What You’re Doing Is Rather Desperate

Notes from the life of a bioinformatics researcher

Online security paranoia

If like me you use a lot of online services, you may want to use at least two different passwords depending on whether the site offers secure login or not. How do you know if secure login is available? Simple: the URL begins “https” instead of “http” and most browsers will display a padlock (or similar) icon.

Take care too when using Firefox addons which access your online services; many addons don’t use HTTPS.

Sites that I use which offer HTTPS login:
Any Google site; WordPress; Facebook; del.icio.us; Flickr; last.fm; RTM (optional, not by default); Zoho; my Trac/SVN installation

Sites that I use which apparently do not offer HTTPS login:
Nature Network; Nodalpoint; CiteULike; Scintilla; Slideshare; Technorati; any of my Joomla sites

Feel free to provide more examples or corrections in the comments.

Written by nsaunders

January 15, 2008 at 12:03 pm

Posted in computing, networking, web resources

« Rapid command-line access to the PDB
When it’s obvious to you but not to…anyone else »

4 Responses

Subscribe to comments with RSS.

  1. HTTPS login is oft-requested for Drupal (which would cover Nodalpoint and Scintilla), but tricky to implement because you really want to encrypt the ‘edit my account’ page as well. Still, I should get round to fixing it.

    alf

    January 15, 2008 at 9:20 pm

  2. since you raise the idea of passwords… may i share this old *nix adminstrators ‘trick’ of creating nearly unforgettable (and moderately secure) passwords.

    1. pick a phrase or abbreviation you use. it might be your university (try “psu”)
    2. pick a number that you also use.. perhaps your office extension (try “0123″).
    3. ’shuffle’ the letters and numbers “0p1s2u3″.
    et voila!

    a short verbal ‘reminder’ of “penn state phone” will be the mnemonic to ‘trigger’ the password. it’s simple to create several easily recalled passwords that are much more secure than ‘rover’, ‘insert-girlfriends-name-here’ or, gasp, ‘password’….
    :)

    guy

    January 16, 2008 at 5:31 am

  3. Nice tip. I use “pwgen” under Linux to generate passwords which have a good mix of case and characters and are often memorable – though less so than your method.

    nsaunders

    January 16, 2008 at 10:11 am

  4. [...] like SkwQ92#l for example) because they’re hard to remember, go and read the comments in this blog post about secure logins on the What You’re Doing Is Rather Desperate [...]

    Great Trick For Creating Strong But Memorable Passwords

    January 20, 2008 at 7:56 am


Comments are closed.