Online security paranoia

If like me you use a lot of online services, you may want to use at least two different passwords depending on whether the site offers secure login or not. How do you know if secure login is available? Simple: the URL begins “https” instead of “http” and most browsers will display a padlock (or similar) icon.

Take care too when using Firefox addons which access your online services; many addons don’t use HTTPS.

Sites that I use which offer HTTPS login:
Any Google site; WordPress; Facebook; del.icio.us; Flickr; last.fm; RTM (optional, not by default); Zoho; my Trac/SVN installation

Sites that I use which apparently do not offer HTTPS login:
Nature Network; Nodalpoint; CiteULike; Scintilla; Slideshare; Technorati; any of my Joomla sites

Feel free to provide more examples or corrections in the comments.

4 thoughts on “Online security paranoia

  1. alf

    HTTPS login is oft-requested for Drupal (which would cover Nodalpoint and Scintilla), but tricky to implement because you really want to encrypt the ‘edit my account’ page as well. Still, I should get round to fixing it.

  2. guy

    since you raise the idea of passwords… may i share this old *nix adminstrators ‘trick’ of creating nearly unforgettable (and moderately secure) passwords.

    1. pick a phrase or abbreviation you use. it might be your university (try “psu”)
    2. pick a number that you also use.. perhaps your office extension (try “0123”).
    3. ‘shuffle’ the letters and numbers “0p1s2u3”.
    et voila!

    a short verbal ‘reminder’ of “penn state phone” will be the mnemonic to ‘trigger’ the password. it’s simple to create several easily recalled passwords that are much more secure than ‘rover’, ‘insert-girlfriends-name-here’ or, gasp, ‘password’….
    :)

  3. nsaunders Post author

    Nice tip. I use “pwgen” under Linux to generate passwords which have a good mix of case and characters and are often memorable – though less so than your method.

  4. Pingback: Great Trick For Creating Strong But Memorable Passwords

Comments are closed.