Sophos Cloud Optix
Oh, the joys of late night television in the United States!
When there’s nothing funny on American TV, you can always rely upon an infomerical selling some crazy product to have you chuckling or simply agog in disbelief that anyone would ever buy such a thing.
Ellen DeGeneres clearly feels the same, and she recently focused some attention on a product that claimed to solve a computer security problem experienced by many internet users – how to remember your passwords.
Take a look at the video below about the “Internet Password Minder”:
As one of the customers featured in the infomerical breathlessly explains:
"I don't have to worry anymore about security or identity theft... I now have all my passwords in one place. It's great"
At first I thought perhaps the people behind the “Ellen” show had made the infomercial as a spoof, but now I’m not so sure. After all, I find it hard to believe that *any* infomericals are real.
As Ellen amusingly asks, wouldn’t it be cheaper to save money and write all your passwords on a $5 bill?
You could even keep the (patent-pending – don’t steal the idea!) $5 bill password minder in your wallet if you liked – much more convenient than the book-sized Internet Password Minder!
Sheesh.
Here’s a video explaining how to generate a tough, hard-to-crack password that is still easy to remember.
(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)
Well done for Ellen for raising awareness of password security issues with her large TV audience in an amusing way.
PS. Just as I was about to publish this article, I found a comment on Ellen’s website from someone who claims to be the woman in the infomercial who no longer worries about identity theft.
Hat-tip: Paul Baccas, who hasn’t yet explained what he was doing watching Ellen.
And as for the helpful comment on the YouTube clip: "Just use one password for everything and you dont have to buy crap like that…" !
[speechless]
I have seen that infomercial and similar products in stores. Thought it was just me that saw the humor. Thanks for sharing.
Wow.
I couldn't help but laugh, but someone re-labeling/marketing an address book as a password storage solution is also sad, because you know there will be people who, even if they don't buy this product, will take the idea of writing their passwords in a booklet as a solution. So, yes, kudos to Ms. DeGeneres for exposing this and showing how ridiculous it is. 🙂
As to Mr. Ducklin's video: A) I appreciate the thought that went into his password methodology, however, doesn't that create a rather short overall password? Doesn't length trump complexity – or is that still up for debate?
B) I actually like the idea of a password "safe" software, especially for folks who have difficulty with managing their passwords, but, if their machine is infected with a keylogger couldn't that capture their master password and therefore expose their entire password library?
ummm – that is Mr Cluley's video you see above.
Amazon is full of "Internet Password Books" – and most have 5 star ratings!??
http://www.amazon.com/Internet-Password-Organizer…
Since you mentioned KeePass as a serious alternative to the "Internet Password Minder" I've been using it for a few years, it's very good IMHO and free (donations are accepted but not required). It's actually much better than the Steganos Password Manager 2006 I used previously it has more features and options in general and specifically for how it creates PWs.
I've seen smaller generic versions of the password minder in several stores, a slant on the old telephone/address books that fit in a pocket or purse. The clerk at one store said she planned to buy one.
That infomercial has the same look, feel and sound (the narrator) as the "Make My Logo Bigger Creme" spoof (as a graphic/web designer, one of my favorite spoofs of all time) http://www.makemylogobiggercream.com/
Seriously, I've seen these books on Amazon (in the UK) for some time now. It is crazy – but then, I've also seen people keep their passwords in plain text files on their computer. At least if they're in the book, they can't get hacked!
I laughed so hard and sent it to all my friends. Plus posted it to FB. When you work for a Fortune 100 company like I have – it's a total joke when it comes to having a different password for everything. I keep all my passwords in a password protected excel spreadsheet. Experts say DO NOT use the same password for everything because if hackers get that one password, then they own you.
I would never trust a site to remember all my passwords. I tend to use phrases and replace certain obvious words with numbers or spell them in alternative ways. Also since I sell parts, I use my favorite part numbers as part of certain password combos.
Creating password security level tiers is probably the best way to remember your passwords.
Trusting all your passwords in one place other than your head is an eventual security risk. So using phrases that you can remember and grouping them by type is my best solution.
Ah, the joys of a good memory. Unfortunately, not all of us are so blessed.
I find it far easier just to remember random strings of characters / letter
like ij7OPql970XTui
(Congrats, you have a password… now you need the site / username that is associated with it!)
But then I ask why FORUM SOFTWARE gives me a hard time in generating a "strong password."
Why should I care that my forum account gets hacked, here; have a password of "password"… or 123qwerty! or 123$QWe if you're so "OMG, my PUBLIC FORUM ACCOUNT could be hacked!"
We need to start taking password security LESS seriously where is it unfounded and MORE seriously where it is… otherwise we have people using their "strong passwords" on soft-targets which THEN can be used to crack their hard-targets.
And if you lose the book …….
I don't think the issue is with writing down passwords, I think the issue is with writing passwords in a book clearly labelled "PASSWORDS" which you keep on your desk for convenience.
I keep secure documents and, yes, some authentication details on paper, but in a hidden safe with a PIN used for nothing else.
I was talking about when infomercials typically air. Hope that explains it. 🙂
http://xkcd.com/936/
Every time I think of password security.
I had to laugh at that Ellen clip, but in all seriousness, that sure would come attractive to a person who breaks into someone's house!
However, I will say this: My mom has watched this show for a little bit for me to know that The Ellen DeGeneres Show is a daytime talk show, not a late night show like it says above! (Unless you were referring to the commecial Ellen was referencing, in which case, you would have to sleep-dial the number to be in the mind set just to get one!)
I was referring to the infomercial, not the Ellen show. Sorry if that wasn’t clear.
Its good that issues surrounding passwords are now common knowledge enough that it is viable comedy for a mainstream show like ellen.
Most end users do not have a clue about how to pick passwords or how to keep them safe. I would hope that common sense would stop people buying this. However most people tend to either stick passwords to the screen, in a draw or in the back of a diary.
I use software called SafeWallet
LOL! Great post.
Regarding the "how to" password video, just use a properly punctuated sentence that has a location based variable aspect. It will be longer, yet, easier to remember and typ. As well as being unique to each site.
For a lame example, "What is my password for BOA?" for use at Bank of America. (Guess which part you change for other locations.)
Sure, you could use letter substitution but basic password tools already take those into account. And then there are rainbow tables. So, a coherent sentence is the most memorable with use of all, or most, charactersets.
Using the same pass phrase for each site (and just changing the location) doesn’t sound like a great idea to me
That sounds like what I call a formula password. The problem being, what happens if someone determines your formula?
Surely truly random passwords, remembered by a password manager, are better?
I use a kind of variation of what Travis suggested above, and what you said in the video, but my PWs are specific to each site, which makes them a bit easier to remember.
Say the site is DogRescue.org.
My PW would be: Come 'ere, boy! Good dog! I could safely write down the first letters as a reminder.
MY problem is remembering log in/screen names at which sites…
LOL, nice tip for secure password, I already do something like that, additionally I make a rotation password policy, and in a short time two factor authentication with physical OTP.