First Direct Update

Earlier in the week I talked about my concerns with First Direct’s new password policy. I got an email from them about this, but it really wasn’t very reassuring. But I kept digging. And on Thursday I got a bit more information from “^GD” on the @firstdirecthelp twitter account. It still doesn’t answer all of […]

Free Web Advice: Marvel

It’s been a few years since I wrote a “free web advice” piece, but I got really annoyed by the Marvel web site this morning. About a year ago I subscribed to Marvel Unlimited – a plan that gave me access to all of Marvel’s digital comics for about £40 a year. This morning, I […]

Internet Security Rule One

Internet security rule one is “do not share your password with anyone”. There should be no exceptions to this rule. If anyone asks you to share your password with them, your answer should always be no. Sometimes people say “oh well, it’s only a password for [some unimportant web site] – what harm could it […]

Twitter Supports OAuth

I’ve been seeing various announcements and trials over the last few weeks, but it seems that the wait is over and Twitter finally officially supports OAuth. This means that there is no longer any reason for third party web sites to store your Twitter password if they want to interact with Twitter on your behalf. […]

Password Antipattern

I’ve come across the “password antipattern” twice today. And I had different reactions to it each time. I thought it was worth trying to work out why that was. Let’s start by explaining what I mean by the “password antipattern”. There are many bad ways to handle users’ passwords which I’ve discussed at length before, […]

Hating Computers

Right now I’m hating all computers with a fierce intensity. You all know about the server disk crash. I’m still dealing with the fallout from that. In addition to that, on New Year’s Day I upgraded my main desktop machine to Fedora 8 – with the result that the wireless network (which is how that […]

Password Basics

I’ve banged on before about the need for web sites to store passwords encrypted. This is a good example of why it’s necessary. Fasthosts, “the UK’s number 1 web host”, has fired off emergency emails telling customers to change all their passwords after police were called in to investigate a major data breach. Also note: […]

Basic Password Handling

This afternoon I signed up to a new web-based application from a very well-known media company. I gave them my email address and the password that I wanted to use and a few minutes later I got an email from them confirming my registration. That was fine. But then I noticed that the email from […]