Way back in the day, somebody was trying to sell a server with just enough operating system to start up and then run something else.  They called it, appropriately, JEOS, but they pronounced it “juice”.

Today I’m telling you about JES, Just Enough Security.

There have been lots of news stories recently about bad guys breaking into companies and stealing password lists.  The good guys have helped us fight back.  Since the lists are public by now, the white hats have collected the names and put up a search page so you can see if you’re affected: Should I change my password?

Go to the site, put in your email address, and see if the bad guys have gotten it.  A clean report looks like this:

The bad report, should you happen to get it, looks like this:

(and no, I don’t expect that it was really Bill Gates that had his email and password sniffed.  I think somebody entered that as a joke, and then the file was stolen.)

And then there’s a good piece of advice that’s hard to follow: don’t re-use the same password at multiple sites.  What do you do to have multiple passwords and still keep your sanity?  I’m going to start using Password Safe.  Open source, been around for 9 years, and it was originally designed by Bruce Schneier, one of the best security consultants I know of.  Also, it has passed my company’s software governance board, which means that I can use it on my work PC.

Will this web site and password keeper make you safe from all attacks?  Nope.  But just like the two guys being chased by the hungry lion, you don’t have to be faster than what’s after you.  You only have to make it not worth their while (faster than the other guy, harder to hack into).  And these work for that.