More Security Bits and Bytes

Awhile back I got a comment, on my WiTopia post, suggesting that WiTopia sucked and I should try Astrill. The commenter was talking about a different VPN router solution and I decided to do a little research. It had been a while since I went with WiTopia and it never hurts to get current.

When I went with the WiTopia router solution for my VPN usage, I don’t remember many or any other router based VPNs. Maybe I didn’t look that hard, since I was happy with WiTopia.

I looked at the suggested videos of Astrill that the commenter left. I thought the videos were pretty good and informed me that Astrill could be installed on a variety of routers. It also gives good information on why have a VPN. All good information. It got a very good rating in this LifeHacker article

If you are not familiar With the benefits of having a VPN, there is a lot of information on the web and I wrote a post on it as well.

Another thing I have noticed lately is that most of the restaurants, that are offering free WiFi access, are not using secure login. I am really sorry to see them make this change. In the past if you went to McDonald’s or Subway and to use the WiFi you had to enter a password. Normally it was simple like Mac or subway.

If a WiFi hotspot (restaurant or otherwise) allows you to get in without a password, they are not doing you a favor. In fact they are opening you up to a major security hole.

I guess they thought it was too much trouble to have to tell a user the password. You ask why do I care and what difference does it make? I am glad you asked and I will tell you why you should care.

The connection between your laptop or iPad or tablet and the restaurants router is a simple telephonic connection and data is transmitted through the air between the two devices. When you require a password to sign-in, then all of this data is encrypted and a person with a simple scanner can’t read it.

However, if no security is installed, i.e. No password required, then everything is available to be seen. Not only that, but some criminals even go so far as provide their own connection with a similar name so that users will send everything through their computer.

At least the Panama WiFi (Internet Para Todos) will not provide a connection if you have not provided a email address. I am not sure if the connection is encrypted then or not. It could be.

So, with all of the free WiFi hot spots not being secure, what can you do? Well if you have VPN software on your laptop or iPad or tablet, then you have set up your own encryption layer all the way from your device to the VPN’s server. Not only that, but your ip address is where ever you want it to be (USA, England,…). Your connection is secure and private.

OK, that is all for the VPN part. Now the next thing I have looked at lately is password managers. I wrote about my changing all my passwords a while back.  A week or so ago, a friend asked me about some of the password managers.

With them, you only have to remember the master password, and the manager remembers all other passwords for all of the sites you visit. Until my friend’s question came in wanting advice, I had not considered using one. I typically prefer doing my own thing, but since he asked, I started reading.

You may remember from my last post on passwords, that it is becoming extremely important to use a hardened password and a different password for all sites, Facebook, credit cards, bank accounts, etc.

My friend had asked about 1password.  It has a very good rating, but it does cost money to license it on each device. It maintains its password file on the device you are using it on.

Another that had good ratings was LastPass. It is a little different animal since it keeps all of the passwords in the Internet cloud. It is free for desktop usage, but for mobile devices, you have to pay for a premium service which is $12/year.

There are several other solutions, but I am going to focus on the two I decided to consider.

I think 1Password may be a little more elegant solution and possibly a tad more secure, but to see if having one was really useful, the startup cost was prohibitive.

LastPass being free offered an easy way to test usefulness. All passwords are kept encrypted on the web and only you have the key. You forget the master password and you will have to start over.

Since I do most credit card and banking transaction from my desktop, I don’t consider the mobile side an immediate need. besides, $12 a year is not prohibitive, if I change my mind. An advantage of LastPass is you can use a friends PC and still have access to your passwords. You never know when your laptop might stollen and you have to use another OC in an emergency. You can’t do that with 1Password.

Ok, now for a little opinion of its usefulness. I am really impressed with how it has simplified things. When entering any site that requires a sign-in, the software (which is browser based) asks if it should remember the sign-in information. When you tell it to remember it, it allows you to categorize the site (social site, banking site, credit card, etc. – you chose the wording). It will also assist you in filling out forms such as an amazon purchase form.

The software will allow you to create your password or it will create one for you. You choose the formula, number of characters, upper and lower case, special character, etc.

If you use a mail client like I do, you are going to have to enter the passwords for each account, however it will manage all web mail accounts and provide a secure location with all your passwords, incase you forget one.

I have been using LastPass for about two weeks and really like it. No two websites have the same password. All passwords are hardened. It is very simple to use. While I didn’t think it would do anything for me, it has made life on the net much easier.

If you have experience with either of these products or other similar products, feel free to comment.

That concludes today’s post on WiFi security (or lack thereof), VPNs, and password managers. If you could care less about these subjects, then you probably didn’t get to the end of this post. 🙂

I assure you, this is an important subject if you are living in Panama.

4 thoughts on “More Security Bits and Bytes

  1. Don Ray,

    If the wifi search applet does not say the wifi connection is encrypted, it is best to assume it’s not. Also, if the password is trivial, I assume that anyone can input the password and snoop on the other connections. It’s possible for someone to snoop on the hard wired connection downstream from the wifi connection (of course that’s true at home as well).

    I support your looking at VPNs and advising others to look at them as well.

    On the password manager side, I’ve been using KeePassX on linux and KeePass 1.x series on Windows. They are file compatible and I keep the database file on Dropbox. With a free Dropbox account, it costs me nothing to use this approach, and you can roll back to a prior version if you have database corruption.

Leave a Reply