Passwords | Digital Asset Protection

Password Management and Recovery

Nuvola apps password Password management and recovery

We all know passwords are necessary for protecting our digital assets, but they can be a real pain.

With so many applications and web accounts to track, you can easily forget one. And no password is no access! How many hours of work will that cost you?

Here is the ultimate guide to password recovery and management. It provides many methods to recover passwords from windows accounts and also windows programs, such as microsoft office and instant messengers, and also websites.

Recovering a password can rescue you, but it is better to not lose them in the first place. For that purpose this book has a section on managing passwords effectively.

Just click here for an immediate download.
At $19.99 it is a bargain if it saves you hours of work.

No Comments

Peter, December 28th 2011 | Tags: access, passwords
Posted in Digital Asset Protection

Prepare for Google Account Password Recovery

Forgot your password? or your account is no longer under your control? Has the password of your google account changed without your notice? Google solves your problem of recovering your passwords. Don’t worry, Google can restore your access with the security information you have provided while creating your account. So make sure you have these mechanisms in place.

Various methods by which you can recover google passwords:

Having a Secondary email already set with your account.
Get a verification code to your mobile
Answer a security question that you must have selected while creating your account

Firstly, when you are not able to recover your account click on “Can’t access your account” present below “sign in” button. You will be redirected to a page which asks you to enter your email id. After this you will be asked to type the captcha image appeared above the text box. After this you will redirected to page where you need select one among the options that will be present to recover your password.

If you have attached a secondary email to your account, then you will be able to see and select the radio button “Get a password reset link at my recovery email: YOUR_SECONDARY_EMAIL_ADDR”. If not so you will not be able to see this radio button. This is the primary method of recovering password for your google account. You will receive a reset link to your secondary email account. On clicking that you will be redirected to password reset page of you google account.

If you haven’t attached your email address to your existing gmail account, then you have a second option to receive a verification code to your mobile. You just need to remember your mobile number to process this. Select the radio button “Get a verification code on my phone:********23″, enter your full phone number and you will receive a confirmation code on your mobile. Once you have received the confirmation code click on “continue” button. You will be redirected to a page where in you need to enter the verification code, the one which you have received on your mobile.

If you didn’t set your phone number to your google account, you have one last option of answering the security question, the one you should have set while creating your google account. Select the radio button “Answer my security question”, you can see your question, answer the question and click on continue.

If you have successfully done one among the above 3 methods of security verification, then you will be redirected to password reset page. Where you need to type the new password for your google account twice and so you can change your password and gain access to your account again. So, you have successfully recovered your google account.

No Comments

Peter, October 28th 2011 | Tags: access, account, passwords
Posted in Digital Asset Protection

Recover Your Disabled Google Account

Notice: Undefined index: othercrossdomains in /home1/maartenm/public_html/digita/wp-content/plugins/google-analytics-for-wordpress/googleanalytics.php on line 1155

Notice: Undefined index: trackcrossdomain in /home1/maartenm/public_html/digita/wp-content/plugins/google-analytics-for-wordpress/googleanalytics.php on line 1156

Notice: Undefined index: othercrossdomains in /home1/maartenm/public_html/digita/wp-content/plugins/google-analytics-for-wordpress/googleanalytics.php on line 1155

Notice: Undefined index: trackcrossdomain in /home1/maartenm/public_html/digita/wp-content/plugins/google-analytics-for-wordpress/googleanalytics.php on line 1156

Notice: Undefined index: othercrossdomains in /home1/maartenm/public_html/digita/wp-content/plugins/google-analytics-for-wordpress/googleanalytics.php on line 1155

Notice: Undefined index: trackcrossdomain in /home1/maartenm/public_html/digita/wp-content/plugins/google-analytics-for-wordpress/googleanalytics.php on line 1156

Notice: Undefined index: othercrossdomains in /home1/maartenm/public_html/digita/wp-content/plugins/google-analytics-for-wordpress/googleanalytics.php on line 1155

Notice: Undefined index: trackcrossdomain in /home1/maartenm/public_html/digita/wp-content/plugins/google-analytics-for-wordpress/googleanalytics.php on line 1156

Notice: Undefined index: othercrossdomains in /home1/maartenm/public_html/digita/wp-content/plugins/google-analytics-for-wordpress/googleanalytics.php on line 1155

Notice: Undefined index: trackcrossdomain in /home1/maartenm/public_html/digita/wp-content/plugins/google-analytics-for-wordpress/googleanalytics.php on line 1156

Notice: Undefined index: othercrossdomains in /home1/maartenm/public_html/digita/wp-content/plugins/google-analytics-for-wordpress/googleanalytics.php on line 1155

Notice: Undefined index: trackcrossdomain in /home1/maartenm/public_html/digita/wp-content/plugins/google-analytics-for-wordpress/googleanalytics.php on line 1156

Notice: Undefined index: othercrossdomains in /home1/maartenm/public_html/digita/wp-content/plugins/google-analytics-for-wordpress/googleanalytics.php on line 1155

Notice: Undefined index: trackcrossdomain in /home1/maartenm/public_html/digita/wp-content/plugins/google-analytics-for-wordpress/googleanalytics.php on line 1156

Notice: Undefined index: othercrossdomains in /home1/maartenm/public_html/digita/wp-content/plugins/google-analytics-for-wordpress/googleanalytics.php on line 1155

Notice: Undefined index: trackcrossdomain in /home1/maartenm/public_html/digita/wp-content/plugins/google-analytics-for-wordpress/googleanalytics.php on line 1156

Notice: Undefined index: othercrossdomains in /home1/maartenm/public_html/digita/wp-content/plugins/google-analytics-for-wordpress/googleanalytics.php on line 1155

Notice: Undefined index: trackcrossdomain in /home1/maartenm/public_html/digita/wp-content/plugins/google-analytics-for-wordpress/googleanalytics.php on line 1156

A few days ago I posted about my disabled gmail account.

After a long, painful process, I was able to successfully recover the account.

Before you read this blog post, let me tell you that one of the things I discovered was
Google’s account recovery process is 100% automated! No humans involved at ANY level.
More on that below.

In getting my account back, I learned a LOT.

Here are the things I learned about my account

My account was disabled/deleted because a hacker got into it.
When I was finally able to recover it, during the “change your password process,” I found this:
So I at least know the account was hacked. The first thing the hacker did was change my password and the account recovery email addresses, so it would be really hard for me to get my account back.
The hacker also deleted my Youtube account and added 2 more of his own to my account:
Jerk.

I did manage to get my youtube account restored, but he deleted all the videos out of it and I can’t recover those. Good thing I make TONS of backups of things.
The hacker deleted all emails in my inbox (I had probably 15 emails from 10 people in my inbox, 5 of which were to remind me to do something).
If you were expecting a reply from me recently…sorry…your email got deleted.
Keep your inbox clean!
I still don’t know how he got into my account. I had a very strong password. I can only think of 3 scenarios:
1. a brute force password attack (unlikely)
2. I used the same password somewhere else and he hacked into some other database that had that password (most likely). My own stupidity.
3. I logged into my gmail account over an unencrypted connection on a public wifi network and he got my username/password (unlikely)

What I learned about Google’s account recovery system, and what it means to you!

I learned a couple awesome things about recovering a deleted google account during this process…a couple things Google doesn’t want you to know (or…things they don’t tell you).

If you’re not prepared, forget it
If you’re not prepared to recover your gmail account and can answer the questions google asks, basically you can forget getting your account back. They ask obscure things nobody would ever know (not even you).
Here are 2 screenshots of the page they make you fill out. I took these so I could remember what I had put in. My personal info is blurred out.These are screenshots of the google account recovery pages

To recover your account, here’s my take on the difficulty:
- frequently emailed people – easy
- labels – slightly more difficult
- invitation url – difficult depending on how you got it
- all questions about orkut and blogger: if you answer yes they want to know the url of your profile and when you started using it – almost impossible to find
- 4 services you use – Impossible, unless…you have a backup of your gmail account in a searchable location like zoho mail.
  I was able to find these things by searching through my zoho for things like “calendar,” “docs,” “orkut,” …
  It still took a LOT of work.
- Account creation date – Impossible without a backup
Google’s account recovery system is 100% automated!
No human will ever even see your account recovery attempt.
Don’t try to put identifying info into the fields for a human to look at. It will just hurt your chance of getting your account back.
You really just have to figure out how to give enough accurate info to get the computer to say “Yeah, this is over 80% correct, give the account back” or whatever percentage they have.
The reason I know this is:
How Google responds to your account recovery attempts
Google says it may take between 24-48 hours for them to reply to you.The first time I submitted the account recovery form I got an answer back in 44 hours.
It was a NO.
The second time I submitted the account recovery form it took 40 hours.
It was a NO.
The third time I submitted the account recovery form, it took 2 minutes.
It was a YES!

Now, I don’t know this for sure, but here’s what this tells me:
- You submit your info to Google and a computer validates it against the data the computer knows about your account.
- If the computer matches the info and it’s correct enough, it fires off an email immediately to you saying “You can change your password now!”
- If the computer looks at your info and it’s not correct enough, it waits 24-48 hours before sending you an email saying “NO, you’re screwed for a while longer!”
If it were humans looking at the requests, why does it take so long to say no, but only 2 minutes to say YES! (I literally got an email from them within 2 minutes of submitting the successful request).
It’s done on purpose!
Google doesn’t want to give too many chances to people who don’t have the right info.
If you get a NO back from Google after submitting the account recovery form, and you don’t hear back from them within 15 minutes, start gathering more data to recover your account.

This whole thing was a big, painful, learning process.

Things I’ve learned and things I’d do differently

Make backups of everything – I already had pretty good backups. In the future I’ll have rock solid backups.
Prepare for the worst early – I was slightly prepared. Now I’ll be better prepared.
Don’t use a free gmail account – I’ve since bought a domain and set up my email throughgoogle apps.
If you want to migrate your email and your docs to another account, I highly suggest thisemail and data migration company, MigrationBox.com.
Their docs migration needs a little work (only try to move 100 docs at a time)
but their email migration is solid. It moved 175,000 emails of mine no problem.
I chatted with them for a while and they gave me a 40% off coupon for my readers:
JOHNSYNC 40% Off Coupon
What a lifesaver MigrationBox was for me. I now get all my old emails in my new email account. Everything seamless.
They’re also good for:
- moving between gmail/google apps
- moving between just about any email service providers
- syncing email accounts (ummmm…backup anyone?)
NEVER use the same password for your email, facebook, bank, anything else you care about – I now keep one “junk” password, and like 6 completely secure passwords that I don’t use anywhere else.
This is a bit extreme, but I’m now keeping an email account that I use to sign up for everything. I won’t sign up for things with my real email address anymore. That way, my real email address isn’t out there in too many databases, and it doesn’t have any passwords associated with it in case I slip up somewhere.
The other email account just forwards to my main one so I still get all the emails.
UPDATE:This post on lifehacker by adam pash details a new security feature google is JUST NOW rolling out (they’re about a week too late for me…although I’m now using it).
Amazing…as I was going through this nightmare, I had wished google would have some sort of 2-step verification system.
I also wish lastpass had the same thing!

Maybe I’m a bit extreme.
Maybe not.
What I do know is that the internet isn’t going anywhere, losing your email account ISN’T fun, and hackers aren’t getting dumber.
It’s getting more and more common. I’ll try to stay ahead of the game from now on.

Written by John Jonas.

Source:http://www.jonasblog.com/2011/02/how-to-successfully-recover-a-disabled-gmail-account.html

No Comments

Mod M, August 28th 2011 | Tags: hacked, identity, passwords
Posted in Articles, Digital Asset Protection

Making Your Website Password Protected

The world has changed as a result of the tools made available by the Internet. Information is available for immediate access and download. This led us to the era of online news, social networking and the blogosphere. Sometimes we find the need to cooperate with others on a private project. If you have a group that wants to access information and not make it available to the rest of the world you need methods to protect an area of you website with a password. Here are some ways to make secure private areas of your site through password protection.

I am most familiar with using private web pages in the Content Management System called Drupal. A Content Management System creates pages for viewing on the fly. The pages are not sitting on the server waiting for viewing. Drupal has methods called Roles and Privileges which enable the setting up of private web pages. Users of a Drupal site may earn advanced Roles that allow them access to additional information. The Web Developers create certain content types or views that can only be seen by persons with the advanced Roles. In this way, trusted persons can access data that novices cannot. It is possible to exclude the public from data which they do not even know exists. The menu links to these areas and views will be invisible to them. It is not required to log in to a restricted area. It is a matter of gaining a certain status which makes the viewing or more information possible. Remind Members with higher roles to log out so that others following them on the computer do not view the data. This is a very secure way to host data for viewing by the eyes of a few.

All websites hosted on an Apache Server should have a file in their root directory called .htaccess. The .htaccess file allows the owner to set up certain rules about who may access the data. Remember that this is on Linux hosting not Windows hosting. When you look in your root directory with your FTP tool you may not see .htaccess. In some programs you have to configure it show hidden files. With .htaccess you can allow access only to persons with specific IP Addresses or you can set things up for a password login form. You can use .htaccess on any folder in your website. There is a tool available in cPanel that sets password protection for various folders on the hosting account. This makes it easy for those ho have cPanel available with their hosting.

You can find software tools online which will help with the setup of your .htaccess file. DynamicDrive offers an online wizard for setting up this password page - http://www.tools.dynamicdrive.com/password/. Instructions are given to enter the user names and passwords for your users along with the path to the .htaccess file. The wizard will generate the code which you must paste into your.htaccess file. Detailed instructions come with this wizard. The limitation is that you will need to remake this file and add the name of each new member who joins you. A free desktop wizard is available from - http://www.htpasswdgenerator.com/download_htpasswd_generator.html. This will set up your access file in a similar way.

There are free services available which will help you provide password security for some of the pages of your website. Bravenet.com is a very popular service which provides this. Puppydog.com offers a similar service. You have limited pages protected with these free accounts. You are given tools to protect more pages when you sign up for paid services. The instructions with these services are very simple but may include some pasting of HTML or JavaScript code into your pages.

Zubrag.com offers a free PHP script for giving password protection to your pages. This will give a greater level of security to your page than the services like PuppyDog. This option calls for a higher level of skill to apply than the others. For the person who knows how to install a PHP script the Zubrag offering has real advantages. You set it and forget and you do not need to sign up for a free service that you night not otherwise want.

These are helpful and rather simple methods for adding password protection to parts of your website. A couple of words of caution are due. Some of these methods will be effective against novice Internet users only. To keep a hacker out would call for solutions with greater sophistication. The Roles features in Drupal should do unless the hacker has some way to steal the passwords from the organization. The point that I am making is to not upload info that is mission critical if you intend to use a simple method of security. Companies whose futures ride on trade secrets should not place them on the Internet. There are other methods for to access data remotely. These password protection methods are helpful for light duty security but don’t rely on them for protecting data confidential data.

Web design is a complex process involving many important steps. Many companies struggle to keep their mission first in their actions. Rather than setting aside trained persons to learn and implement a company website it may be a better choice to hire qualified individuals to do it for you. Due to the complexity of web design, server configuration and web deployment it pays to look for qualified persons to take that burden for you. Qualified help is available on an affordable basis. Contact us now for consulting or the setting up of your website with secure, private pages.
Greg Nicholl is a qualified Website Designer
offering HTML and Drupal web design and Great Linux Hosting.

Article Source: http://EzineArticles.com/?expert=Greg_Nicholl

Article Source: http://EzineArticles.com/6130005

No Comments

Mod M, August 20th 2011 | Tags: access, hacked, identity, passwords, unauthorized access, websites
Posted in Digital Asset Protection

Small Business Easy Target for Hackers

A primary role of any small to medium sized business leader is to manage costs and cut back where possible, especially in tough economic times. In doing so it is important that these efforts do not compromise the ability to secure information, minimize liabilities and ultimately make money.

Many small business managers believe they are less likely to be a target in a malicious attack because their company is small, but this is simply untrue. Hackers prey on small and medium sized businesses because they generally take fewer security precautions than their larger counterparts making them more vulnerable to these types of attacks.

Smaller businesses are generally more entrepreneurial and less emphasis is placed on rigid policy and procedure; therefore, a laid-back approach to best practices is often adopted as a result. The simplest precautions to implement are also the easiest to overlook and this is cause for trouble.

The bullet points below provide a quick and easy checklist to help reaffirm your commitment to security.

Training and education: Make sure that all employees understand the importance of the matter so that no one is a weak link in the system.

Access procedures: It may be convenient and productive for employees to log in extra hours and work on company files at home but keep in mind that anything brought in from outside is an instant threat. One infected file can contaminate an entire network. Formulate a plan to address this. Consider a company policy that forbids this practice or even disable USB ports. It is possible to disable only the flash drive portion of the USB so that they still are compatible with other functional hardware such as keyboards and mice.

Review permission: Employees should have access only to the parts of the system they need to complete their job function. It is particularly easy to overlook default settings when initiating a new user. Also, schedule this review periodically as job functions and needs change over time.

Change passwords regulary: Periodic changes to passwords are sometimes required but if not, employees are reluctant to update them. It is difficult to remember new passwords, after all a person can only have one birthday, birth city and first pet but this is an integral part of an overall strategy for information security at every level including servers, systems etc.

Research cloud computing solutions: Make sure that the vendors you partner with take security as seriously as you do. Research each vendor especially those who store or manage secure information for your company.

Install and update virus software: As much as we all know about the importance of virus protection delaying updates and not registering pre installed software are common occurrences. Don’t make this mistake. A quick email reminder to all employees is a great way to keep this topic top of mind among your team.

Alex Famili is the co-founder and principal of Twist Solutions, LP. Twist is a Dallas, Texas based Computer support company specializing in computer system management and Computer service.

Article Source: http://EzineArticles.com/?expert=Alex_Famili

Article Source: http://EzineArticles.com/6489283

No Comments

Mod M, August 20th 2011 | Tags: passwords, unauthorized access
Posted in Articles, Digital Asset Protection

Protecting Your Most Valuable Information

Your trading account has some very valuable information in it. There is your personal information like your address, phone number, birthday and even your social security number. On top of that, there may be your bank account numbers and other sensitive financial information.

If hackers get into your account, they could change your payment information and have a check sent to their address instead of yours. Or even worse, the could steal your identity and start getting credit cards in your name.

So how do you prevent this? There are a few simple measures that you can take, but most of them center around keeping your online passwords safe.

Most people are very lax when it comes to choosing a secure password and even more careless about where they store their passwords. I will address these issues one at a time and hopefully by the end of this article you will be convinced to make some changes to beef up the security of your accounts.

The first step is to choose a secure password. Too often, people choose the name of their spouse, child or pet. Another popular one is their birthday or something equally as obvious.

Choosing obvious passwords is not only easy to guess by humans, but easy to crack by computers. What many password cracking programs do is guess your password from a list of frequently used words. This usually means all lower case or all upper case. For example, if you use ‘sally’ as your password, that would be very easy to guess.

When creating a password, you should mix lower case, upper case, numbers and symbols. This creates the most secure password possible. In addition, you should make your password at least 10 characters long. This makes it even harder for people to crack your password.

Now we come to where you store your password. No matter how secure your password is, it doesn’t matter if others can easily access your password. Two common mistakes are putting passwords in a file in their computer or storing their password in their browser.

When storing a password on their computer, people often put it in an Excel document or a regular Notepad file. If any one is able to get into your computer, they could easily search for “password” files and the password file could be copied. Do not do this!

The next common mistake is to store passwords in their browser. If anyone gets access to your computer, the person would just have to open a browser and the passwords would automatically be filled in. That is not good at all.

So what is the solution? You could purchase a password manager for your computer. They are very inexpensive and store all of your passwords in a secure file. You just need one super-secure password to open the program and you will have access to all of your passwords.

In addition, the password manager can generate secure passwords for you every time you create a new account or if you want to change an old password. Check them out, they are totally worth the money.

Hugh is an aspiring trader and blogger. Check out more of Hugh’s tips and see his password manager review on his blog.

Article Source: http://EzineArticles.com/?expert=Hugh_Kimura
Article Source: http://EzineArticles.com/6479958

No Comments

Mod M, August 15th 2011 | Tags: identity, passwords
Posted in Articles, Digital Asset Protection