Regex Password Vault Blog

Password Vault 5.1.6 released

by Shawn O'Hern November 4, 2014

New in Version 5.1.6:

  • Fixed bug with Google Chrome extension where closing Chrome would cause Password Vault to crash

Categorized as:

Heartbleed and Regex Password Vault

by Shawn O'Hern April 13, 2014

Heartbleed logoSome of our users have asked if Regex Password Vault is vulnerable to the Heartbleed bug. This is important information, so we want to share it with all our users.

Regex Password Vault is not vulnerable to Heartbleed. The Heartbleed bug is a weakness in how some web servers have implemented the SSL/TLS protocol. SSL/TLS is the protocol used in secure (encrypted) Internet communications. When you visit secure websites with an https:// address, it is SSL/TLS that is encrypting the connection. Heartbleed exposes a weakness that could allow an attacker to snoop on the data being transferred, despite the use of encryption.

Regex Password Vault works by storing your passwords locally on your own computer. It does not transmit your passwords over the Internet. Therefore, by design, Regex Password Vault is not affected by the Heartbleed bug.

With that being said, it is wise to change the passwords to all your online accounts. Online services could possibly be affected by Heartbleed, depending on which type of web server they use. The best way to find out if the services you use are affected is to contact the companies that operate each service. If you cannot find information for a specific service, then it is best to change that password.

For more information about Heartbleed, please see http://heartbleed.com/ or http://en.wikipedia.org/wiki/Heartbleed.

If you ever have any questions about the security of Regex Password Vault, please contact us!

Categorized as: Personal Security, Security News

Password Vault 5.1.4 released

by Shawn O'Hern May 2, 2013

New in Version 5.1.4:

  • Improved Keystroke AutoComplete: it is now more reliable and we have added support for Remote Desktop
  • Password Vault now checks for website icons when upgrading Password Vault 3 files and importing CSV files

Categorized as: Announcements

Password Vault 5.1.3 released

by Shawn O'Hern March 9, 2013

New in Version 5.1.3:

  • Fixed a bug that caused the Options dialog to crash the application

Categorized as: Announcements

Password Vault 5.1.2 released

by Shawn O'Hern March 9, 2013

New in Version 5.1.2:

  • Fixed a memory leak with the notification area (system tray) menu that can cause crashes after an extended period of usage
  • We have also added Form Filler AutoComplete support for Pale Moon, an independent browser based on Firefox. If you use this browser, be advised you have to manually install the Firefox extension into Pale Moon before AutoComplete will work. Please contact us for instructions on how to do this.

Categorized as: Announcements

Password Vault 5.1.1 released

by Shawn O'Hern March 4, 2013

New in Version 5.1.1:

  • Fixed scroll bar bug that was causing program crashes on some Windows XP systems

This release is a fix for a specific reported issue. There are no other significant changes in this version.

Categorized as: Announcements

Don't reuse passwords

by Shawn O'Hern February 25, 2013

In light of the recent attacks on Twitter, The New York Times, Zendesk, and several other companies within the past month, I thought it would be a good time to discuss the dangers of using the same few passwords everywhere.

Imagine that one day, a website or service you use suffers an attack. Your password and some other personal info is leaked as part of the data breach. If that password is unique to that one account and used nowhere else, as unfortunate as the attack would be to you, at least the damage will be limited to that account. But now imagine that password is the same password you use for your online banking, webmail, or any other sensitive accounts. Suddenly you are in much more danger. If the attacker uses the breached password to access those other services, he or she will be able to wreak some serious havoc on your life.

Unfortunately, this is not just a theoretical threat. This sort of thing happens quite frequently and can lead to identity theft. If an attacker steals credentials to one site or account, he or she will try using those same credentials to log into other sites to see if they work. So if you are in the habit of using a few favorite passwords everywhere, stop it! Believe me, I know it's a hard habit to break. I even catch myself reusing passwords sometimes, either because it's too hard to memorize new passwords, or just out of sheer laziness. But it's just something we have to do. Online security and identity theft are not things to be taken lightly. Regex Password Vault is one of the most secure and convenient ways to store large numbers of passwords. When coupled with the built-in random password generator, it is super-easy to use strong and unique passwords for all your accounts.

We plan on adding a tool in a future release of Password Vault that will smoke out any duplicate passwords you may have in your Vault file. More details about this will follow.

Categorized as: Personal Security, Security News

Password Vault 5.1.0 released

by Shawn O'Hern February 25, 2013

New in Version 5.1.0:

  • Added a logging feature so you can maintain a log of all revisions made to your Vault file. This feature is turned off by default. See this help article for details.
  • Small improvements to UI and documentation
  • Fixed bug affecting Vault files saved on network drives
  • Fixed bug affecting Vault files that are concurrently edited by multiple users

Categorized as: Announcements

Password Vault 5 launched!

by Shawn O'Hern February 4, 2013

Regex Password Vault logoWe have launched! The beta is complete and Regex Password Vault 5 is now available to the public. We thank all our beta testers for helping find issues with the new version and providing feedback to us.

Password Vault 5 is a major upgrade. We have made hundreds of improvements to existing features and we have added many new features based on customer feedback. Click here for a list of the biggest changes. We invite you to check out the new version and download a free trial from our website.

Existing users can upgrade for a significant discount. If you have purchased a full or upgrade license in the past 12 months, you are entitled to upgrade for free! All other customers are eligible for a 60% upgrade discount. Click here for details.

Categorized as: Announcements

Security questions: What to do when you encounter them

by Shawn O'Hern October 30, 2012

Picture of security questionsYou have probably seen these things popping up on many websites in the past few years. Security questions and answers are all the craze in the field of cyber pseudo-security these days. When you sign up for an account, you provide answers to questions that supposedly only you would know. Then, if you ever forget your password, you can provide the same answers to prove your identity and reset your password.

Sounds good, right? The problem is that the questions themselves are completely inane. They require answers that can be easily guessed or researched, for example, What's your pet's name, or What's your mother's maiden name. To an attacker who has the ability to launch brute-force dictionary attacks, and who has access to social media and Google, these questions pose no barrier to entry. In fact, they completely circumvent the password-based security of your account. If an attacker can just successfully answer the questions, then he or she can reset your password to access your data, and worse yet, lock you out of your own account.

How should I handle them?

So what should you do when you're forced to give answers to these security questions? Well, the number one rule is: never answer them truthfully. The absolute least you should do is give false answers. That way, you will trip up would-be attackers who will try finding the answers to your questions through research. This isn't a lie detector test. It doesn't matter if you lie to a website about your favorite color...as long as you can provide the same answer later when you need to reset your account. So even though you have a fondness for periwinkle, say sea foam green instead.

The better solution, however, is to use random text for your answers. What was your first car? uCnyprOz4cl02AVO5gH8No. What is your paternal grandfather's first name? Why, atKIne9qe0m2y9 of course! Random text generated by a password generator is impossible for an attacker to predict.

How can Password Vault help?

Okay, so now what do you do with all these random answers that you need to keep track of? Fortunately, Password Vault makes it easy to store security questions and answers along with your passwords. In addition to the standard username, email, and password, Picture of custom fields in Regex Password Vaulteach password record can also store a number of user-defined custom fields for additional data. These are perfect for storing your questions and answers.

 In Password Vault, create a new password or edit an existing password. On the Password Properties dialog, in the lower-left corner you will see an area labeled Custom fields. This is where you want to put your security questions and answers. Put the question in the Name box, and the answer in the Value box.

By following this best practice, you will greatly increase the security of your online accounts.

What is Regex Password Vault?

Regex Password Vault is a password manager and form filler for Windows. It simplifies your life by remembering all your usernames and passwords for you, saves you time by logging you into websites and filling out long web forms with a single click or keystroke, and keeps you safe online by making it easy to use strong, unique passwords for all your accounts!

Introduction
Features
System requirements
Download a free trial