Wednesday, July 28, 2021

Version 0.3.6 Release Completed!

 Version 0.3.6 Release Completed!


Version 0.3.6 has been released. The application would automatically get updated.

The application can be accessed from here.


Version 0.3.6 Release Completed!

Version 0.3.6 release!

 Version 0.3.6 release!


Version 0.3.6 of SimplePass will be released in the next 24 hours! The new features are:

1) SimplePass now tracks create and update dates of passwords. Password expiration days can be configured in settings. List page has the ability to filter expired and soon to be expiring passwords. As a good password management practice, periodically changing passwords is a best practice.

2) Master password creation and update dates are tracked. Changing master password is also a good practice. Just don't forget, there is no way of recovering if you forget the master password. Although the application requires at least 4 alphanumerics for the master password, the longer the master password the higher security.

3) Whenever a new password is generated or re-generated, password strength is displayed. The higher the number, the better.

4) Some rework on the internal working of the menu system for some future work. This has no visual effect for users.

More features are planned in the roadmap of the free version. The current roadmap can be viewed here. In addition, the following features would be provided as part of the free version.

1) Tracking the backup status of entries, so that you would know if there are entries that haven't been backed up.

2) Google Drive, Microsoft OneDrive, and Dropbox integration for easy backups and imports across devices. But you are responsible for safeguarding these accounts.

3) Remembering parameters used to generate each password, so that the settings are remembered for each entry.

4) Groups - Allowing entries to be arranged as groups such as email, internet, banking, education etc...

5) Optional Recycle Bin type of feature for deleted entries.

6) Additional security layer such as public/private key instead of the master password and/or in addition to the master password.

7) Native apps for Windows Store, Windows Desktop, MacOS, Linux, Android Mobile and Tablets, Kindle Fire, Apple iPhone and iPad.

8) Google Chrome, Firefox and Edge Browser extensions.

9) Notes, Encrypted Notes as part of entries.

10) Select multiple entries and perform various things.

11) Autofill prompt for usernames in entries.

12) Vaults - think of vaults like multiple files. One vault for work purposes, another for home-related. Or one vault in memory mode another vault like the current mode.

13) Ability to import passwords from CSV files. Some 3rd party applications allow exporting passwords into CSV. So, if you are using a third-party application and want to switch to SimplePass, this would be easier.

14) Update Password mode. - When updating passwords on websites, usually we enter the current password, new password twice, and click save. In a similar way, SimplePass would hold the current password and new password. Once the change is successful, Clicking update would remove the old password and replace it with the new password, else, the new password will be discarded. 


Version 0.3.6 release!

Tuesday, July 27, 2021

Summary Post

Summary Post


SimplePass receives an A+ on SSL Labs. The report can be accessed here.

A video demoing the usage and features of SimplePass can be accessed here.


ALight Technology And Services Limited is now a Microsoft Partner!

Partnership related link: https://www.alightservices.com/partnerships

Here is the link to partner details webpage on Microsoft's website: Microsoft Partner Details

With that, ALight Technology and Services Limited is open for offering consulting and development services.

Remember that the address is a virtual office.

Official LinkedIn, Facebook and Twitter links are:

Facebook

LinkedIn

Twitter




There is a super-advanced technology that is state-sponsored and has invisible drones with some very advanced technology. Such technology does exist, and some of the capabilities are:

1) Spying camera, can see from various angles. So whatever you see/hear can be seen and heard by the state-sponsored spies.

2) Whispering speakers can make sounds, talk, whisper like devil / satan.

3) The most advanced technology - Mind reading capabilities - They can know what you think/visualize.

There might be some more technologies, including some invisible hand type of technology, such as the capability to press keys on an unattended laptop/mobile.

 

In this kind of state-sponsored advanced raw technologies, how can we protect our accounts? How can anyone be protected in a world of targeted hacking?

 

1) Passwords should not be displayed/memorized/typed.

2) Even if a password is memorized or keyed in, some multi-factor authentication and the authentication method should not allow duplicate logins. For example, if the hacker/spy also entered the same password and the same OTP, the system should reject both attempts.

 

With the above two points in mind, simple pass is trying to solve a specific problem. That's why simplepass never shows passwords on-screen nor allows entering your passwords. Once all the features of the free version are entirely implemented, there might be some paid subscription features that will address the above-mentioned problems in a very secure way.

As of now, as a user of SimplePass, you are responsible for the physical security of your device, how and where you store your backups.

 

This blog will periodically provide articles and practical tips on securing accounts and various ways of protecting passwords/accounts. Maybe even provide tips and tricks for security-conscious developers.




It's always a good practice to secure online accounts. This article describes some ways to secure accounts.


Most online accounts nowadays have support Multi-Factor authentication (MFA). When and where possible, enable MFA. Some of my favorites that provide MFA are GMailOutlookFacebook. Several different types of MFA options are available:

1) OTP based - The application would send a small special code to a specified email / mobile number and prompts for that code to be entered. Although, I like this approach, I am a bit skeptical.

2) Mobile notification alerts - Some applications send a alert to a mobile application and ask for approval. Microsoft, excels in this approach, by displaying a special code on the login screen, the notification displays the special code and prompts for approval. I like Microsoft's approach in this method.

3) Physical Hardware Key such as YubiKey from Yubico. This is my most favorite approach. The small hardware key just sits on my keychain along with my physical keys such as house key etc... The drawback is what happens if the key gets damaged.

4) Authentication Codes: Some websites, allow scanning a QR code as MFA in applications such as Microsoft Authenticator / Google Authenticator. Once successfully setup, the website prompts for a code to be entered, the Authenticator applications display a unique time based code that gets changed every few seconds.

Each approach has it's own strengths and weaknesses. For example, what would happen if you lose sim card / mobile phone / hardware key. How easy is it to backup accounts, restore accounts. Irrespective of the MFA approach that you would use, it's always a good idea to enable and use MFA.

Some websites if not all have a recent activity page that displays sign-in attempts, where the account is logged in and allows remotely logging out those unused sessions. I would say regularly reviewing this activty and removing unused sessions would be prudent.

 

Stay safe and vigilant from online hackers and frauds!

Summary Post

Blog Moved to a new system!

Blog Moved to a new system!


The blogging platform has been moved to a new platform. The blog is now hosted on Google's Blogger platform. The older entries were not moved to the new host. But, I plan to make a summary post of the older entries in the next 24 hours.


Blog Moved to a new system!

WebVeta has been accepted into Athena.vc, actual details not finalized yet!

  My Software as a Service (SaaS) product, WebVeta , has been accepted into Athena.vc . Athena.vc is a venture capitalist firm with a stron...