Entries by Jeff

Dropbox follows through on password resets

Have you been asked to reset your password when you try to log into Dropbox.com? You aren’t alone, and this is all as expected. If you haven’t changed your Dropbox password in a while, you (like me) will be asked to change when you log into the website. Back in July, Dropbox announced that they […]

1Password users should wait a bit before trying Dropbox’s two-step verification

Dropbox has just released a new, optional, two-step authentication process. 1Password 3 (Mac and iOS) and 1Password for Windows use Dropbox for synchronizing your 1Password data across systems and platforms. So anything that has to do with Dropbox security is of interest to us and to 1Password users. The bottom line is that I recommend […]

Guess what? A Post-It under your keyboard is not the worst place to keep a password

The Sophos NakedSecurity blog has some excellent password security advice to kick off your Monday morning: “Before being interviewed on TV, wipe passwords off whiteboard“. Here’s a shot from TVP, a Polish television channel, that prompted this timely refresher: Note that “hasło” is the Polish word for ‘password’. I guess a scrap of paper under your keyboard is […]

More than just one password: Lessons from an epic hack

Mat Honan, a 1Password user and writer for Wired, did everything right. He had strong, unique passwords everywhere. Yet he was the victim of an “epic hack”, and had to put a great deal of effort into getting his digital life back. A very brief account of this Homer-worthy hack is that someone talking to […]

Password reuse strikes again, and a bit closer to home at Dropbox

Not so long ago, I wrote about a case where attackers were taking passwords that were leaked from one site to go after users on another. In that case, the target was Best Buy. Today’s case hits a bit closer to home for 1Password users, as Dropbox accounts are being attacked using passwords stolen from non-Dropbox […]

1Password is Ready for John the Ripper

John the Ripper, the pre-eminent password cracking tool, is getting ready to take on 1Password. Is 1Password ready? Yes! We have been ready for a long time, but you need to do your part by having a good Master Password. We’ve written many times about how 1Password defends against automated password guessing programs (password crackers). […]

Friends don’t let friends reuse passwords

We’ve written about password reuse before, and we’ll be writing about it again. Password reuse—using the same password for multiple sites or services—is both rampant and dangerous. There is real evidence that people are getting robbed because they are reusing their passwords. Thieves systematically exploit reused password to pay for retail items or hijack accounts […]