"Sampath Speaking" - the thoughts of an Insurer from Thiruvallikkeni

Hi - this is Srinivasan Sampathkumar from Triplicane. I have a passion for Marine Insurance, Cricket and Temples especially - Sri Parthasarathi swami thirukKoyil, Thiruvallikkeni. From Sept 2009, I am posting my thoughts in this blog; From July 2010, my postings on Temples & Tamil are on my other blog titled "Kairavini Karayinile " (www.tamil.sampspeak.in) Nothing gives the author more happiness than comments & feedbacks on posts ~ look forward to hearing your views !

Thursday, February 7, 2019

Google adds new safety feature ~ 'password checkup'

Every morning, upon getting up, before coffee, many search their mobiles, check their WA messages, FB posts, friend requests, Instagram photos, and check some emails too .. .. then upon reaching Office, you have a system log-in, official email login, no. of applications each requiring separate log-in - - - added is the password protected phones - life excruciatingly is demanding (passwords / access cards and more!)– how often you change passwords, how simple or how cryptic are they ?

Gone are the days, when people had passwords of their spouse or children (or their ex - !!) – it is no longer pets or persons but combination – some ambiguous, unintelligible or without meaning. For example, "gf#agsU17vr” represents a cryptic password. It is the way I travel - ‘pass Gemini flyover – take U turn at AGS – reach vijayaraghava road, Chennai 17’. Usually comprised of upper- and lowercase letters, numbers, and symbols, cryptic passwords decrease the chance of someone accessing your accounts. (but would you like to write them down or atleast the clue leading to the password, which at times can you’re your life miserable, trying to decipher – once I had R_____ then broke my mind trying to remember whether it was Regal or Rishab !!] Password protection seems to be at the top of everyone’s minds nowadays thanks to hackers ruthlessly targeting personal accounts through security flaws in major corporations’ systems.

Dan Brown’s ‘Digital Fortress’ published in 1988 was a real techno-thriller…… one of the main characters was - Ensei Tankado —a disgruntled former NSA employee. The story was about the theme of government surveillance of electronically stored information on the private lives of citizens, and the possible civil liberties and ethical implications using such technology. When the United States National Security Agency's code-breaking supercomputer (TRANSLTR) encounters a new and complex code—Digital Fortress—that it cannot break, Susan Fletcher, the head cryptographer discovers that it was written by Ensei Tankado, an employee displeased with the NSA's intrusion into people's private lives. Tankado intends to auction the code's algorithm on his website and have his partner, "NDAKOTA", release it for free if he dies. Tankado dies in Seville, of what appears to be a heart attack, and the Agency deputes personnel to recover a ring that Tankado was wearing when he died. The ring is suspected to have the code that unlocks Digital Fortress. The ring had passed hands just before his death and each person in the frame gets murdered by a mysterious assassin.

The mystery deepens in trying to find out who ‘North Dakota’ could be…. eventually it turns out that North Dakota and Ensei Tankado are actually the same person, as "Ndakota" is an anagram of "Tankado".

If you are a google user and life depends on gmail and other google products, there is news for you .. .. .. Google has launched a new tool that tells users when their login information has been exposed to hackers. Users of Google Chrome can download the extension, called Password Checkup, which monitors their various website logins.

The site notifies you when you log in with a username and password that has been compromised and triggers a warning to update your password. The company can cross-checks the logins against a database of more than four billion username and password entries. Google CEO Sundar Pichai tweeted: 'Today, we're introducing two new updates that will help keep your data secure: Password Checkup, a Chrome extension that helps protect your accounts from third party data breaches, and a new feature called Cross Account Protection.' The second tool Cross Account Protection extends the Google ecosystem's account hijacking and breach notices to apps that utilise Google Sign In. After that, Google claims that every time you sign into a site, Google will check your login credentials to see if they are still safe to use. The database is regularly updated and gets the information from sources such as password dumps, when a web site's security has been exposed and the contents of the web site are dumped on the web.

These contents are from hackers responsible for data breaches on sites like Yahoo or LinkedIn who sometimes post large databases of people's usernames and passwords online. Google says that its new browser extension has been built so that 'no one, including Google, can learn your account details'. They say users' passwords and usernames will be 'strongly hashed and encrypted' so the company will not be able to see them itself.

According to internet security provider Norton, 'the shorter and less complex your password is, the quicker it can be for the program to come up with the correct combination of characters. The longer and more complex your password is, the less likely the attacker will use the brute force method, because of the lengthy amount of time it will take for the program to figure it out. 'Instead, they'll use a method called a dictionary attack, where the program will cycle through a predefined list of common words that are used in passwords.'

So try using a combination of numbers, symbols, uppercase and lowercase letters; ensure that password is not too short; use abbreviated phrases, change them regularly and log out of websites and devices once you are finished with the activity. Also do not choose commonly used PW like 4444, 67890, qwert, lkjhg.. .. and do not allow the computer to save the passwords, especially when others can have access to your computer.

According to Google, Password Checkup works when you’re signed in to the Chrome browser on a computer. One can download PW checkup from Chrome store, download, install it as an extention to browser, sign into Google account, check with the PWcheckup on whether your password is safe. To secure a Google Account that has suspicious activity or that you believe has been hacked, follow these steps.

1. Sign in to the account with the unsafe password.

2. Create a new, strong password for the account and any other accounts that use the same password.

3. If the site offers another security measure, like Two-Step Verification, consider setting it up.

If Password Checkup finds that a password and username you enter is unsafe, it stores a hashed, partial code for that info in your Chrome browser. This partial code can’t be used to recreate a complete version of your info. You can delete this code on Chrome browser too.

Interesting !

With regards – S. Sampathkumar

7^th Feb 2019.