Here’s something that might increase any feelings of paranoia that you experience around computing and cyberspace

Video conferenceResearchers in the USA (Zoom on the Keystrokes: Exploiting Video Calls for Keystroke Interference Attacks) have shown that it is possible to analyse a recording of a video call (such as a Zoom, Teams, or Skype call) and use computer software to infer, with a fair degree of accuracy, what the person on the recording is typing. Neither the keyboard nor the user’s hands need to be visible on the recording. I confess that any paper whose introduction starts with ” Catalyzed by the ubiquity of the Internet..” is unlikely to capture my undivided attention through to the end, but I think I’ve got the gist of it from Tom’s Guide and a skim of the paper itself.

The basis of the method is that the program looks at reference points in the face of the person in the video and then infers what keys have been pressed from the movement of the arms and shoulders relative to those facial reference points. It sounds fantastic (in the sense of “fanciful” rather than “great!”) and no-one is claiming that it is anywhere near 100% accurate, but it is definitely capable of stealing information.

Zoom building

It’s not just Zoom calls that are potentially susceptible to this kind of attack.

If, for instance, it knows the email address of the person in the recording, then it can recognise that the email address has just been typed with about 90% accuracy. It then assumes that the next thing being typed is a password. If the password is a good, strong, unique, one then it’s going to struggle, but the supposed password that has just been typed can be compared against a database of the most common million passwords. If the person in the recording has been lazy and/or predictable in the password creation then they may now be in danger. Remember, there will also probably be an audio track to the recording so, depending on the context, it could be completely obvious what account the password just gleaned belongs to.

The paper’s authors do go on to offer advice as to how to mitigate the threat. This, naturally, revolves around reducing the accuracy of the analysis. So, wearing long sleeves reduces the accuracy of the measurement of arm movement, and reducing the frame rate or resolution of the video capture also reduces accuracy. Having long hair also affects the analysis, apparently (those were the days!). Some things you might think are relevant, but aren’t, include the make and size of the keyboard (but a “zwerty” keyboard instead of a normal “qwerty” one would probably complicate things). The researchers also acknowledge that they didn’t investigate differences in accuracy caused by the participant’s “error rate” when typing. My mind is now thinking of other potential tactics such as moving the keyboard by a few inches every now and then, or turning off the video when entering sensitive information.

When I first read about this, I thought that you’d have to be paranoid to be worried about it, but the more I think about it, the more realistic the threat appears to become (or the more paranoid I become). Clearly, if your video conference is with someone you trust (and you don’t fear anyone else getting hold of a recording of the session) then there’s probably not a lot to worry about. But what if you are on a conference call with 100 other people who you don’t know?

Will this be just a quirky bit of research that is soon forgotten, or might this become a major new threat to cyber security as the accuracy of the analysis improves? Dunno.

Phishing emails can easily catch you unawares

Phishing Email IconA few days ago, towards end of the working day, I checked my email and found a message from my internet provider. It said that I needed to log in to my account in order to upgrade the options on my account. I was a bit puzzled about which password it wanted and entered my email password for the email account provided by my ISP.

For some reason that – with hindsight – I really don’t understand, I was taken to the genuine login page for my ISP and told that I had entered an incorrect password. After trying the account password and the email password a couple more times, I realised that the email was a phishing scam. This was immediately obvious when I looked at the email address of the sender – nothing whatever to do with my ISP. Here is the email:

Phishing Email Example

This is what I fell for

In these circumstances, it is important to act quickly before the bad guys can take advantage of the information you’ve just stupidly given them. So, I called my ISP (who, being Zen, answered almost immediately and were able to direct me to my password-changing options quicker than I could have found them myself). Just for good measure, I changed the password for both the account and for the email.

Nasty scam emails can have more than one “payload” in each message, so I also ran Malwarebytes and a full antivirus scan. These came out clean.

Now, the morals of this tale are twofold:

  • Over 30 years professional IT experience don’t entirely protect you from doing something daft occasionally – especially, I suppose, towards the end of the day. This is also a good reason for making sure that you take data backups. Some mistakes can be rectified by fishing something out of the recycle bin, but not all.
  • Do not EVER use a password in more than one place. The email password I gave away had been allocated by my ISP when I joined them 14 years ago. I am absolutely sure it has never been used for anything else. Therefore, as soon as I had changed the email password in my Zen account, I was completely confident that I had not exposed any other accounts.

    Phishing Warning

    ..pity I didn’t realise that it WAS from an unknown sender

    Just imagine the grief I’d have been in for if I’d used the same password for Amazon, Youtube, Norton, Apple, Microsoft, Google, etc. It could have taken hours to find all the places where I might have used the same password, and taken corrective action. Indeed, one of my clients had an incident a year or so ago, following which I recommended that she change her passwords, and she later told me that it took more than a day.

I know I keep finding new excuses for making passwords the subject of these blog posts, but the truth of the matter is that this is the area of computing that causes my own clients the single biggest problem. Being rigorous in using unique, strong passwords, and being equally rigorous in knowing where to find your passwords and which one refers to which account, can save a great deal of trouble in the long run. It can also minimise the risk and the hassle if you should happen to have a senior moment late in the afternoon.


Here he goes again, banging on about passwords

Yes, I know, but here’s a statistic that I find a bit shocking, so I think it’s worth returning to the subject.

According to recent research, FICO claims that over 25% of people in the UK use five or fewer passwords across all their accounts. I don’t know how many accounts each of us has, but it must be at least 25 on average. That would mean that, on average, in this country a quarter of people use each password in at least five different places. Is it any wonder that so many accounts are hacked?

Given that the account credentials usually consist of just an email address and a password, then every email address and password combination that is exposed in a data breach could unlock many other accounts. Why on earth do people risk that? We have absolutely no control whatsoever over how secure our email and password are kept by the organisations to which we entrust them. If you re-use that combination elsewhere then you are, in effect, saying to each of those organisations “the security of other acounts of mine depends on how secure your systems are – but I don’t know how secure your systems are”. It is like entrusting the keys of several properties to an organisation that might just leave those keys lying around for anyone to pick up.

World password day

Bet you didn’t spot this on 7th May

Why the reluctance to assign unique passwords to accounts? I don’t think it can be any more complicated than a matter of convenience, I encounter many many clients who are not methodical when it comes to recording and retrieving passwords. And yet, as I have blogged before, it is not difficult to record this information in a simple Excel spreadsheet or Word document and to have that file password-protected. Thereafter, you only need to remember one password – the one that opens that document.

Surely it is easier to develop the simple habit of doing this than endure all of the grief that lost passwords and mis-remembered passwords cause (not to mention the consequences of hacked accounts). I’ve long since lost count of the number of times clients wonder aloud whether they added “123” or “99” or whatever to the end of the password (and did it begin with a capital letter, and which of their children’s or cats’ names was it etc?)

Even when people use so few different passwords, they still often struggle to use them. Apparently, almost 25% of people have failed to complete an online purchase because of password problems and 15% of people have failed to open a new account because of password problems.

KeyClearly, there is plenty of room for alternative methods of authentication to replace passwords, and the evidence is that we become more likely to trust alternative methods as we get more experience of using them. Such alternative methods include facial recognition, fingerprinting, and voice recognition.

So, hopefully, there will come a day when we won’t need to quickly lay our hands on dozens of different passwords. However, that day hasn’t arrived yet, so, in the meantime, I recommend a simple, password-protected document if you don’t want to engage with any of the dedicated password programs that there are out there.

The two complaints I hear most from my clients are:

(1) why do they have to keep changing things?
(2) how are we supposed to remember all these passwords?

I’m afraid that the answer to both questions is, to a large extent, the same. Information Technology is still a rapidly-changing technology and our world runs on change, advance, improved efficiency. How could capitalism survive without it? Moreover, we just happen to be living in a time of huge change in this one area and, because it’s completely global, every malevolent person in the world has access to it and wants to exploit you and it. Therefore, security is paramount and there is a constant “cat and mouse” game going on between the security experts and the villains.

And yet, for all the grumblings about change and passwords, I don’t hear of swathes of the population abandoning their IT and going back to “simpler times”. Surely that says something about the benefits of information technology outweighing the frustrations.

All you need is Word or Excel (other word processing and spreadsheet programs are available!)

PadlockIn my last blog post, I found another reason for not re-using passwords.

However, the problem a lot of my IT support clients complain of is that they just can’t keep track of multiple passwords and that that is a reason for re-using the same one or two. The complete solution is probably to use a password manager such as LastPass or Safe in Cloud, but this seems to be overkill for a lot of people and just seems to make the situation even more complicated. And one thing we do know about computer software is that if it is too complicated or difficult to use then people will not use it.

What we need, therefore, is something simple, readily to hand, and quick enough to use that it is not a horrendous chore to keep up to date.

To begin with, what is the data that we need to keep? My recommendation is that, every time you need to create a new account and password, you record the following information:

  • Today’s date – you may think that is superfluous, but it may help you decide which of two passwords is correct if you’ve written it down in two different places. Also, if you get locked out of your Google account, for instance, one of the questions they ask during the process of convincing them that it is, indeed, your account, is the date that you created the account.
  • The username on the account – this is probably, but not necessarily, an email address. And most of us have several of those. If you are having trouble getting into an account and you might have used one of three emails accounts as the username and one of three passwords that you habitually re-use (!), then there are already nine combinations that you might have to try. Add the complexity of “was the first letter a capital?” and “did I add 99 at the end of the password?” and you are very quickly into the realms of thousands of possible combinations. Just right the username down as soon as an account is created and avoid all that grief.
  • The password – natch.
  • Other information -such as the web address of where you actually get into the account. Note that both Excel and Word will automatically create clickable links to web addresses that they find in any worksheet/document.

ConfusedWhether you use a word processing document or a spreadsheet is just a matter of choice and I’ll leave the formatting of the document/worksheet to you. Personally I would use Excel and place one username/password combination on each row.

Now for the important point – you are strongly advised to password-protect your document/worksheet. This is how that’s done in Office 2016 (which is the same as Office 365):

The process is exactly the same in Word as in Excel except that Word refers to “documents” and Excel refers to “worksheets”:

  • Click on the “File” menu (top left of Word or Excel window)
  • Click on the box with “Protect Document” (or “Workbook”) written in
  • Click on “Encrypt with password”
  • Type your new password in the box provided and then click on “OK”
  • Type the same password again (to ensure that you typed the password as you intended)
  • Save your document/workbook by clicking on “Save” in the left sidebar

HappyOf course, you could use other word processing or spreadsheet programs for this, but I do recommend that you use one in which you can password-protect your document/worksheet.

Are the days of the post-it note numbered? As far as passwords are concerned, they certainly should be.

Yes, I know I’m always banging on about passwords

Username and password theftThe simple fact is that this issue causes more problems than any other for my IT support clients. Therefore, I can’t resist telling you about something that happened a few weeks ago that offers yet another reason why you really shouldn’t use passwords more than once.

I received a phone call from a client saying that she’d just had a nasty email from someone saying that they had managed to access her Mac and, to prove it, they told her the password to get into her Mac. The email said they had stolen contact information, personal files, etc. I won’t describe what they said they were going to do next, but the bottom line was that they wanted about £3000 not to go ahead and do it.

Luckily, my client is a level-headed person who knew that a lot of what they said couldn’t be true. However, she was still – quite rightly – concerned about the accessing of her computer and asked me what to do. Since I was completely tied up with another client at the time I couldn’t give it detailed thought at that moment, so I advised her to contact the police and her bank and that I’d get back to her later.

The police said that it was a scam (ie, there was no real threat – they were just trying to “con” money out of her as opposed to extorting it). However, the police didn’t tell her how it was done.

ScamWhen I got a chance to look at the email itself later on, it seemed to me that absolutely everything in the email – except one fact – could be explained by saying that this was just a scam (that they were bluffing, lying, and hadn’t managed to get into her computer at all). The one inconvenient fact that didn’t fit this explanation was that they knew the Administrator’s password for her Mac. If they knew that, then there was a possibility that they could have accessed her Mac. That was why I had advised her to contact the police and her bank.

And then it struck me that the email address they used wasn’t her normal one, so maybe that was a clue. Maybe the combination of that email address and password had been used by her in another context and that that combination had become known to the bad person.

So, I checked to see if she had been “pwned”. This is when data is stolen in a data breach. You can check to see if your email address has been involved in a data breach by visiting “Have I Been Pwned?“. Sure enough, her email address and LinkedIn password had been stolen many years before in that organisation’s huge loss of data. Wikipaedia says of that data breach:

The social networking website LinkedIn was hacked on June 5, 2012, and passwords for nearly 6.5 million user accounts were stolen by Russian cybercriminals. Owners of the hacked accounts were no longer able to access their accounts, and the website repeatedly encouraged its users to change their passwords after the incident.

PwnedMy client did seem to remember being told of that data breach and undoubtedly did as LinkedIn suggested and changed her password. I asked her if she knew what the old password was and she couldn’t remember. Crucially, though, she said that it COULD have been the same password that she is now using (or was using until a few weeks ago!) as the administrator’s password on her Mac. What is almost certain is that her email address, together with that password, are up for sale on the Dark Net.

So, we concluded that what had probably happened is that the putative blackmailer bought her email address and LinkedIn password (probably on the Dark Net) and then just emailed her, assuming that the password for her Linked In account was the same as the password for her Mac. And he was right, so the scam worked (up to a point – but he certainly didn’t get any money from her). He managed to mis-direct us into thinking that he’d gained access to her computer when, in fact, he hadn’t.

This scam can only work if people re-use passwords and if they don’t keep a record of what passwords they used, when, and for what. Had my client not re-used passwords, and had she kept such records, she would have been able to tell that the password he claimed was her Mac’s password, was, in fact, an old password stolen in a data breach and not related to her Mac at all. The whole thing would then have been immediately obvious as a scam.

I rest my case (for now).

Globe and Keys

Do you get hassled by your browser offering to save passwords?

All major browsers can be configured to save the username and password of your account at the website you have just accessed. That’s all very well if:

  • You don’t use a password manager (such as LastPass) to handle this for you and
  • You trust the browser to keep the information safe

If either of these conditions is untrue then you may prefer your browser to stop being so eager to help. Detailed below are the instructions for configuring the current versions of the major browsers.

One browser will quite happily display all your passwords without asking for any credentials at all. So, anyone accessing your computer can easily see these passwords. And which one is it? Firefox – see below

Firefox logoFirefox

  • Click on Menu option (three horizontal bars at top right)
  • Click on “Options”
  • Click on “Security”
  • Untick “Remember login for sites”
  • Close the “options” tab (or the entire browser)

Note that, before closing Options, you can click on “Saved Logins” and then “Show Passwords” to display all the passwords you’ve asked Firefox to save for you. I can’t imagine why they make this so insecure.

Chrome logoChrome

  • Click on Menu option (three dots at top right)
  • Click on “Settings”
  • Scroll down to “Advanced” and click on it
  • Scroll down further and, under the “passwords and forms” section, click the arrow to the right of “manage passwords” and slide the blue switch left to the “off” position
  • Close the “Settings” tab (or the entire browser)

Note that, a bit further down, there is a section called “Saved Passwords”. If you click the 3 dots to the right of a saved password then you can click on details. In the popup window, you can then click on the “eye” symbol to see the password. It will then ask you for your Windows password. This is the password you use to log on as a Windows user. It won’t accept a pin (even if that’s your normal logon method). I haven’t tested what happens if you sign on to your computer as a local user with no password.

Safari logoSafari (on a Mac)

  • Click on the “Safari” menu option
  • Click on “Preferences”
  • Click on the “passwords” tab
  • Untick “Autofill user names and passwords”
  • Close the passwords window

IE11 - iconInternet Explorer

  • Click on the Settings “cog wheel”
  • Click on “Internet Options”
  • Click on the “Content” tab
  • Click on “Settings” in the AutoComplete section
  • Untick “User names and passwords on forms”
  • Click on “OK” on each of the two open boxes

Note that there is an option “Manage Passwords”. Clicking on this (in Wondows 10, anyway) will open Windows “Web Credentials”. You will need to supply your Windows user password to access the stored passwords.

Edge logoEdge

  • Click on menu (3 horizontal dots)
  • Click on “Settings”
  • Scroll down and click on “View advanced settings”
  • Scroll down and slide the switch leftwards that is next to “offer to save passwords”
  • Click somewhere to the left of the “Settings” menu to close it

Do you have problems creating and remembering passwords?

PasswordThere’s no doubt that the single biggest issue that my computer support clients ask for my help and advice with is passwords. In almost all cases, I can not help retrieve lost passwords. All I can do is guide the client through the process of changing the password when it has been forgotten.

As we all know, this is not necessarily easy as you may be asked seemingly ridiculous questions to prove you are who you say you are. I’ve never had a pet, or a favourite film, or a favourite teacher, or any of those other things they ask, so I tend to make them up when I’m creating accounts and they insist I create answers to “security questions”. The trick, of course, is to WRITE THESE FAKE ANSWERS DOWN so that they can be checked if they’re ever needed.

To go back to the beginning of the process, I often see my clients getting a bit frustrated and flustered when creating passwords. Nowadays, most places that ask you to create a password insist that it conforms to something like this:

  • Minimum eight characters (a “character” is any typeable letter, number or symbol)
  • At least one upper case (capital) letter and one lower case (small) letter
  • At least one number (the digits 0-9)
  • At least one special character (eg any of !”£$%^&*()<>{}[]~#@’:;?/|\`)

So, a “legitimate” password might be “Charlie-99”. Another might be “27Tomatoes?”

The reasons for this complexity are very simple:

  • To prevent someone guessing your password
  • To prevent a computer program from trying all the possibilities until it “cracks” your password (or, more precisely, to make it unfeasible to crack your password by this “brute force” method by making it take a ridiculously long time for the program to hit on the right combination)

BurglarThe reason that password requirements become more stringent as time goes on is quite simple. As computers become faster and more powerful, they are able to “crack” passwords of a given complexity with brute force attacks more and more quickly. And just so that your passwords remain adequate for a while to come, I recommend that you make them at least 12 characters long (and not the minimum of eight characters that is currently often stipulated).

Think of one of the passwords you use and then create a fake one of the same complexity. So, for instance, if your password is “Spain-2012”, you could create (for this test) a fake password of “Italy:1984”. This has the same numer of upper and lower case letters, numbers, and special symbols.

Now open a web browser and go to this website –

Where it says “ENTER PASSWORD”, type in the fake password you’ve just created. The website will then tell you just how long it would probably take a computer to “break” your fake password with a brute force attack. If your password had simply been “italy1984” it would probably take a computer about 42 minutes to crack it. That’s well within the bounds of possibility for someone with the right software who is determined to get into your account. Simply increasing the complexity by making the password “Italy:1984” increases the likely time to crack it to ten years!

OK, so I hope I’ve convinced you that passwords need to be increasingly long and complicated to do their job. How on earth are you going to remember them? Please, please, please do not use the same password for several accounts. Suppose a website where you use a particular password gets hacked and your username and password for that site are stolen. If you use that same combination of username and password for other accounts then you are wide open to having those accounts accessed as easily by someone else as if you had accessed the accounts yourself. This is made even more likely by the fact the “username” is usually your email address, so that is very likely to be the same for many accounts.

There are four ways that I know of that you can record passwords:

1) Remember them

That way insanity lies. I really do not advise this. Seriously. I am often with clients when they create a password and I gently advise them to write it down. “Oh no, I’ll remember that”, they retort. Well, you’ve got more brain-space than I have, then. Can you really remember which of the following you might have used:


There are 36 variations of the above three passwords that don’t use any different naming methodology or characters – eg fotheringay1973, Fotheringay:1973 etcetera almost ad nauseam

2) Use a method that will allow you work out what your password must be for a particular site – eg “Tesco-2016”, “Amazon-2016”

This might seem very clever, but the easier it is for you to remember the method, the easier it would be for someone else to work it out – for all your passwords. Maybe not as brilliant an idea as it seemed at first.

3) Use a password manager

This is computer software that stores (and might also create) passwords for you. This is great as long as you always have access to that (password-protected) program and all the data it is holding. If you’ve only got it installed on one computer, if it’s not backed up, and if that computer has a catastrophic hard drive failure, then you are right royally stuffed (technical term). So, if you are thinking of using such a program then you need to make sure that you’ve got yourself covered against the computer/device being unavailable, the program becoming corrupt, your data file becoming corrupt, the software publisher not maintaining it such that it eventually becomes unusable.

4) Write them down

Yes, I know. Someone could steal them. Well, I put it to you that if you are burgled then the bad guy is looking to nick your TV to sell so that he can buy crack, rather than looking to steal your passwords. If you really believe that someone is likely to want to steal your little book of passwords and that they’re going to look in your sock drawer for it, then I suggest that either (a) you have something so desirable – and known – to the bad guys that you really should seek some professional security advice or (b) you are paranoid.

Over the years, I’ve seen just how much grief lost passwords can cause. I’ve never heard of any of my clients suffering any grief through having their sock drawer rifled through.

Search Box at

Just type “password” (and Enter) on any page at

I’ve covered this topic many times in these blog posts. To see previous entries, just go to any web page at and type “password” (without the quotes) into the “search” box

Padlock with key

Following on from last week’s blog, how do you go about saving usernames and passwords for websites, and how do you go about seeing what has been saved in your browser?

All of the following instructions are for the latest version of the browser (as at 29/10/2015) when viewed on a Windows 10 PC. The exception is, of course, the Safari instructions. All instructions are for desktop/laptop machines.

Firefox-logoFirefox v41.0.2

  • Click on the Menu button at the top right of the Firefox window (three horizontal lines representing, I suppose, a menu)
  • Click on the cog wheel (with “Options” written underneath)
  • Click on the padlock (representing Security) on the left sidebar
  • From here, you can tick or untick the box next to “Remember passwords for sites” and you can see the passwords you have saved by clicking on “Saved Passwords” and then clicking on “Show Passwords”

Note that, in Firefox, you can set a master password that grants/denies access to the saved passwords, but if you do set one Firefox asks you to enter it every time you open the browser – a bit of a pain.

Chrome-LogoChrome v46.0.2490.71

  • Click on the Menu button at the top right of the Chrome window (three horizontal lines representing, I suppose, a menu)
  • Click on the “Settings” option
  • Scroll down to “advanced settings” and click on it
  • Scroll down to the section entitled “Passwords and forms”
  • Click in the box next to “Offer to save your web passwords”
  • To see your passwords, click on “Manage passwords”. Initially the passwords are represented by bullet points. Click on a password entry and then click the “show” button to see the password. You then need to enter the Windows password for the user that is logged in. This is the password for the Microsoft account of the logged-in user. I have no idea how Google Chrome is able to read your Microsoft password and I don’t know what happens if you are on a version of Windows that didn’t require a password for the user. Certainly, Windows 10 would not let me create another Windows user without supplying both an email address for that person and a password with which to log on.

IE9 - Internet Explorer 9 - logoInternet Explorer v11.0

  • To save passwords, just click on “Yes” when Internet Explorer offers to store a password that you have just typed in
  • To view saved passwords, carry out the following instructions:
    • Go to the windows Control Panel
    • Click to open the Credential Manager
    • Click on “Web Credentials”
    • Click on the entry that is of interest and then click on “show”
    • You will then need to enter the password of the currently logged-on Windows user.

Note: the above instructions for all three browsers are for Windows 10. I haven’t had time to check on previous versions of Windows.

Safari-logoSafari (on a Mac) v9.0.1

  • Click on the “Safari” menu option
  • Click on “Preferences”
  • Click on the “Passwords” tab
  • To see a password, click the box next to “show passwords for selected websites” and select the required site by clicking on its entry. You will need to enter the administrator’s password for the logged-in user.

I’m often asked by my computer support clients whether it is a good idea to let browsers save the logon credentials for websites

Knocking on Google login panelFrom the point of view of security, there are two types of threat to consider:

  • Anyone who has access to your computer might be able to use and/or steal your passwords. Only you can assess whether household members (or office colleagues, for that matter) pose a threat to your privacy and security.
  • The browser software could be hacked to reveal your passwords. I don’t, personally, know of anyone who has had this happen to them, but I have read several times on the internet that there is malware out there that can do it.

So, I can’t actually answer the question for you. I think it comes down to something we do all the time without even thinking about it – balance risk against convenience. If we wish to cross the road and we are on a quiet country lane then we are unlikely to walk 100 yards to the nearest pedestrian crossing. We might be prepared to walk much further than that for a safe crossing if it’s the Euston Road we are trying to negotiate.

I’d like to suggest a few questions that you might ask yourself to give you an idea of whether it is a good idea for you to save passwords in your browser:

  • Do you think that online banking is too risky? If so, I think your caution will probably extend to never letting browsers store passwords. Personally, I trust online banking and would hate to do without it but if I was cautious enough not to trust online banking then I certainly wouldn’t trust my browser to keep my secrets safe.
  • Would the consequences of someone finding a particular username and password combination be catastrophic? If so, it probably wouldn’t be wise to commit that specific password to your browser.
  • Do you tend (despite advice to the contrary) to use and re-use the same password(s) over and over again? If so, you must bear in mind the risk that discovery of one of your passwords could give someone access to other accounts. Committing even one username/password combination to your browser could expose many other accounts to being hacked.
  • Do you have children in the household? In my experience, households with children suffer far more from malware attacks than households without. I’m not blaming the children. I think it’s probably because the nasty scrotes that write malware know that children have less mature judgement than adults, less fear, a greater propensity to be led by others into visitng specific (dangerous) websites, a greater propensity to share online content (including malware) with each other, and so on. If your risk of catching ANY malware is increased, then it probably follows that the risk of catching malware that can find your passwords is increased.
  • Do you think that usernames and passwords give you a huge amount of grief in your online life? I know some people who seem to be able to remember an enormous number of combinations of usernames and passwords, whereas others can’t even remember their own phone number. If passwords give you a huge amount of grief then it might well be worth reducing the burden somewhat by getting your browser to remember some of the less important username/password combinations.

Hooded Computer UserQuite often, when I have (annoyingly) answered the original question with “it depends….”, the client will then ask “what do YOU do about saving passwords online?”. The answer is that I use some software called LastPass to remember most of my online passwords, but I also record all my usernames/passwords somewhere else as well. I don’t use LastPass to remember the most important financial combinations. If you asked me to rationalise why I do what I do, I can’t. What I can say is that I think I balance risk against convenience in a way that seems to suit me. And when I see my clients struggling to find specific passwords, I often think that they would probably be better off by committing at least some of them to their browser for safe-keeping.

© 2011-2019 David Leonard
Computer Support in London
Privacy Policy Suffusion theme by Sayontan Sinha