How Secure is Your Password?
My highest-level password (I have about 8 levels of passwords, memorized, then a couple levels that are even higher than the password below, but which I haven't memorized, so I can't use them that often):
security
Google Switches from Windows to Mac/Linux for Security
From MacRumors:
Google is phasing out the use of Windows company-wide due to security concerns. The move comes after news in January that Google was hacked in an attack originating in China. Those attacks used a security vulnerability in Internet Explorer for Windows. News of the report comes from FT.com who cites several Google employees.
"We're not doing any more Windows. It is a security effort," said one Google employee.
The majority of those moving away from Windows PCs are moving to Mac OS according to another Google employee. New hires are given the option to run Mac OS or a Linux-based machine.
Google employs over 10,000 individuals worldwide.
Secure Your Files: Create an Encrypted Disk on Which to Store Private Files
The popularity of 'cloud file management' software such as Dropbox and SugarSync has made me re-evaluate my security practices for files on my computers; in the past, I have not put any of my private files (for instance, files with sensitive passwords, or scans of important legal documents) on my shared folders (Dropbox, iDisk, etc.), but I finally came up with an ideal solution to storing and syncing these files. It's like using FileVault, but without the extra overhead of securing every file in your home directory.
Simple Steps to Protect Your Online Identity/Data
[Update: Back when this was written, very nice password managers like 1Password and LastPass didn't exist or were not very capable of managing passwords as well as they are today—please ignore the advice below and use a password manager to generate very long, random passwords, and use the password manager instead of memorizing anything.]
Every month or so, another scary story about a huge security compromise (a.k.a. a hack) surfaces on the Internet, and this month is no exception. Earlier this month, the whole Twitter corporate heirarchy had a lot to worry about, as a hacker (that's kind of a misnomer... hackers are usually nothing more than persistent, patient and sly computer users) accessed many Twitter employees' email, iTunes, Google, etc. accounts, all because of the fact that one of the employees (probably not the only one, though) left an open door via a few small missteps, security-wise.
The hacker, after gathering tons of personal information gleaned from all over the web, was able to recover a user's Gmail password by guessing a few personal questions Gmail asks on the password recovery form (i.e. "Who was your favorite actor?," "What is your maiden name?," etc.). Then the hacker simply searched through the user's emails for something like "username password," because he knew that a lot of websites (like the Joomla! forums, some gaming sites, online stores, etc.) simply send an email upon a new user registration that contains the person's username and password. Once the hacker got ahold of a few more passwords this way, he was on his way to 'hacking' all the user's accounts... because like most people online, the user had only one or maybe two passwords he used for everything.
...but using the same password for multiple sites/services isn't necessarily a bad thing. Not if you follow these steps: