Are Your Passwords Safe?

An early password manager.

An early password manager.

Password security is one of the hottest security issues and one of the most difficult to manage, regardless if you are a Fortune 100 company or an independent consultant, such as myself. Password managers make it a lot easier to manage your side of password security, and if you are not using one, you should. I have used password managers for over ten years, including RoboForm (commercial license), KeePass (open source), ThinkPad Password Manager, and LastPass (commercial license). In my opinion, LastPass is far and above the best password manager/safe, as it is platform agnostic, runs in the cloud, has plugins for all major browsers, and runs on nearly every device. I can sit down at any Internet connected device in the world and access my password vault. Continue reading

Evernote Email Fail

If you know me or have read any incarnation of this blog, you will know that I am a huge fan of Evernote, going way back to the beta days. If you are an Evernote user, you are probably aware of the security breach they experienced.  I knew it was big when it appeared on my BBC RSS feed over the weekend.  Although no passwords were compromised, they quickly instituted a plan to communicate the breach and rollout application updates to mitigate any issues.

Although the response was timely, there was a minor fail that I identified: All of the links in the email were to a site that were not, but rather a sub-domain of another site.

Evernote email with links to another site

Example (link abbreviated): Continue reading