The Internet Society is an organization that tracks the use and influence of the web and releases policy recommendations associated with online access. For its annual survey it asked more than 10,000 people in 20 countries their thoughts on a series of questions. The results in some cases were surprising. For example, the U.S. had the highest percentage of people who never used audio/visual conferencing online, with 56 percent saying they never used services like Skype or WebEx. Globally, only 27 percent said they never used an IP-based web conferencing tool.

U.S. respondents also were the second most likely to avoid instant messaging, with 42 percent of Internet users saying they didn’t use an IM service compared to 16 percent globally. Only Germans were less likely to use IM — 47 percent said they don’t use instant messaging services. And while a majority of the respondents were concerned about their online privacy and took some steps to control access to their online profiles or turning off location tracking on occasion, a surprising large percentage did little else to safeguard their data or to preserve their legal rights.

For example, even when users know they are sharing personal data with a site or service, four out of five users do not always read privacy policies and 12 percent never read privacy policies. Only 47 percent of the respondents reported that they always use separate passwords for sensitive data, and only 13 percent said they never share permissions with family or friends.

Maybe we hope to mitigate some of our trusting nature by giving out false information — more than half of those surveyed give incorrect personal data when creating an account at least some of time. But, a staggering 44 percent say they always provide correct personal data. Apparently we are large and contain multitudes.

A good example of this can be found in the chart below, which compared the U.S. response on two questions with the global average and three other countries. When asked if the government should ensure people’s right to access the Internet, the U.S. was surprisingly reluctant to agree with that statement when compared to the rest of the surveyed countries. Yet, like most other people, the U.S. sees the Internet as a source of knowledge. Apparently we recognize that the internet is awesome, but aren’t willing to ensure everyone has access to it.

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

• 12 tech leaders’ resolutions for 2012
• Connected consumer first-quarter 2013: Analysis and outlook
• Pinterest reawakens Napster-style debate over copyright

Current Macs use onboard password recovery tools, including a security question to remind you of what your password is. It’s a less-than-ideal arrangement to secure your devices; questions tend to provide clues to would-be thieves, and users tend to keep answers simple (i.e. words without additional numbers or characters) to ensure they can remember their own credentials based on the password question.

The system described in the patent would make it possible to not only keep a password retrieval tool off of the device by shifting its storage to the power adapter, which often aren’t stolen alongside notebooks, smartphones and tablets. It would also make it easier for users to switch to more secure, more complex password strings. That’s because an external “password recovery secret,” as the patent describes the hint system, could be more exact, since it exists off-device. In the images accompanying the patent, for instance, merely plugging in the adapter results in password retrieval and display.

In case of the loss of hardware, the patent also describes other systems for retrieval. You could back up your system to multiple peripherals that connect via hardline to your Mac, like printers and secondary power adapters, and also retrieve it from a remote server over a network. The real advantage, though, is in the ease of retrieval from a hardware source.

Apple patents don’t always make it to production devices, but this system looks like a good way to encourage safer security practices among the general computing population. It reminds me of the security keys MMOs like World of Warcraft  and Star Wars: The Old Republic use to add another layer of protection to users’ accounts via external devices. And as a low-cost (it really only requires the addition of a very small storage memory module to power adapter devices), optional security feature that adds a lot of value, it would appeal to consumers and business users alike.

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

• Research In Motion: future scenarios for its fate
• Connectivity means making the machine disappear
• Connected consumer first-quarter 2013: Analysis and outlook

Here are the eight apps contained in the bundle, which is available for just $50 for another 9 days:

• 1Password. One possible cure for all the rampant hacking of major sites and services going around is keeping incredibly complex, different passwords for each of your online accounts. But that’s almost impossible to remember. So use 1Password, which lets you store hundreds of distinct logins in one place. Just make sure the master password and PIN you choose to keep all that info safe is solid. 1Password is also great because it plugs into iOS apps to sync your login data across devices.
• Billings. Time-based billing is a chore that no freelancer enjoys, but apps like Billings at least make it easier than if you’re doing it using templates in Word, for instance. Billings has awesome time tracking tools that integrate into your Mac menu bar or can be operated with hot keys, and an iPhone app that syncs info with the Mac version.
• TextExpander. Thanks to keystroke shortcuts, customizable abbreviations and one-click coding shortcuts, this is the text editing tool that becomes the default mail composer, form-filler and report preparation tool for many a Mac freelancer.
• LittleSnapper. Take screenshots, send clients design samples, and save website effects that you want to recreate yourself. If you’re building a design inspiration scrapbook, you no longer have to depend on scissors and magazines. Annotations and tags make keeping your screenshot connection organized and highly searchable.
• WriteRoom. Distraction-free writing is a bit of a trend, and freelancers who do a lot of writing appreciate the benefit of being able to shut out the many demands for attention that a computer brings with it. WriteRoom is a solid distraction-free writing client that’s been around for a while, and you can sync with an iPhone client, too.
• Radium. Some people can work without a background soundtrack, but I am not one of those people. You might have jumped to something like Pandora, or the hot new kid on the block, turntable.fm, but if you prefer the set-it-and-forget-it ease of Internet radio, Radium is a good OS X front-end with a huge database of available stations.
• Arq. Backing up your data is key when you’re a freelancer, because no one but you will be responsible for preserving your documents in most cases. Arq is an OS X client that plugs into Amazon S3 cloud storage (which you have to sign up for separately) to keep your offsite backup needs taken care of.
• Alarms. This is a small utility that mostly resides in the OS X menu bar, syncs with iCal and can remind you about just about anything you need to do during the day. It offers drag-and-drop simplicity, so drag URLs from your browser or a file you need to work on from the finder, or just about anything else to bring up the reminder creation screen.

The total cost of all these apps taken alone is somewhere around $300, so if you’re a new (or experienced) freelancer looking to pick up a complete toolbox without straining your gray matter or your wallet, this is definitely a no-brainer.

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

• Connected world: the consumer technology revolution
• The Future of Workplaces
• The Future of Work Platforms: An Overview

So Many to Choose From

SplashID couldn’t keep up with the times (it was slow to offer sync and multitasking support was not up to par). But what password manager to switch to?  I turned to an App Store search technique I’ve perfected:

1. Use a search term to find a collection of apps that suit your needs.
2. On the iPad, iPhone and Mac App Stores, filter out everything but those ranked four stars and above.
3. Sort by popularity.
4. Ignore the free apps (everyone rates free apps higher because they are free).

And there you have it: a short list made up of 1Password, mSecure, and DataVault.  Keep in mind that I also took the number of comments across all versions into consideration, as well as the fact that there was an iPhone, iPod and Mac version available.

mSecure ($14.99 for Mac, $4.99 for iPhone/iPad). On the surface, it appears to meet all my minimum requirements for a password manager. Data is secure with 256-bit blowfish encryption.  There is an iPhone, iPad and Mac version.  All three versions can automatically generate strong passwords.  It supports multitasking on iOS devices, and you can sync data from one account to multiple iOS devices. The multitasking support is what I really noticed.  mSecure doesn’t get too fancy with protecting your data in a multitasking iOS environment. mSeven’s mSecure has the multitasking transition down and have successfully implemented a working auto-lock feature. After porting my data over from SplashID into mSecure, I found I had other needs as well.  I wanted categories and the ability to customize field names on an item without having to create a new type.  There is the ability to create custom types, and in these custom types you can define any number of fields you like.  Overall, for a $20 total investment, it’s a solid offering and has everything one needs to manage their passwords effectively.

DataVault ($19.99 for Mac, $19.99 for iPhone/iPad). Stepping up in both price and features, Ascendo’s DataVault is a solid performer as well. If you want more control over your secure items, and you can handle a little more complexity in order to get that control, then DataVault is the tool for you.  It has everything the mSecure has to offer and a little bit more.  mSecure’s concept of types is akin to DataVault’s implementation of templates. DataVault also has types and even categories, but these are used more for organizing records than defining them.  It was the user interface that left me wanting.  Pardon my saying, but the app was more Android than iPhone.  I had all the features and control I wanted, but the look and feel, while certainly high-res, was a little rough around the edges.  After using DataVault for a while, I actually started to prefer mSecure’s simplicity, and was convincing myself that the control I thought I wanted, wasn’t what I wanted at all.

1Password ($39.99 for Mac, $9.99 for iPhone, and $9.99 for iPad). Weighing in at a whopping $60 for the bundle, 1Password is definitely the most expensive of the three solutions.  There’s a universal iOS version for $14.99 if you need both iPhone and iPad versions. This is the only one of the three that is not for sale via the OS X Mac App Store, which means you’ll have to purchase additional licenses to run it on multiple Macs (a family pack is available for $69.99).  1Password is very different from the others in that you are almost forced to live with a limited set of ‘vaults’ to store your secure items in. But you can customize each and every item by adding fields and renaming field names.  The workflow for creating a new item takes some getting used to.  Since the only way to generate a strong password is to create a password item first, then create the full item you really care about in one of the vaults.  That being said, the Mac version is the deepest and most feature-rich password manager of the three.  With full multi-device Dropbox sync support, complete browser integration with auto forms, and a truly unique feature called 1Passwordanywhere that proved to be quite be useful when installed on a USB key, 1Password does earns its keep. It has a polished look and feel throughout and gives you control in places you never knew you wanted control.

Conclusion: mSecure for Most, 1Password for the Rest of Us

I was originally tempted to settle on 1Password without trying alternatives, but I never would have met mSecure had I done that. With its simple design and straightforward approach to managing passwords, it’s everything almost anyone would ever need in a password manager.  I would definitely recommend it for the $20 complete price tag. While DataVault was certainly more of a match in features to SplashID, its user interface and overall design left me wanting, quite frankly, less. Which brings me right back to 1Password.  It’s definitely the most expensive password manager out there.  Is it worth it?  You do get what you pay for.  But if you don’t need all the features it offers, then perhaps mSecure is the right-sized solution you need.

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

• Survey: How apps can solve photo management
• Development strategies for the app-developer community
• A near-term outlook for the mobile app marketplace

I’m sure that you, as a web professional, know that it’s important to use a VPN or to encrypt your connection by using https:// whenever you can. But this might be a good time to remind colleagues and friends. And there are several ways of forcing secure connections.

With Firefox, you can use:

• HTTPS-Anywhere, an add-on that comes pre-configured with rules for over two dozen popular sites, including Facebook and Twitter. You can add your own rules, but you’ll need to edit an XML file.
• Force-TLS, an add-on that has a much simpler way of adding sites to connect with securely, but it doesn’t come with any pre-configured sites.

As far as I can tell, these two add-ons coexist gracefully, so you may want to have your less web-savvy colleagues install both. That way, HTTPS-Anywhere can take care of the popular sites, and others can be added to Force-TLS (using Tools-> ForceTLS Configuration).

With Chrome, you can use the KB SSL Enforcer or Force-SSL add-ons. There doesn’t seem to be an equivalent add-on for Safari yet.

For mobile devices, you’ll want to use a VPN. There are a number of VPN apps available for iOS and Android.

How do you keep your web browsing secure?

Related content from GigaOM Pro (sub. req.):

• Enabling the Web Work Revolution
• Report: The Real-Time Enterprise
• Who Owns Your Data in the Cloud?

Before the latest iPhone operating system arrived, the only choice in terms of iPhone security was to add a passcode to your device and ensure auto-lock was enabled. The passcode system, which is still in place, is a user-defined four digit number which, once entered correctly, allows a user access to a locked iPhone. For the majority of users this numeric-only passcode is a sufficient measure for keeping unwanted hands off your iPhone. Yet for those wanting a little more protection iOS 4′s new addition of a password feature can offer increased peace of mind.

Acting as a complimentary choice to the existing passcode system, setting up a more tricky alpha-numeric password is a breeze. As normal you will need to head into the Settings application and then select General. Once there you need to head into the Passcode Lock settings page, here you will see a new option titled ‘Simple Passcode’. With this option turned on, a simple four digit number passcode will be used, however if you turn it off the iPhone will present a full-keyboard, allowing a user to enter a more detailed password.

An alpha-numeric password can include letters, numbers and symbols, allowing for a far greater level of complexity and a harder iPhone to gain access too. As ever, in addition to the password system, the timer and erase data functions are still in place. Simple security!

A good password has to balance security with our ability to remember it, because minimizing the number of places that a password is written down or otherwise recorded is a good idea. It’s a tough line — the most memorable passwords are the easiest to crack, while the most secure are a jumble of characters that are impossible to recall. But there are some steps you can take to create a reasonably secure password that you’re less likely to forget.

1. Forget about amusing passwords. Among the most common passwords are those that seem to amuse the person creating them — there are plenty that use profanity or insults. Some sites, such as Twitter, have actually created lists of words that are banned from use as passwords. A surprising number of them fall into this category. Passwords such as these aren’t secure, if only because they’re relatively common and more likely to be tried first if someone is trying to crack your password.
2. Try longer phrases. Most of us have an easier time remember actual words and phrases than random assortments of letters and numbers. Using just one word, perhaps with a number tacked on to the end, is often less secure, however — certain methods of hacking passwords include simply running a dictionary through the password system. Using a longer phrase — especially if it includes numbers or other characters — makes it significantly harder to guess.
3. Use a minimum of eight characters. Longer passwords are better. Most sites require you to have at least six characters in your password these days. Some are moving up to eight, but if you can go for longer, you should. That’s another benefit of using a phrase.
4. Choose related, but not identical, passwords. You want to minimize the chances you’ll forget a password, but using identical passwords means that if one of your accounts hacked into, you’ll run the risk of having other accounts hacked as well. One option may be choosing phrases about the same topic, while another is changing key parts of your password to reflect the site you’re using it for.
5. Don’t use personal details. In the event that someone is hoping to gain access to your personal accounts, details like your phone number, employment details and important dates in your life will be among the first passwords typically tried. Instead, you want to use something that may have personal meaning for you — at least enough to help you remember it — but that won’t be easy for anyone else to guess.

How do you create secure yet memorable passwords?

Photo by Flicker user akeg licensed under CC BY-ND 2.0

Related GigaOM Pro content (sub. req.): Can Enterprise Privacy Survive Social Networking?

Despite these choices, I’ve pretty much been locked into either Firefox or Internet Explorer because of my reliance on the RoboForm password manager, which is only compatible with those browsers. The lack of Google Chrome support has been particularly frustrating to me. I’m impressed with the speed and resource management of Chrome, but without the easy access to my passwords that I’ve grown accustomed to, it hasn’t been an option for serious consideration. But a couple of recent announcments by Siber, the maker of Roboform, are changing that.

If you’re an adventurous soul, you may want to take a look at a public release of a Chromium build with an adapter that makes it compatible with the latest versions of RoboForm. Chromium is the open-source project that is the basis for the Google Chrome browser.

It’s an alpha build, and my browser is too important to me to risk using it for my day-to-day work quite yet — but it’s a terribly exciting development and shows the first real movement I’ve seen towards a port.

A more feasible option for most folks is to use the new RoboForm Bookmarklet which, in conjunction with the RoboForm Online service, provides access to your passwords from alternative browsers or on computers without a RoboForm installation. Drag the bookmarklet up to your toolbar and after logging in to your online account you’ll have access to all of your stored passwords.

The functionality of the bookmarklet is good, but isn’t yet a replacement for the full installed product. I find that the login expires quickly, requiring me to log in to my account frequently throughout the day, even after requesting it to remain active. I also miss the ability to create new logins on the fly, an option not available from within the bookmarklet.

On the plus side, one of the things I’ve always appreciated about RoboForm is the ability to maintain multiple password sets for a site and am glad to see that this feature is retained with bookmarklet access.

Both of these projects are still in their early stages, but really represent big steps toward cross-browser, cross-platform availability of a single password set.

How do you manage your passwords?

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

• What Does the Future Hold For Browsers?
• Disruptapalooza 2011: how Amazon’s Kindle is changing the portable media game
• HTML5’s a Game-Changer for Web Apps

To reset your OS X password without an OS X CD you need to enter terminal and create a new admin account:

1. Reboot
2. Hold apple + s down after you hear the chime.
3. When you get text prompt enter in these terminal commands to create a brand new admin account (hitting return after each line):
   • mount -uw /
   • rm /var/db/.AppleSetupDone
   • shutdown -h now
4. After rebooting you should have a brand new admin account. When you login as the new admin you can simply delete the old one and you’re good to go again!

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

• New challenges for the IT organization
• How do developers ride the Siri wave?
• Connectivity means making the machine disappear

1Passwd is a fantastic utility that saves all your passwords and unifies them across your many OS X browsers. It even manages your identities (aliases?) so you can fill out webforms with a single click. Until you’ve used it, it might not sound like something you need – that’s how I felt anyway. But after getting it through MacHeist, I couldn’t deny it any longer, and I paid for the upgrade.

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

• How fourth-quarter 2012 will affect IT spending in 2013
• Tablet market to hit over 377 million units by 2016
• How do developers ride the Siri wave?