

StickyPassword Premium is available for Windows, Mac, iOS, Android and Amazon devices, and can synchronise between multiple devices either via direct wifi or through the Amazon cloud. Security appears to covered with AES256 encryption and the data file is encrypted before transmission minimising the risk of interception during a sync. Where available, i.e. the iPhone, fingerprints can be used to secure the app and data: for everyone else it’s a single master password.

If you want to try it out, there’s a free version that has everything except the sync. For that it’s $19.99 a year.

Interview by Todd Cochrane of Geek News Central for the TechPodcast Network.

Become a GNC Insider Today!

Support my CES 2024 Sponsor:
$11.99 – For a New Domain Name cjcfs3geek
$6.99 a month Economy Hosting (Free domain, professional email, and SSL certificate for the 1st year.) Promo Code: cjcgeek1h
$12.99 a month Managed WordPress Hosting (Free domain, professional email, and SSL certificate for the 1st year.) Promo Code: cjcgeek1w
Support the show by becoming a Geek News Central Insider

CAPTCHA on a Router?



D-Link has created the first router that makes you answer a CAPTCHA word before you can do anything on the router. It’s an interesting idea – you change the IP address, you add a CAPTCHA. It does thwart Bots from breaking into the system, but is it really necessary?

Captcha

CAPTCHA stands for “Completely Automated Public Turing test to tell Computers and Humans Apart” – of course it’s that annoying word (or words) you have to enter that is all distorted. You may have to enter it once, you may have to enter it every time you post or change settings. Sometimes CAPTCHA can get really hard to read – there are times you just have to refresh the CAPTCHA because the words are just not legible.

CAPTCHA has been broken, too. Using OCR the bots can read and relay the word. Therefore, the more blurred the word(s), the harder it is to break.

D-Link put out the following statement:

In response to the growing number of these attacks and subsequent user security concerns, D-Link has integrated CAPTCHA – a system, designed to detect whether responses are human or computer-generated – into its popular home and small office routers as an extra safety measure. CAPTCHAs are used to prevent malicious software from performing actions that degrade the quality of service on a network, such as those found in worms, viruses and Trojan horses.

So why CAPTCHA on the router? Well, this is mostly for those that use their routers on more than pushing out wireless access. I have my router set up so I can remote into my main machine if need be. I use the router to collect some data. I also have the router blocking certain things so people cannot do items like download torrents.

Unlike other brands, the majority of D-Link® routers are not as easy to be compromised since our design is proprietary. However, we’re excited to be the first in the market to announce we have taken the initiative to implement CAPTCHA into our routers, thus providing yet another layer of security to our customers,” said AJ Wang, chief technology officer of D-Link. Popular D-Link router models that now feature CAPTCHA include the DIR-615, DIR-625, DIR-628, DIR-655, DIR-825, DIR-855, DIR-685, and DGL-4500.

Design might be proprietary, but it just means it’s more of a challenge for the programmer to break. Then again, @_Good_P@s$w0rd_woRks_a_1ot_b3tter (a good password works a lot better). And believe it or not – a password like the one I just emulated here is just as memorable as “Password1”.

Personally, it’s not a selling point for me. Routers that focus on plugging their security holes and giving you more managability is what I want. Not an annoying word that I might not be able to read.


QwicKey – CES 2009



Quickey_logo1aQwicKey is a personal online security device that operates as an easy-to-use password manager aQuickey_usbnd automatic form filler. It keeps your identity safe and your communications secure via its compact USB magnetic stripe card reader. Don’t try to remember all those passwords and user names, QwicKey can securely access them all.

QwicKey is available now for Internet Explorer and will be soon available for FireFox and Safari. The QwicKey Reader and one year subscription is $49.95 and $29.95 for additional years.