spacer spacer spacer


Who's got the password?

So, in addition to my bizarre experience where I started selling DVDs on ebay that I did not own, I just had a company that I used to do business with email me and tell me that the company they use to manage their user accounts had had all their data stolen. And that in that data was my email address and my password (yes, the usual password that I have used for years for everything, since I can’t remember passwords and it seems insecure to record them all on my laptop, which could be stolen).

Their bad for storing passwords ‘in the clear’. The very least they could do would be to use the well-known mechanisms for storing passwords through a ‘one-way encryption’ that makes it easy to check that the right password is being given, but very hard to figure out what that password is. [Don’t ask me to explain more than that. It’s some deep mathematical magic that has to do with bits of math beyond my fuzzy brain, and the fact that computers are still relatively slow, although if enough money is at stake, you shouldn’t rely on that.]

What to do… In theory, the people with this stolen data could just go round the internet connecting to the usual places like Amazon, PayPal, EBay, etc. enter the email and password they have stolen and wreak all sorts of havoc on me. Luckily, I don’t keep my credit card on file at these places. I force myself to enter it each time I buy something. Slows down the outflow of cash from my wallet — a little bit.

But, now seemed as good a time as any to try to be a little more cautious about the internet. So, what I have been laboriously doing is going through my Keychain, searching for accounts where the login is my email address. If you right click on one, you get a menu with a ‘Go There’ action, which should take you to the site, where Safari should auto-fill in your login and password (assuming you have told Safari that it can do that). Once logged in, I find the ‘change my password’ page, then go back to Keychain and use File/New and click on the little Key symbol to get the Password Assistant. I pick Letters&Numbers and a length of 12, and copy that string. I paste it into the new password field on the website, then I log out, and log back in (with my new password). Safari should notice that you have a new password, and offer to save the new password for the web site.

Other than having to do this for every bleeping account I can think of that might cause me pain if someone broke into it, its a pretty simple procedure.

Now all my passwords are different, so I have less to worry about if one of these sites is as stupid as the one that gave away my old password. It just means that I can’t log in to any of these accounts from someone else’s computer, since there is no way in the world I can remember these passwords any more… Maybe if I am lucky, the iPhone will eventually get a keychain app that can sync to my computer.

If you are using Firefox instead of Safari, Firefox has its own keychain, under Preferences/Security/Passwords. If you haven’t already done it, you need to tell it to use a Master Password, or anyone who can get to your computer can see all your passwords. Once you do that, you should do a similar dance to give yourself different passwords for each site.

07:18 | Link | Reply | Track


GMail IMAP on my iPhone

Here’s how I did it. Slight variation on GMail’s instructions:

In Apple Mail, set my gmail/POP account to inactive. Create a new gmail/IMAP account. Under Preferences/Accounts/Mailbox Behaviors uncheck all the boxes to store messages on the server. (Because mail sent through GMail is automatically saved on the server, so Mail does not need to do it. Drafts will get saved over and over as you write a message and not deleted [a bug Google should fix, IMO], Junk see below, and Trash you don’t want, since that will permanently delete messages [you might as well keep them all since Google allows it, you never know when you might want to search and find something you deleted].)

The easiest way to create the correct account on your iPhone is to re-sync your iPhone, under Info/Mail selecting your new GMail/IMAP account and under Info/Advanced selecting Replace for Mail Accounts. This will correctly create a GMail/IMAP account on your phone. You should double-check under Settings/Mail/(your GMail account)/Advanced that your Mailbox Behaviors all say On My iPhone, for the same reasons given above on why Apple Mail should be set to not save to the server.

Finally, Google does such a good job of junk mail filtering, I turn off Apple Mail’s junk mail filtering. (This is my main reason for switching to GMail. The iPhone does no spam filtering — by sending all my mail through GMail, I see nearly no spam on my iPhone now.) If a message does sneak through, you can inform Google about it by moving the message from your InBox to the [GMail]/Spam folder. Similarly, if you really want to delete a message (not just archive it), you can move it to the [GMail]/Trash folder.

09:06 | Link | Reply | Track | Comments (1)