Hasta La Gadget!

This article was written on April 30, 2010 by CyberNet.

One topic that is always sure to strike up a nerdy conversation is whether you should let your browser store your passwords. There is the obvious security risk of what happens when someone gets remote access to your computer, or even worse physical access. We’ve seen plenty of utilities that are able to quickly extract anything that isn’t protected by a master password, but the bigger issue is that not all browsers (like IE) even support a master password.

So what do you do? One option, albeit not my personal favorite, is to not have the browser store the password at all. As one of our commenters pointed out there is a good compromise in a situation like this, where you can get the convenience without forfeiting the security. The key is having the browser remember only part of the password, and then you typing in the latter half of it manually. Here’s a better breakdown as to how this works:

1. Go to a website that requires you to login.
2. Enter in your username, and then in the password field enter in only part of the characters. For example, only enter 10 out of the 15 characters of your password.
3. Submit the form, and the website should say the login failed (since you didn’t enter in your full password in the previous step). However, you should have still been prompted by the browser to save the password (like in the screenshot above). Go ahead and save it.
4. The next time you have the browser autofill in the username and password all you have to do is type in the remaining 5 characters.

A good way to take advantage of something like this is to make the part the browser remembers extremely hard to guess. You should use letters, numbers, and characters for that portion since it’s only the tailend of the password that you actually have to remember. Here’s an example:

My username: cybernetnews
My full password: 8^leU-4T_cybernet
Have the browser save this part: 8^leU-4T_
All I have to type in at the end is: cybernet

Unfortunately this solution doesn’t actually work in Chrome since it doesn’t prompt you to save a password until it knows it went through successfully, but it does work just fine in Firefox and Internet Explorer. Since Firefox already supports using a master password I’d say this is less important there, but it’s more useful in IE since your passwords are always up for grabs with very little work.

A big thanks to mOrloff for the tip!

Copyright © 2011 CyberNetNews.com

Related Posts:

Google Chrome Master Password Still Non-Existent?ATM Thief Reprograms Money DispenserCyberNotes: How Safe are Passwords in Internet Explorer, Firefox, and Opera?Microsoft Password CheckerCyberNotes: Is Your Password Pathetic? Use SuperGenPass

It’s a little shocking that it’s taken this long to get a Digital Copy that’s compatible with Android, but clearly it’s the week of shackles being broken. Just yesterday, Qualcomm announced that all future Snapdragon devices would be cleared for Netflix streaming, and now Twentieth Century Fox Home Entertainment is announcing that its impending Unstoppable launch will allow Android users to watch the flick on the go. By enabling the transfer through BD Live, it marks the first time that this has been possible with Google’s mobile OS, though it should be noted that consumers will need the disc itself, a WiFi-connected BD player, Android 1.6 or higher and the free PocketBLU app to make the magic happen. Both the movie and app can be downloaded starting today, but here’s the real question: are you willing to invest in a movie just to experience Digital Copy… on Android?

Continue reading Unstoppable: the first Blu-ray film with Android-compatible Digital Copy

Unstoppable: the first Blu-ray film with Android-compatible Digital Copy originally appeared on Engadget on Tue, 15 Feb 2011 07:00:00 EDT. Please see our terms for use of feeds.

Permalink   |   | Email this | Comments

Remember back in 2005 when kiddy phones were all the rage? Well, with the release of the single-button 005Z, Softbank and ZTE are giving toddler connectivity another try. Like the Firefly and the Migo before it, this little guy limits outbound calls, but unlike its predecessors, the 005Z only allows for one pre-programmed number — so if baby’s in danger, mommy better have her cellphone charged. While the one-button approach is limited, the phone also acts as an alert system: when the cord is pulled, a loud buzzer sounds (à la the rape whistle) and SMS and voice messages (both of which contain the kid’s location) are sent to emergency contacts. As far as we’re concerned, a child with a cellphone is a nightmare in the making, but if you’re into that sort of thing (and live in Japan) the 005Z will be available this March for ¥490 ($5.90) a month.

ZTE 005Z emergency cellphone keeps your kid safe, cooler than other kids originally appeared on Engadget on Thu, 10 Feb 2011 19:11:00 EDT. Please see our terms for use of feeds.

Permalink Technabob  |  Softbank  | Email this | Comments

Losing your smarpthone is bad enough. But if you lose your iPhone and don’t issue a remote wipe command (available for free with the Find My iPhone app) then you could find yourself in a world of hurt. Researchers at the Fraunhofer Institute Secure Information Technology (Fraunhofer SIT) can jailbreak and decrypt passwords from the iPhone’s keychain — for say, your Gmail account, corporate VPN, home WiFi, and MS Exchange — in about six minutes using existing, known exploits. Sorry kids, your flimsy lockscreen passcode won’t help. Video proof, after the break.

Continue reading Researchers steal iPhone passwords in six minutes (video)

Researchers steal iPhone passwords in six minutes (video) originally appeared on Engadget on Thu, 10 Feb 2011 06:16:00 EDT. Please see our terms for use of feeds.

Permalink   |  PCWorld  | Email this | Comments

So far, Chrome is the only browser of the big four — Safari, Firefox, and Internet Explorer being the other three — to escape the Pwn2Own hacking competition unscathed the past two years. (Sorry Opera aficionados, looks like there’s not enough of you to merit a place in the contest… yet.) Evidently, its past success has Google confident enough to pony up a cool $20,000 and a CR-48 laptop to anyone able to find a bug in its code and execute a clean sandbox escape on day one of Pwn2Own 2011. Should that prove too daunting a task, contest organizer TippingPoint will match El Goog’s $10,000 prize (still $20,000 total) for anyone who can exploit Chrome and exit the sandbox through non-Google code on days two and three of the event. For those interested in competing, Pwn2Own takes place March 9th through 11th in Vancouver at the CanSecWest conference. The gauntlet has been thrown — your move, hackers.

Google’s paying $20,000 to hack Chrome — any takers? originally appeared on Engadget on Thu, 03 Feb 2011 20:33:00 EDT. Please see our terms for use of feeds.

Permalink ComputerWorld  |  TippingPoint  | Email this | Comments