While I am a huge proponent of on-the-fly site-specific password hashing, like PasswordMaker, I find that “traditional” password vaults are still necessary. Not all sensitive information is browser-based, like PIN numbers or passwords used in desktop applications. My chosen password hashing method does not work with some sites due to stupid password restrictions. I also, regrettably, share some accounts with co-workers, so I need to use passwords they created. In all of these situations, I need to store the sensitive information in a password vault. I love the convenience and portability of online password managers like PassPack and Clipperz. However, I can’t shake this nagging thought: can I trust PassPack or Clipperz with my life?
Continue reading ‘Is it possible to trust online password managers like PassPack and Clipperz?’
If you liked this post, please subscribe to my feed. Thanks for visiting!
“Sorry, your password is too secure. Please try again with a password no longer than 6 characters, containing lowercase alphabets only.”
I am tired of being told by a website that my password is too long, or contains non-alphanumeric characters which aren’t allowed. I am bewildered that most websites balking at long and complex passwords are financial sites, like bank and credit card sites.
Continue reading ‘Sorry, your password is too strong, says financial sites. Why?!’
I ran out of adjectives starting with “S” to describe what I believe is the very best password management solution currently available, PasswordMaker. PasswordMaker is an implementation of the on-the-fly site-specific web password hashing system.
How many accounts/passwords do you have? One for your Email? Bank(s)? Credit card(s)? Phone companies? School? Work? Utilities? Google? Yahoo? Facebook? MySpace? Amazon? Ebay? NYTimes? Torrent trackers? That annoying website that made you register just to use the simplest feature? (Oh wait, every website is like that nowadays.) I think you get the point. Even the average, casual Internet user can easily have dozens of accounts/passwords. In this day and age, computerized password management systems are absolutely necessary for even casual Internet users, and PasswordMaker is the king of password management.
Continue reading ‘PasswordMaker: safe, secure, simple, site-specific, smart password management’
Update: My mistake. Michael Hampton is still supporting Bad Behavior. Maybe I’ll figure out what’s wrong after all.
I’ve disabled the Bad Behavior plugin because it was sporadically blocking me from my own site. Bad Behavior in theory blocks spambots and other desirables from viewing your website altogether, saving your bandwidth and resources and acting as a first-line defense, complementing anti-spam solutions like Akismet and the new Defensio.
I really love the concept, but since Bad Behavior blocks access entirely, false positives are very costly. Unwittingly blocking genuine visitors to my site would be very very bad. I’ve tried to find the problem following instructions from the FAQ and this blog post on false positives, to no avail.
Unfortunately, the plugin doesn’t seem to be in active development, and the email for reporting false positives appears to be dead. Oh well, I guess Akismet alone will have to do.
WP Super Cache should be safe to use and has been re-enabled. There was a bug that might have allowed the creation of directories outside the supercache directory but nothing more. That bug has been fixed. See Donncha’s official statement and Chris’s account of the bug and debugging process in more detail. Thanks, Donncha, for the speedy resolution of this issue!
I’m now testing the development version of WP Super Cache to help iron out the bugs. Pardon the dust. 
I just came across disturbing “reports” of WP Super Cache being vulnerable to cross-site scripting code injection attacks. Just to be safe, I’ve disabled WP Super Cache and reverted to WP Cache v2.1.2 until the issue is resolved. Donncha is very responsive so I’m sure this scare will be behind us very soon.
Sources:
Donncha’s Thursday Links
wp-super-cache cached too far for me (and others)
wp-super-cache vulnerable to PHP Injection?
