for July 23 & 30, 2003

July 23

Hi, All;
This week: A follow up question about passwords

If you use Microsoft "Passport" to save your passwords, for example on Ebay, where is that password stored, is it secure, and how do you change or delete it?

A very good question, and one that I did not cover in the last couple of columns. The quick answer is yes, the passwords and ID's are stored on the server of the organization that you are working with. Storing your passwords on your PC only saves you having to remember them. When you sign up for a service like Ebay or any email account, the password and ID you are asked to enter are stored on the security server of the service provider. This also applies to your credit card account information! This is why you have to know whom you are doing business with and to always make sure you are ordering on a secure web site. In I.E., look for the locked padlock in the status bar of the main screen, and the web address should have SHTTP: /xxxxx.com (Secure Hypertext Transfer Protocol). It is this storage of vital information that causes fear of hackers if they access a sever with thousands of credit card numbers and passwords (including yours) and then sell the list on the black market. Everyone loses but the hackers and the crooks.

How do you change your ID or Password? Usually on the home page of each organization's web site there is a place to change your password (make sure you change in on your stored copy on your PC also). However, to change your ID you usually have to create a new ID with a new password and let the organization worry about all the non- used IDs that are hanging around on their hard drives. You cannot delete an ID.

'Til next week, (ComputerFAQ#149)

Robert

July 23

Hi, All;
This week: More about passport and passwords- Pt 1

Thanks for the extended answer about passwords. However, the "Passport" you can elect to use on ebay is not ebay's regular in-ebay memory of all users' passwords. It's called "Microsoft Passport." This has nothing to do with Microsoft Internet Explorer- I use Netscape. On our Macs on Netscape, every time we fill out a form we're asked, "Do you want to save these entries?" I was worried that they were being saved somewhere out yonder, so asked Netscape. No, they're saved on my own machine, ready to be entered automatically if I ever access that address again. And he gave me a way to delete all of them; perhaps you can't apparently delete individual ones, just all at once. Having them entered only on my machine is OK with me, someone would have to steal my machine to get them. But having passwords stored, not on my machine or in the business I ordering from, but beyond that on Microsoft Corp.'s PassPort servers up in Bellevue worries me.

Let me take a moment here and see if I can help confuse things. First, we have to remember that for every password you have, either in your memory or on your hard drive, has a mate on all of the web sites you have to put a password into. Otherwise, how would the server know that it is (supposedly) you? So if your password is on the web site's server and on your hard drive, that's two places that hackers have access to your passwords. Yes, both are encrypted, and in the case of the small business or home user not worth the hacker's time to try to obtain. However, the hacker does not know that the IP Address he just captured is a home or small business PC and is looking around the hard drive or using an automated program to find and download password files to his computer. He just gets a password file, and if it just yours, that is one problem.

But if he gets into a big company's password file--especially one like Microsoft which collects EVERYBODY's Passport passwords, he then has tens of millions of passwords! He knows what the file names of password files are and can get in and out without your knowing it.

Even if you just dial up, as long as you are on the Internet, your PC is vulnerable. If you have a DSL or other full-time access to the Internet, you are very vulnerable. Which leads us into the need for a black box or software called a "firewall."

But, like always, I'm more than out of column inches for today. More on passwords,
Passport, and firewalls over the next few weeks.

'Til next week, (ComputerFAQ#150)

Robert

July 05, 2000 Introduction to ComputerFAQ

July 12, 2000 Computer Definitions

July 26, 2000 More Computer Definitions

August 02, 2000 Defining Bits, Bytes and Hex

August 09, 2000 Internet Service Providers (ISP)

August 16, 2000 Backup up your PC

August 23, 2000 Backup Devices.

August 30, 2000 What is the slowest PC for Internet Access

September 06, 2000 PC Nomenclature

September 13, 2000What to do with Mail Attachements.

September 20, 2000What Happens at boot up

October 04, 2000Desktop Areas

October 18, 2000Start Button

October 25, 2000Display Made Bigger

November 01, 2000 More Monitor Controls

November 15, 2000 Right Click Display Menu

November 22, 2000 More on Desktop Menus

November 29, 2000 More on Desktop Menus

December 06, 2000 Desktop Properties Menu - part 1

December 13, 2000 Desktop Properties Menu - part 2

December 20, 2000 Desktop Properties Menu - part 3