I am one those people that have a very short attention span for technical instructions, so let me try to explain this as shortly and clearly as possible. Just in case you are like me. 🙂 The idea is to use a system that allows you to do 2 things:
1. Remember your passwords through writing a part of it down. The only thing you need to remember is a part that is the same for all your passwords; a pin if you will.
2. Create passwords that are good and strong, unique and can’t be guessed
Here are the step-by-step instructions:
1. Think of a “pin” for your password, this is the part that is same for all of your passwords. The pin should be 3 characters or longer, it could be something like “25!” and this part should be kept secret.
2. For each of the web sites that you need a password for, you create a code that helps you remember what site/service the password is for. For example aMa for Amazon and gMa for gmail.
3. Continue the password with a random set of 4 or more characters, for example: 2299 or xy76. You should use different random characters for your different passwords.
4. Write down parts 1 & 2 on a note and keep is safe so you don’t forget it. In this example you would end up with a note in your wallet with this written down:
5. When using the passwords, add your pin to them. Remember again that the pin should not be written down anywhere! You can decide the location of your pin too. With the example pin “25!” created in the first step we would end up with 2 passwords that could be:
Tadaa, you now have passwords that are unique and can’t be guessed! And of course you only need to remember a part of it! By having unique passwords you can also make sure that even if someone finds out one of your passwords, the others are still safe.
As a final note, should you choose to use this system, you should come up with your own passwords and not use the ones used in this post or in our Lab’s post.
Hopefully I managed to make it sound relatively easy. If not drop me a question below.
A multinational law enforcement operation gave internet users a big gift just in time for the holiday season! In late November, Europol, the FBI, and several other organizations around the world worked together to takedown Avalanche – an international crime network behind cyber attacks that some estimates say have caused hundreds of millions of dollars in damages since 2009. The network allowed criminals to conduct malware and money laundering campaigns throughout the globe. By providing criminals with hosting services and other infrastructure, Avalanche helped attackers send over one million malicious emails each week in order to spread malware to individuals and companies. Exact numbers for the extent of damage Avalanche inflicted on victims are unavailable. But according to Europol, Avalanche helped criminals cause over 6 million euros in damage to financial institutions in Germany alone. The takedown resulted in seized servers, searched premises, and even a few arrests. F-Secure Labs helped support the multinational effort by sharing their malware analysis expertise with law enforcement officials. “The analysts on our Threat Intelligence team often provide law enforcement with technical assistance for their investigations. When asked to participate, we reviewed thousands of samples seized from Avalanche to validate law enforcement's analysis,” says F-Secure Security Advisor Sean Sullivan. “Matching the seized samples with what we have in our malware database helped law enforcement verify that those files were not only harmful, but that the industry was detecting them and able to help victims.” Avalanche hosted what the US Justice Department described as over “two dozen of the world’s most pernicious types of malicious software”. Some of the more notorious malware families hosted by Avalanche included the Dridex and GameOver Zeus banking trojans. Anyone that thinks they could be infected by these or other types of malware can use F-Secure’s free Online Scanner to help them clean their PCs of many different types of malware infections. And since most malware (besides ransomware) runs silently alongside your regular programs, running something like Online Scanner is necessary if you’re not already using a reliable AV program. ”Collaboration between the industry and law enforcement is the only realistic way to fight cyber crime,” adds Sean. “And even though this is good, it’s not like we’ve defeated online crime. Cyber crime services are a big industry, and the criminals using Avalanche will probably spend Christmas shopping for new tools to use in 2017.” [ Image by Pierre Honeyman| Flickr ]
Studies have shown time and time again that computer science skills are invaluable tools to have in today’s world. And last week at F-Secure headquarters in Helsinki, F-Secure fellow Maaret Pyhäjärvi invited her colleagues’ kids to come to the office to take part in the Hour of Code. The Hour of Code is an initiative from Code.org designed to introduce kids to the wonderful world of coding. And while coding has a stereotypical reputation of being difficult, labor intensive work, Maaret (winner of this year’s Most Influential Agile Testing Professional Person award) feels that this reputation ignores how the right knowledge and skills can empower kids to take full advantage of the benefits technology offers. “I teach kids, because in a world full of computers, we want our kids to grow up knowing how to be creators, not just consumers,” Maaret told me. “I started teaching when I realized that while this stuff is ‘cool’ for the boys, the girls are still often not interested. They have too few models of doing this, and people sometimes portray this job that I love as something it isn’t: asocial and boring.” The Hour of Code is designed to teach anyone holding the preconceptions pointed out by Maaret a lesson about how coding can be fun and engaging. And I mean that literally. Code.org provides anyone interested in throwing their own Hour of Code event with all the support they need to create a fun, engaging lesson for kids up to grade 9 (they also have a page with extra learning resources for kids to continue their computer science education). It even has lesson plans to use with groups of people that have limited internet access or no actual computers. At F-Secure, the kids overwhelmingly voted for a Minecraft-themed exercise when Maaret gave them a choice between that and an activity based on the latest Disney feature (both available on the Hour of Code website). The coding exercise was followed by some drawing, and then a pizza and pop party. It was a great way to spend a morning. It’s also a great way to encourage kids to begin learning about computers responsibly at a young age. Anything that can be said here about the importance of computer know-how in today’s economy would be superfluous. But not many people realize that there's a discrepancy between the kind of computer skills being taught in schools and the kind of computer skills needed by employers. According a recent Washington Post article, only one-quarter of schools in the US teach computer science courses, even though there are currently half a million unfilled jobs that require a computer science education. And while today’s kids are hardly going to fill that gap anytime soon, they do need to start learning the fundamentals needed to develop more advanced computer science skills. For example, a free MOOC called Cyber Security Base with F-Secure recently organized by F-Secure and the University of Helsinki requires some basic knowledge of coding in order to participate. So even though Computer Science Education Week is over, you shouldn’t let this discourage you from giving kids the support they need to get into programming. Check out this website for more information on setting up your own Hour of Code. And here are resources you can use to learn more about coding, programming, scripting, and more (although they’re more advanced than the Hour of Code). Tutorials and Courses via the World Wide Web Consortium Introduction to Computer Science and Programming from MIT OpenCourseWare Code Racer – A video game designed to teach coding (these are development instructions as the actual game is no longer on the web)