Your Passwords Aren’t As Secure As You Think; Here’s How to Fix That

If you allow applications to save your passwords, anyone with physical access to your PC can decode them unless you’re properly encrypting them—and chances are pretty good you’re not. Let’s walk through the right and wrong ways to store your passwords.

For the purpose of this article, we’ll assume that the people you allow into your house are trustworthy enough not to hack your passwords, and your laptop has been stolen instead—but the tips here should apply to either scenario. Regardless of how you choose to save your passwords, you should make sure to use great passwords and even stronger answers for security questions.

Once You Click “Remember Password” It’s All Over

Almost any application that requires you to login to something will also provide an option to save your password, and once you’ve done that, your password may as well be plain text. Behind the scenes, even if the application encrypts the account information, it’s doing so with a static key that can be easily deciphered through some reverse engineering, and somebody not only can, but already has created a utility to recover those passwords.

It doesn’t even matter all that much if you’ve got a tough Windows password; anybody with physical access to your PC can use an Ubuntu Live CD to copy all of your data onto an external drive without modifying anything, and crack your files on another machine whenever they please (assuming you don’t have your entire hard drive encrypted). If they had a little more time, they could use Ophcrack to figure out your password, or they could just be mean and use the System Rescue CD to change your Windows password.

Once that person has access to your files, they can recover your passwords with free tools easily—you can recover passwords in a few clicks from Outlook, Instant Messenger, Wi-Fi, Internet Explorer, Firefox, Chrome, or any number of other applications. All it takes is a quick Google search to find even more cracking utilities.

Pidgin Stores Passwords in Plain Text

That’s right, your favorite open-source, multi-protocol instant messenger client stores your passwords in plain text. If you don’t believe me, just open up your %appdata%\.purple\accounts.xml file in your favorite text editor, and you’ll see your passwords right there for anybody to read.

The decision to store the passwords in plain text is a deliberate one that’s been thoughtfully considered, and while you might initially think it’s a terribly insecure way to handle security, keep in mind that you can simply download any number of utilities like Nirsoft’s MessenPass and recover the passwords from AIM, Windows Live Messenger, Trillian, Miranda, Google Talk, Digsby, etc. The Pidgin developers point out that their option is actually the preferred method for security:

Having our passwords in plaintext is more secure than obfuscating them precisely because, when a user is not misled by a false sense of security, he is likely to use the software in a more secure manner.

The best answer, of course, is to not allow your IM client to store your passwords at all—but if you must store them, you should at least use the built-in Windows encryption, if not a full-blown TrueCrypt setup. Either option would be better than the pseudo-protection most other applications provide.

Password Managers Are the Only Secure Storage

The only truly secure way to store your passwords is to use a password manager to securely track your passwords, combined with a a great master password to protect the rest of your saved passwords—if you use an easy password for your password manager, it would be easy to crack with a brute force attack. Don’t lure yourself into a false sense of security by just using one—your password manager password should be at least 10 alpha-numeric characters if you really want to be secure.

You’ve got a number of great password managers to choose from, like reader favorite Keepass, a cross-platform tool which has many plugins that help you master your passwords and make using a password manager easier to deal with. And, of course, let’s not forget that Firefox has a full password manager built right into the application.

Use a Firefox Master Password (With More Than 8 Characters)

If you want to use Firefox to save the passwords for all your web accounts, you should make sure to enable a Firefox Master Password by heading into Tools –> Options –> Security and checking the box for Use a master password.

Once you’ve done this, Firefox will store all of your passwords with nearly unbreakable AES encryption—providing you use a password with more than 8 alpha-numeric characters and at least one capitalized letter. If you used a weak and pathetic password like “secret”, it could be broken in a matter of minutes with a brute force cracking tool, but a decent 8+ random character password will take at least 73 years for a brute force attack.

Each time you start Firefox and go to a site that requires a saved password, you’ll be first prompted for your master password. By default, the master password authentication will be active for the entire session, but you can use the Master Password Timeout extension to lock your master password again after a certain interval, which is handy if you walk away from your desk without remembering to lock it with Win+L.

Use TrueCrypt to Encrypt Everything

Rather than deal with password managers or whether or not to save your passwords, you could simply create a separate, encrypted TrueCrypt drive, and use portable versions of your applications to keep everything totally secure. If you’re even more paranoid, you can use TrueCrypt to encrypt the entire hard drive—you will be prompted for a password every time you boot, but you can relax knowing that anything you do will be encrypted, even if you use scripts with your passwords stored in plain text. If TrueCrypt isn’t your thing, you can use the built-in encryption functionality in Windows—just keep in mind that if you change your password your data will be inaccessible, and your Windows password can be cracked, giving them full access to your files.


Are you already using a password manager or encryption to keep your passwords secure? Share your best password security tips in the comments.


The How-To Geek uses Keepass and a tough password scheme to keep his accounts secure. His geeky articles can be found daily here on Lifehacker, How-To Geek, and Twitter.

Audi Adds Standard HD Radio for 2011

Audi_A8_HD_Radio.jpg

Audi announced that the A6, A8, and Q7 models will all come with HD radio as a standard feature for 2011, Autoblog reports. The 2011 A4, A5, and Q5 will have HD radio options available.

That means Audi buyers will be able to access over 2,000 HD radio stations on the air–but with a catch.

HD radio doesn’t require subscription fees like Sirius XM satellite radio, and offers cleaner sound on FM channels and FM-stereo-quality sound on AM stations. On the other hand, it’s only available to 85 percent of Americans, and frequent audio drops can occur at the edges of signal coverage.

Pokewalker mini-game to ship with new versions of Pokemon, Pikachu unavailable for comment

Nintendo’s DSi portable gaming device not portable enough? Looking for a discrete way to keep up with your Pokeyman during mass or in your seventh grade English class? Nintendo has just the device for you: New editions of Pokemon will include the Pokewalker, a Tamagotchi-like device that you can transfer your Pocket Monsters to wirelessly. By “walking,” one can catch wild Pokemon, search for hidden items, and even find new routes within the new HeartGold and SoulSilver versions of the game. Due to hit the scene March 14 for a price yet to be announced. PR after the break.

Update: To be clear, yes, this thing contains a pedometer — meaning that you can earn experience points by walking around the neighborhood. Finally a reason to leave the apartment!

Continue reading Pokewalker mini-game to ship with new versions of Pokemon, Pikachu unavailable for comment

Pokewalker mini-game to ship with new versions of Pokemon, Pikachu unavailable for comment originally appeared on Engadget on Mon, 11 Jan 2010 11:39:00 EST. Please see our terms for use of feeds.

Permalink   |   | Email this | Comments

T-Mobile acknowledges 3G issues on Nexus One

T-Mobile confirms via its user forum that the Nexus One is having problems connecting to its 3G network. pOriginally posted at a href=”http://www.cnet.com/8301-19736_1-10432087-251.html” class=”origPostedBlog”Android Atlas/a/p

Microvision laser projection gun hands-on

You didn’t think CES was over, did you? Saving a true gamer’s delight for last, we went along to meet with Microvision’s reps today and were introduced to its PicoP laser projector and gun gaming peripheral. The projection tech employed here is unique, as each pixel (848 x 480 resolution) is itself an RGB laser reflecting off a mirror which flips 60 times a second. What that results in is a permanently focused projection, no matter how much you wiggle, jiggle or maneuver the projector. The whole thing fits within 6cc and was designed to be embedded into phones. We snapped a few pics of the standalone projector and then moved on to the rifle gaming controller. Come along after the break to check out our hell-raising skills on video, as well as some more in-depth impressions of the hardware.

Continue reading Microvision laser projection gun hands-on

Microvision laser projection gun hands-on originally appeared on Engadget on Mon, 11 Jan 2010 11:16:00 EST. Please see our terms for use of feeds.

Permalink   |   | Email this | Comments

Is an Apple Tablet on the Way? Orange Exec Says ‘Oui’


Perhaps caught off guard, an executive of international carrier Orange said in a French TV interview that an Apple tablet will debut soon.

In the video above, Stéphane Richard, who is set to be Orange’s CEO, responds “Yes” when French media asks whether the rumors are true that an Apple tablet will debut soon. The interviewer then asks Richard whether the tablet will be available for Orange customers, to which the executive replies, “Of course.”

Rumors have run wild that Apple will introduce its much anticipated 10-inch touchscreen tablet in a special event later this month. The Wall Street Journal, who has accurately leaked Apple news in the past (including Steve Jobs’ liver transplant) claims the event will be held Jan. 27. The WSJ added that the tablet would be announced this month and begin shipping in March.

Richard’s statement could have been a slip, but it’s also likely that he’s aware the news about the tablet has already leaked — perhaps at Apple’s request. Last week, John Martellaro, a former senior marketing manager at Apple, confessed that Apple sometimes intentionally leaks secrets to WSJ. The purpose? To gauge reaction of the market to certain details such as price, or to panic a competitor, among other sneaky reasons. Very interesting, and a controlled leak to WSJ seems to be what’s happened with the rumored Apple tablet.

Update 3:30 p.m. PDT: Orange’s PR claims Richard’s statements do not “confirm” an Apple tablet and that he was merely saying “Yes” to acknowledge speculation surrounding the tablet. Still, that doesn’t explain why he said “Of course” when asked whether the tablet would be available for Orange customers (such a guarantee could not be independently made by Richard, as it would rely on Apple’s agreement to share the tablet with Orange). Also, it’s worth noting Orange previously acknowledged the existence of the iPhone prior to its launch.

Via SlashGear

See Also:


Lenovo LePhone seen again, Android skinned like Skylight

We’ve been graced with a stack of new shots of Lenovo’s LePhone, and, beauty aside, another standout here is the similarity of this phone’s Android / OPhone skin to Lenovo’s Skylight OS. Of course, they’re not the same UI exactly, but, between that and the optional keyboard accessory that mirrors the IdeaPad U1‘s detachable display, it looks like the beginning of a happy — and winsome — family. Wander on to the gallery for all the shimmering and glossy poses — including one that looks suspiciously like HTC’s typical exploded view of all angles.

Lenovo LePhone seen again, Android skinned like Skylight originally appeared on Engadget on Mon, 11 Jan 2010 10:51:00 EST. Please see our terms for use of feeds.

Permalink   |  sourceLePhone  | Email this | Comments

I’m Sold On 3D TVs…And I Kind of Hate Myself For It

I’m a skeptic who’s seen every consumer-grade 3D TV in existence from manufacturers like Panasonic, Samsung, and Sony. I’ve seen OLED 3D, plasma 3D, LCD 3D and LED LCD 3D. And I’ve finally made up my mind on the matter.

Even though every technology coming to market this year requires glasses, even though 90% of 3D implementation is unwatchable, even though the tech will inevitably be dated within the next few years…

I would buy a 3D TV this year.

(Now realize there are about a thousand caveats to that statement, which is what this entire piece is really about.)

I wouldn’t buy any old 3D tech.

There is only one TV I’ve seen—out of very, very many—that captivated me like Avatar on IMAX. While most of the time I couldn’t wait to pull the glasses off my face, LG’s 60-inch plasma prototype, slated to be a real product later this year, sort of rocked my world with nearly flicker-free performance. Panasonic’s Viera V Series TVs, using similar methods on paper (plasma with shutter glasses), was a close second, as it strobed more. And I’m still curious as to why that was the case—whether it was shutter glasses, the lighting environment, the source material (the LG showed more animation, which looks great in 3D) or the display itself that made the difference.

Not trusting my own eyes, I sent two other members of Giz to look at each set as well. They didn’t see a difference. So I’m willing to call Panasonic and LG a tie.

As for OLED and LCDs—what you see from companies like Sony, Toshiba and Sharp—the image strobes AND the motion is choppy (imagine a low frame rate video game on top of flickering film). Those techs are a complete pass. (I know, OLED is supposed to be great. In 3D, it most certainly isn’t.)

I wouldn’t buy anything but a BIG 3D TV.

Without fail, the bigger the 3D, the better the illusion. Anything under 50 inches is basically a joke, unless it’s your computer monitor or something. And I will say, even though Vizio’s XVT Pro television wasn’t my favorite experience (it’s an LCD and thereby less smooth), the fact that it was 72-inches meant that a plane’s wing almost hit me in the nose.

I wouldn’t pay much more for a 3D TV.

LG told me that the 3D-capable version of their plasma set will only be a $200 premium over the non-3D version. I’m willing to pay that extra cost as an idiotic early adopter, knowing that the television is a nice HDTV when it’s not showing 3D. Of course, to be completely fair, that $200 premium applies to a premium set to begin with, not a bargain bin TV that many of us settle for out of sanity.

I wouldn’t watch 3D all the time.

Even in some content utopia where I could watch everything I ever wanted in 3D (right now, we’re limited to promises from Blu-ray, select broadcasters and some DirecTV), I wouldn’t choose to with the current glasses/TV setup. Even the best experience I had was tiring, and unless I’m really getting something special from meticulously produced media (like movies, or maybe even video games), I’m going to do what I do best when watching television: be lazy. For hours. Eye strain is a major concern.

Back to that content point for a moment, every movie that Pixar is making from here on out promises to be in 3D. Video games should be somewhat turn-key to make the 3D transition as they’d like. And Hollywood is definitely pushing 3D. But within 2010, it’s tough to envision a lot more than extremely limited broadcast and yet another viewing of the inevitable Avatar Extra Special Edition Blu-ray.

I wouldn’t replace my 2D TV.

If I weren’t looking for a new TV already, 3D alone wouldn’t sway me to plop down a few grand—at least not today—a decision influenced by both the imperfect experience and the limited media. It’d be nice to have, sure. But most people can and will wait, I’d bet.

I wouldn’t TOTALLY overlook an LCD curveball.

One manufacturer let me in on a secret—the LCDs on the CES show floor are mostly refreshing at 4ms. But by the time these TVs ship, they’ll be refreshing at 3ms, thanks to an industry-wide chemical-based update in LCD panels. Plasma is on top for the moment, but 3D LCDs shouldn’t be quite as bad by the time the TVs actually ship in Q3. (Though, they may still be noticeably inferior to plasma.)

So that’s my view. Go ahead, heckle me and my glasses that will look stupid and dated, well, they look stupid and dated today. But watching the best 3D TVs—namely, top tier plasma—is actually a pretty amazing experience…one that might be worth the sometimes literal headaches.

And these chicks in bikinis totally agree with me.

Holiday tech sales dip slightly, NPD says

Sales of consumer electronics for the 2009 holiday-shopping season came in at $10.8 billion, a drop of less than 1 percent from 2008 when sales fell 6 percent.

‘Xbox Live Games’ to plug Windows Mobile into Xbox ecosystem at last? Wouldn’t that make too much sense?

We don’t want to get our hopes up again, after having them repeatedly bashed against the rocks by a merciless Microsoft that’s spoke quite highly of the potential synergy of its brands and yet so far held its mobile and gaming segments far apart, but this sounds promising. Apparently a slide from some internal Microsoft marketing material is making the rounds that says Xbox Live Games is the “mobile version” of Xbox Live for Windows phones, speaking in the not-yet-accurate present tense, and matching up with a recent job posting we’ve seen. Of course, that seems a completely obvious move for Microsoft, particularly with Windows Mobile 7 right around the corner, and we would assume it would bring along with it not just the social features of Xbox Live but also some gaming for these next-gen smartphones that can most certainly handle it. Shoot, there we go being logical again.

[Thanks, Philip]

‘Xbox Live Games’ to plug Windows Mobile into Xbox ecosystem at last? Wouldn’t that make too much sense? originally appeared on Engadget on Mon, 11 Jan 2010 10:28:00 EST. Please see our terms for use of feeds.

Permalink MobileTechWorld  |  sourceKotaku  | Email this | Comments