It’s rat-killing day around my place. It means raking debris from the yard so I could make the first lawn cutting with my reel mower, burying that electric line between the house and the shed so the freaking punks will stop swinging on it and just taking care of the exterior stuff according to park policy.
It’s also rat-killing day on the Internet for a lot of folks. We had this nasty flaw in the secure links most folks use to log into servers of various kinds. It’s called the Heartbleed Bug and it’s been wide open for something like two years running.
I am not in any position to say whether the sites to which you log in are fixed, but the patch has been out for a several days already for most Linux and Unix machines. It affected the server that keeps my static site and my personal email service, but that’s been fixed. What I had to do was go back and change all my passwords on that server.
Things are getting tougher on stuff like passwords. Most people refuse to think about what it takes to generate a safe password, so it makes little difference. My personal policy is that you memorize only three or four at most and the rest you simply cannot do that. This is what I wrote for my upcoming tutorial on installing CentOS 6.5:
Keep in mind that for system login passwords that you use all the time, you need something you can remember. For quite some time now, it has been known that the best memorable passwords are made from any phrase or song title you might tend to remember and associate with your login procedure. The old favorite example comes from an Elvis fan: “Ladies and Gentlemen, Elvis has left the building” — heard after his live concerts. Taking the first letter of each word and the punctuation as it appears, we get this: L&G,Ehltb. Notice it is case sensitive, and that period at the end is part of it. The word “and” is replaced with an ampersand. You can also replace other words or initial letters with symbols and numbers, or abbreviations. You should strive to have at least one punctuation/symbol and one numerical digit. Ten characters is the absolute minimum, and twelve to fifteen is better. Keep in mind: The whole point is it has to make sense to you, and be memorable, yet very unguessable.
A general security concept is that you have memorable strong passwords for access to your system. Passwords for websites and such can be saved on your secured system, either encrypted in your browser’s password saver or simply collected in a file somewhere that you can reference as needed. Thus, you can make them completely random because you aren’t likely to remember more than two or three anyway. Some folks can practice and manage to keep track of up to a dozen or so, but only if they use them frequently. Don’t count on memorizing more than three.
When it comes to creating strong passwords that you don’t need to memorize, you simply cannot afford to play silly games. Your best bet is to use a random password generator. If you already have a running system with Google Chrome or Chromium browser, install the extension known as “Click & Clean” — it comes with a password generator. Click the big red C and then select the “Chrome” tab; find it on the left side next to the bottom row of buttons. Otherwise, you can use any number of free online services to help you: one, two or three. Search for your own pick using any search engine. You need at least 12 characters, mixed upper and lower case, numerals and symbols. Save them to a plain text file and name the file whatever you like. These days it’s a much bigger risk to have weak passwords anywhere than to worry about someone finding them on your computer. If they can get their hands on your computer, it’s pretty much lost anyway.
So a major issue is keep your computer away from other people or learn to turn on the screen locker — i.e., password your screensaver.
The other advice I have is using multiple browsers with multiple profiles. For example, because Facebook is so hostile to user privacy, I have a profile I created in Chrome/Chromium browser that is used only to log into Facebook. I never chase links or anything, just do Facebook and close the window. I use Firefox with lots of crippling for general surfing, Opera for search engines and chasing the results and Seamonkey for blogging and similar stuff I need to keep secure. I often chase my news aggregators from Lynx, a plain text browser.
Get them rats.