We all know that securing an account with just a password isn’t as secure as it used to be. Nowadays, you may also be asked for a second authentication code before you could access an account. Nonetheless, the second authentication protocol could be breached by a sophisticated hack. To protect the second authentication protocol better, you now can purchase a physical security key to harden the second authentication protocol. This means without a physical key, the hacker would have a very hard time trying to access your account. For an example, they could hack the service which hosts your account to have an access to your account, but this could also be hard for the hacker if the service is well protected. Anyway, check out the video right after the break to see a physical security key in action.
Warning: Following the instruction below at your own risks, because bad things happen! Don’t blame me for your bravery in destroying ownCloud’s database if something goes wrong and beyond one’s expectation. Nonetheless, I’ve used the exact directives to successfully change the admin and users passwords for ownCloud.
Forgetting your ownCloud’s password? Whether your ownCloud’s admin or regular user password is lost, you can always restore or change the password for the admin or user. Perhaps, you forgot to enter the email address into user’s settings to receive lost password reset email, to think that you’re stuck is being crazy. Of course, unless you forgot your MySQL database’s root password too, then you really are stuck and won’t be able to access your data that reside within ownCloud. Nonetheless, let’s hope you aren’t yet out of options, then you can totally use your MySQL’s root password to edit your ownCloud’s admin or user password. I won’t talk about how to access and edit any other database as I can barely get around MySQL. Nonetheless, read on and the trick is here to treat you well.
I don’t even bother with MySQL command lines, and so I sure hope you have installed phpMyAdmin. We will use phpMyAdmin to edit out the oc_users table’s passwords.
- So, first of all, log into your ownCloud MySQL’s database as a root user or the owner of ownCloud database through phpMyAdmin.
- Secondly, expand the left panel and expand the ownCloud database. You should see bunch of ownCloud tables underneath ownCloud’s database, and these tables should begin with oc_ extension. Try to find oc_users!
- Click on oc_users to access the oc_users table. Before you even think aboud editing a user entry within this table, you must know that once you edit a user’s password there is no going back to the original password. Of course, if you already know the original password, you wouldn’t do this in the first place!
- Click on the edit link next to the user to access the oc_users’ user entry. In here you can change the password for a user. Don’t do anything yet though, because the passwords store within oc_users table are encrypted with whatever. If you delete the encrypted passphrase, you basically delete the password. Nonetheless, you can’t enter a password of your own, because your password isn’t encrypted. If you try to enter a plain password, your user account won’t see the password change. Furthermore, if you try to empty out the password, ownCloud’s login page won’t allow you to access ownCloud service even though you had emptied out the password.
- If you read my instruction carefully, it means you haven’t done anything yet. Good, because now you need to open up a web browser’s tab or a new web browser so you can go to http://pajhome.org.uk/crypt/md5/ (link). If this webpage is still the same and has yet to be changed, under the Demonstration section you should see MD5/SHA-1 boxes. Instead of entering a real password that can be read by the owner of this website, you need to enter a weak password (that you plan to change it later) into the Input Calculate Result’s top box. When done entering a temporary password that is easy to remember, hit the SHA-1 button to allow the webpage to generate the SHA-1 hash. Make sure you copy the SHA-1 hash result in the bottom box.
- We need to paste the SHA-1 hash passphrase into the password’s value field (box) of a user you want to change the password for within the database. So, back in phpMyAdmin, within a user’s entry which resides within the oc_users table, you need to enter the SHA-1 hash into the password’s value field (box). Hit the Go button which situates right underneath the password’s value field (box). This should do it.
- Now, you can try log into ownCloud service with a new password that you had created for the ownCloud user. Of course, the password isn’t the SHA-1 hash passphrase, because the ownCloud’s login page expects the regular plain password that you encrypted with SHA-1 hash earlier. If everything goes as plan, you should be able logging into the ownCloud’s admin or user account. From, here you can change the password in Personal page, and so you should change the password you just changed for your ownCloud admin or user into a really strong password.
Now, you can chuck down a beer and congratulate yourself a job well done.
A Master padlock with “r00t” as password. Español: Un candado marca Master con “r00t” como contraseña. (Photo credit: Wikipedia)
I think I had written about how you could just boot a Mac into a single user mode to basically reset a password for any user, and by this I really mean any user (i.e., even for an administrator account). You probably would say “OK genius, I can just do that with booting into Mac the normal way, right?” If you remember an administrator password or a user password, then it should not be a problem for you to just boot into Mac normally and change the password. Nonetheless, in this case, I’m talking about a situation when you forget an administrator password specifically, therefore you can’t really use an administrator account to change a normal user password if you also forget the password for a normal user too. Also, when you don’t remember your administrator password, you can’t really update your Mac OS X to a newer version and do more with your administrator account. Unlike before of how I had written only of how to reset an administrator password or any user password on a Mac, this time around I made a video so you can follow my video step by step to reset a password for an administrator account on a Mac. So enjoy the video right after the break!
Social Network – Copertina (Photo credit: marcomassarotto)
Whether social network phenomenon will stay or fade away in the next ten years, nobody knows, but we do know that social network phenomenon will allow hackers to get to know their victims way easier and better than before. If one is not too careful about keeping secrets off of a social network, then such secrets have to be revealed, right? It does make sense! Especially, the web (e.g., social network, blog) is never a good place to keep secrets away from the world. Even worse, I don’t think hackers need to know your secrets to be able to hack you and more, because sometimes they can analyze your other freely available social network information and might come up with a hacking strategy that might just work against you beautifully. Sometimes, the victims aid the hackers tremendously by making unbelievable weak passwords, and such passwords might be the names of their dogs or cats or whatever that the hackers can peruse through a social network profile. In a sense, it’s a no brainer for hackers to check out social network profiles of their targets for easy luck, because it might be one of the quickest ways to figure out somebody really quick. What worse is that if a social network user is too careless about keeping confidential information of their workplace off of a social network, one might expect hackers will love that. In my opinion, it is easy to expect that some people out there will be too careless and reveal something that they should not reveal about a company that they work for while using a social network. This might be why some big corporations prefer their employees not to be too entrenched within a social network. After all, a social network can be a place where hackers can conduct their social engineering skill. Even the hackers themselves might be fooled by others in a social network, because social engineering does work beautifully against just about anybody who is not too careful. For an example, a lonely hacker might give away their important information such as real name easily to someone who has a sexy picture on his or her social network profile. In sum, I think social network web services have been and will always be teeming with hackers and victims.
Web browser (Photo credit: Wikipedia)
Mac users who use Norton Internet Security for Mac do not have the feature where they can save passwords securely so the passwords can later be autofilled into various web destinations that they frequently visit. Windows users who use Norton Internet Security do have this feature! Just recently, I’ve found out Symantec provides free Identity Safe app in Mac App Store, and so now Mac users have the option of using this app to save and retrieve their passwords with less hassle than before.
Unfortunately, Identity Safe app seems to be pretty crude! What I mean by this is that I think it only works with Safari web browser. I can’t really use it with Chrome and Firefox web browser. For an example, once installed the app, added a web destination with its proper credential, clicked on the app icon at the very top of the screen, clicked on the web destination under recent logins list, and a web destination would open in Safari web browser automatically with proper credential filled in (i.e., password and username). Of course, Identity Safe users can click on View All Logins within the Identity Safe app to view username and password for a specific web destination, and by doing this Identity Safe users can manually copy and paste the credential into a web destination with browsers that are not supported by Identity Safe app. This is a hassle of course!
Although I haven’t yet tried the import of logins for Safari, I’ve noticed a lot of app reviewers have complained that this app isn’t allowing to batch importing logins (i.e., can only import each login one by one as one has to approve the import for each login). If this is true, then the whole purpose of importing logins from Safari can be rather self-defeating since it will be so cumbersome to actually import hundreds of logins one by one. So, this is another hassle for using Identity Safe app.
Even though Symantec’s Identity Safe isn’t yet polished to my liking, I still think it does serve a purpose of safekeeping logins securely. Nonetheless, you have to trust Symantec in order for you to trust and use Identity Safe app. In my case, I do trust Symantec, therefore I don’t mind using this app. In my opinion though, there might be many other password/login apps that may provide better features in safekeeping one’s logins than Identity Safe app. Honestly though, if one doesn’t yet have a good app which helps securing logins on Mac, then I don’t see why one should not use Identity Safe app on Mac since it’s a free logins protection app from a trustworthy security company Symantec.
Image via Wikipedia
Windows 8‘s newest feature yet that Windows 7 and other major operating systems won’t have is to allow users to sign into their accounts with picture password. Before you say, “Hey, that doesn’t seem to be that secure,” it turns out Microsoft is coupling touch gestures with picture password so it won’t be too easy as in just selecting the correct picture password. If I’m not straying too far from facts, then each user should be able to log in faster with picture password by gesturing with at least three different touch gestures on a specific picture password.
Administrators can turn off the picture password feature if they favor text password feature. To prevent hackers from illegally attaining easy remote login, Windows 8 automatically disables picture password for remote login. It makes sense, users should be able to have a way to log in to their accounts faster and less problematic but still be considered as secure as usual, and so Microsoft’s answer is picture password for local network only.
I’m hoping Microsoft would add one more layer of security such as simple pin number or face recognition or voice recognition just to make logging into one’s account would be even more secure. Of course, face and voice recognitions aren’t hard to hack, because hackers could always photo someone’s face and record someone’s voice to bypass face and voice password recognitions. This is why I think such additional password recognition measures are good only if these are coupling with each other in layers. This way hackers must attain more than one things to bypass the layers of authentication.
I think it’s a good thing if users don’t have to remember long text passwords, because they might write down long passwords and leave such passwords in obvious places that anyone could have access to their passwords, consequently defeating the whole purpose of strong passwords. I think Windows 8’s picture password feature might not be adequate in protecting users’ logins even though Windows 8 is coupling picture with touch gestures to create stronger picture password. This is why I emphasize that picture password and touch gesture combination as an authentication method for Windows 8’s new password feature might need one or more layers of authentication such as face recognition. As long the additional layers of authentication are accurate and fast to execute, I don’t see there will be a problem of allowing users to log into their accounts fast, safe, and easy.