Customer Service

Churchill account security


Why you should avoid any website that emails you your password

The next time you sign up for a website or you click on the ‘Forgotten password’ link and they email you your password…. run! Delete your account and don’t use them.

Let me explain why.


Why many websites don’t have security as a priority

As part of my new job online security is paramount. To this end, for a number of months I’ve been ploughing through my online accounts and updating passwords to be unique and strong. A password manager is essential to this – I use LastPass but 1Password is also recommended. I also changed my email address recently too so I’ve been taking the opportunity to update that as well.

Unfortunately, some websites, and retailers in particular, don’t seem to want to help out, making it difficult, one way or another, to be as secure online as you’d like.


WordPress and Update Signing

So, you’ve created open source software to make it easier to provide update signing. It requires auditing but  you ask WordPress to implement it with their system but, for now, they decline, simply because it’s not something immediately planned. However, Matt Mullenwegg agreed to donate towards getting the audit done.

What would you do the next day?

I’m guessing it wouldn’t involve posting a massive rant about WordPress, but specifically aimed at Matt, about how much WordPress doesn’t care about security, even to the point of trying to make popular a hashtag of #StopMullware? Well, that’s just what Scott Arciszewski did, via Medium.

How To

How to clear your Chrome Passwords

For some time I’ve been using LastPass to manage my passwords (other password managers are available!) but have never fully moved over to using it full-time, because of the ease of just getting Chrome to remember my password instead.

Well, I’ve decided, and there are very good security reasons for doing so, to move full-time to LastPass. But how to do it?