How to improve your online security

Improve your Online SecurityI’ll be honest: I didn’t think I had to explain any of this, because I thought it was obvious.

Given the number of recent online security breaches – including the release of really, really bad passwords – clearly it’s not so obvious.

Well, I guess I shouldn’t be surprised. After all, I think about this kind of thing as part of my work. Most people don’t. It’s my job to program things that work, but a big part of it becomes making things that other people will find difficult to exploit.

Otherwise, what’s the point? No one cares if it “just works” if some evil person out there can break it in 5 minutes! The way to go about doing this is to not program a single line of code until you’ve got the whole thing sorted in your head. Then, think about how you would hack it.

You don’t do this by thinking like yourself; you must think like someone who wants to attack you. Unless you’re a Russian chess master, you probably don’t think this way very often.

But, not to worry! The following are a few tips that will greatly increase your online security without making your brain catch on fire. Which is nice…

Read more…

How does password authentication work on web sites?

Ashley Madison HackedI recently read an article about the Ashley Madison hack. For those of you who aren’t into cheating on your spouse, Ashley Madison is a web site where you can sign up and meet up with other lovely people in order to have an affair.

Anyway, they were recently hacked. More than 11 million passwords were obtained, and the reason why made me fall off my chair.

In short, the users’ usernames + passwords were stored in the site’s database in an MD5 hash – along side a BCrypt hash of the user’s password.

Well, what does all this mean to you?

Read more…