agileBase automatically checks whether your password has been leaked

login

One of these days, we won’t need to remember passwords, everyone be able to quickly and easily log in to services with biometrics (e.g. face recognition, voice recognition, even heart rate recognition), USB keys or perhaps chips in our phones/watches/jewellery or embedded under our skin!

Until then, we have to manage our passwords. The problems are many – these days, short or simple passwords don’t cut it. They’ll be easily ‘brute-forced’ by attackers, trying millions of passwords per second. So, we have to remember a long and complex password. However, not just one, these days a typical person will log in to at least dozens of websites, apps and services. Using the same password for all of them is a bad idea.

Currently, the best solution is to use a password manager. We use 1Password here at agileChilli but there are others available.

One thing you may or may not know is that if a service’s passwords (or password ‘hashes’) are stolen, they will often be published on the internet by hackers for everyone to see. That’s what happened recently to companies like Adobe and LinkedIn. In other words, if you use a password for services A, B, C and D and user details are hacked for service A, someone can often look up those details and use the same ones to log in under your name, to B, C and D too!

Luckily, hackers aren’t the only ones who can look up lists of stolen credentials. Troy Hunt, a Microsoft Regional Director and MVP, has performed a great public service by creating an easy to use tool for checking a password against a massive list of previous data breaches.

We have now integrated with that service (which you can try yourself manually at https://haveibeenpwned.com/Passwords). Whenever you try to set a password in agileBase, it will first look it up to see if it’s previously occurred in a data breach and if so, it won’t let you use that one. That either means your password has been previously stolen, or you’re using the same password as someone else who’s had it stolen, in which case it probably isn’t a very good one. Either way, you definitely shouldn’t use it and if you use that password for any other services, you should  change it immediately.

By the way, when checking, the password you type isn’t actually sent to the third party service in ‘plain text’, it’s all managed securely. 1Password were one of the first organisations to take advantage of the new version of the service a couple of days ago. If you’d like more information on how it works, their blog post is a good read.

Now we’re pleased to follow suit and announce our integration with this valuable service.

HTTPS everywhere

Whilst we’re on the subject of data security, another recent update has been to our public website, www.agilechilli.com. SSL encryption is now used for the whole site.

SSL has always been used for the agileBase platform itself, not just while sending your login credentials, but for all data transferred during use. However, the entire public website (our product info, case studies, pricing etc.) is now encrypted too. For some information on why this is a good idea, please take a look at https://doesmysiteneedhttps.com/

Thank you to CloudFlare for making this a really easy thing to set up.  If your own company’s website doesn’t yet use SSL (HTTPS), then we encourage you to suggest it to your web or IT staff.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s