The ultimate password genius! (Not)

KeysIf I wasn't banging my head against a brick wall so hard, I might actually find this funny.

Consider this question.

"What's your favorite internet password?"

How would you feel if a website asked you tell it what your favorite password is?

Richard Wang, one of the threat experts in SophosLabs, pointed me towards the UPSJobs website, where you can create a profile if you're interested in investigating a career with the company.

As you can see in the video I made, it's easy to create an account - but they don't offer much help when it comes to choosing a sensible password to secure it.


(Enjoy this video? Check out more on the SophosLabs YouTube channel and subscribe if you like.)

The UPSJobs site actually encourages you not to use a unique password, but instead to use a password that other people might be able to guess (such as the name of your most loved pet or movie).

What really gob smacks me, however, is that they should prompt users to use their "favorite internet password"! That's hardly a safe thing to encourage.

What's your favorite internet password? [Click for a larger version]

It actually gets worse. When I first created a profile on UPSJobs, and tried to use a half-decent password (one that contained extended characters such as exclamation marks, and dollar signs), the site wouldn't accept it as my password.

Again, by refusing to accept a more complex password they were actively encouraging me to choose a simpler, easier-to-hack password.

On many occasions Naked Security has written about how to choose a strong password, but it shouldn't be forgotten that websites can do more to assist security too and help prevent innocent users from making unsafe choices.

Follow @gcluley

* Image source: canonsnapper's Flickr photostream (Creative Commons)


VMware Unveils vSphere 5 and the Cloud Infrastructure Suite

Today VMware’s announced releases include vSphere 5, vCenter Site Recovery Manager 5, vShield 5, vCloud Director 1.5, and the new vSphere Storage Appliance 1.0. These are joined by vCenter Operations, which launched in March of this year.

The launch is being done via a live online event featuring presentations by Paul Maritz and Steve Herrod!

I’m actually watching the presentation right now and some of the new features in vSphere 5 are awesome!

The video below comes from the VMware blog and highlights and the 200+ new capabilities that have been added!

VMware Horizon App Manager Overview

Yesterday marked a major milestone for VMware’s End-User Computing vision with the launch of VMware Horizon App Manager, a user-centric management service for accessing cloud applications.

At its core, VMware Horizon App Manager includes an identity-as-a-service hub that securely extends a user’s existing identity in systems such as Microsoft Active Directory or other directory options, into third-party public cloud applications like Box.net, BroadVision, Google, salesforce.com, WebEx and Workday. This dramatically simplifies the management of multiple access credentials, a necessity brought about by the growing number of cloud applications now found in a typical enterprise. Simplification benefits both IT and users by collapsing separate identity silos into a single enterprise identity that secures user access across private and public clouds. In addition, the VMware Horizon App Manager provides an open, user-centric platform for accessing cloud applications within a single portal that is accessible from a wide range of end-user devices.

Horizon will leverage this foundation of enterprise security and policy to help customers manage other services including virtualized Windows Applications, published applications, data services, and some of their own next generation applications like Sliderocket, Zimbra, and Mozy.

This video provides a brief overview of the product: