Posted by: bofe | April 18, 2006

Identity Inventory

From a security standpoint, I should have unique usernames and passwords for 40+ services. Think about all of the services you’ve used that/those good password(s) on—the last.fm, myspace, facebook, itunes, xanga, livejournal, gmail, hotmail, aim, msn, icq, yahoo im, all of the forums you may be a part of, del.icio.us, blogger… oh and if you’re of the techie persuasion… your active directory password, your shell passwords, your ftp passwords, your email accounts, the databases, mailing lists, gallery installs… the list can go on forever. Most of us aren’t oblivious enough to write the passwords down—or worse, create a text file with a list of our accounts/urls and passwords… let’s face it:

By using a fixed set of passwords that do not fluctuate, we have created a gaping bottleneck which could serve as a gateway to a complete identity breach.

I’m sure as hell not smart enough to remember a strong unique password for each service that requires a username/password set. If you’re that smart, you should be reading books about String Theory or a writing really complex musical piece. Unique Strong passwords are a nightmare to manage! Any way you slice it, even if you have a ‘password convention’ you still aren’t being as secure if you had completely independent passwords.

Enter password management software. Enter Defygo.

Defygo is software designed to make your security easier to obtain. The software’s name is a play on the Latin word for security. It’s been pretty awesome watching this piece be developed. The staff at e-liberty has been hard at work on this project for a while.

The feature of Defygo I use the most is a roaming identity management. It’s a password vault that is web based. The obvious question here is “should I trust it?”—let’s just say if there is a compromise of their technology it could be considered a miracle in my eyes. Other features include email encryption, file encryption, and a secure buddy listed messaging program (cryptograms).

A little more on Defygo’s security…All data is all transferred over SSL—- everything is encrypted. I was lucky enough to get to see their master database from phpMyAdmin and it looked like I was staring at The Matrix. I could go on more about how secure this program is, but I honestly do not understand all of the security behind it. If you’re a security guru, Defygo’s Tech Specs should appease your needs.

So…if you’re not a super genius and you value your digital identity, give Defygo a try.

Oh, and for the developers out there: The Frontend is done in VB.NET (maybe this will make Scoble happy) and the backend operates on PHP/MySQL (which makes me very happy).

Posted in Personal | Tags: ,

« A Quick Demo
27 Years »

Responses

Knowing the people that wrote it, being a security freak, and having seen a older demo personally, I can say that this app rocks your face.

By: clayton on April 18, 2006
at 23:51

Alright, so wait… Is this a web thing, or is it a desktop thing? or is it a desktop thing that goes over the web?

Regardless, so what this thing does, is remember all of my passwords, but the way I access it, is with one username and password? And thats supposed to be more secure? So now, if someone finds out that one username and password, they not only know all of my username and passwords, but also all of the services I have usernames and passwords for!

Maybe im reading it wrong, but doesn’t sound all that secure to me…

By: ryan guill on April 19, 2006
at 06:13

Your view is going to be very common and it is not wrong. All Single Sign on sollutions we see popping up in the security industry create a single point of entry so to speak. So the idea is that if your protect your single point of entry like your life depended on it, then in the end you might actually be more secure than you were trying to guard multiple points of entry. Defygo has two fold authentication. It has your e-Liberty username and password and your Defygo Security Key. Someone would have to guess both. There are bruteforce mechanisms in place to block individuals who may be tyring to guess your credentials along with some other keystroke recorder prevention options.

If you choose two really good secure passwords (numbers, letters, caps, special chars, etc..), then it would be mathematically impossible for someone to bruteforce both in this lifetime. Especially with bruteforce prevention in place. If you are leary about the vault then enjoy the secure communication and you have nothing to lose.

By: dmac on April 19, 2006
at 07:07

I want it to do my Laundry, will it do that for me?

By: Danger Frog on April 19, 2006
at 10:52

Danger Frog: No, but Ruby on Rails will.

By: Stephen Mizell on April 19, 2006
at 21:45

I have my doubts about this site. Read this.

By: Monsolo on June 17, 2006
at 21:45

Here’s the link: http://www.technopinoy.com/?p=146

By: Monsolo on June 17, 2006
at 21:45

Leave a response






Your response:

Categories