download issue 24 here - Help Net Security

More documents

Recommendations

Info

Once unlocked, you can read all information, but no changes are allowed to the content of 1Password. It would not be wise to have the 1Password data in many places as it is still vulnerable to offline password cracking attacks. Hence, the master password complexity is key to the security of your 1Password data. The problems 1Password works very well in most cases. The trouble begins with indexed passwords. Take Direct Line as an example. To login to their system you have to enter your email address and postcode. Then on the next page you are asked to enter the 2nd and 4th character from your password (for example). 1Password has no way of knowing which character the website wants. In this case, the workflow is little more complicated. I need to open 1Password, look up the website entry and display the password for it. Another issue I have with the software is that it does not work well all the time. This is espe- cially true on complex websites where the login or registration form is driven by java script. I have had some websites that simply did not work. To the credit of the developers I must say that they promptly checked the website and sometimes updated the software in the next versions. 1Password on the iPhone I do not always have my Mac with me, but I do have an iPhone. The perfect companion to 1Password on my Mac is 1Password Touch Pro. This application synchronizes all 1Password data to the iPhone. The security model is slightly different here. The entry to the 1Password Touch application is secured by 4-digit passcode. Each entry in the 1Password database then has a flag to indicate whether another password is needed to unlock this entry in1Password Touch application. www.insecuremag.com 26
The master password on the iPhone application is independent from the Mac version and is set when 1Password Touch is installed and run for the first time. In order to access highly sensitive information, you need to enter 4-digit passcode and then the master password. If you feel nervous about having sensitive information on your iPhone, you can select only some folders as seen on the following screenshot. Conclusion I have been using 1Password for over a year now and I am impressed with this product. It has its glitches, but overall I am very satisfied. The usage of 1Password Touch is straightforward, with nice features like integrated web browser with auto-logon capability or copy and paste. It securely synchronizes with the desktop application using the Bonjour protocol. The sync setup is relatively easy. The introduction of the iPhone Pro version in the App Store has enhanced my ability to login to my websites securely from anywhere. Vladimir Jirasek is an experienced security professional currently working as the Security architect in Nokia UK Ltd. He holds CISSP- ISSAP, ISSMP, CISM and CISA and is the member of the ISSA UK chapter. He can be reached at vladimir@jirasek.eu and on LinkedIn http://uk.linkedin.com/in/vladimirjirasek www.insecuremag.com 27
Page 5 and 6: 25 million new malware strains in o
Page 7 and 8: Google hacked, plans to leave China
Page 9 and 10: Hacker attacks on healthcare organi
Page 11 and 12: Even though most standard stacks us
Page 13: Server support still missing Unfort
Page 16 and 17: What are these new approaches? Let
Page 18 and 19: The need for new security controls
Page 21 and 22: How many times have you, as a secur
Page 23 and 24: 1Password interface Although this i
Page 25: The option “Never prompt for mast
Page 29 and 30: Identifying those applications is n
Page 31: The single tool trap Scanning tools
Page 34 and 35: Cloud Security and Privacy By Tim M
Page 36: Spam and phishing scams will follow
Page 39 and 40: This infection method only works if
Page 41 and 42: Hook-createprocess.dll is a DLL tha
Page 43: Here are some of the Twitter feeds
Page 46 and 47: organizations the tools they need t
Page 48: This is not unlike other business o
Page 52 and 53: acronyms without researching their
Page 54 and 55: process of calculation the answer.
Page 57 and 58: In any environment, large or small,
Page 59 and 60: Remoted (running on the server) rec
Page 61 and 62: alpha group alpha events 10000 Ch
Page 63: RSA Conference 2010 (www.bit.ly/rsa
Page 66: And most of the time, they fail bec
Page 69 and 70: We are also working with SANS on de
Page 71 and 72: There are three components involved
Page 73 and 74: " • Support for health checks by
Page 76 and 77:
Sectool (www.net-security.org/softw
Page 78 and 79:
To achieve this, retailers must shi
show all

download issue 24 here - Help Net Security

Create successful ePaper yourself

Delete template?

Save as template?