I recently had reason to question the security of my phone which led me to thinking about what services I've placed my trust in.

Back in December I purchased a HTC Hero and quickly found HTC slow at updating the Android OS. Being the geek that I am, I rooted the phone and started using custom ROMS. All was well until last weekend when I installed a new ROM that was so overly customised I was concerned about the safety of my Google account.

I use Google a lot, they have my emails, SMS messages, credit-card details, budget spreadsheets and more. So it's fair to say I prize my Google account and make sure its protected with a strong password. So when this ROM asked for my Google account name and password, it was pause for thought; What's stopping someone from adding code that collects my account details? It hasn't been officially approved. I'm downloading it from a public forum, sometimes from file sharing sites such as RapidShare. The full source code isn't available, and even if it was, how am I sure the binary was compiled from that source? The answer is I can't be sure. I'm taking a risk and placing my trust in the good will of a stranger.

There's always a level of trust asked of us when we use technology. From Window's OS to the Linux kernel, we hope that commercial interests and peer review will protect us. So what happens when small, immature services ask us to hand over our passwords?

One solution is oAuth, eliminating the need to pass your credentials directly but instead deferring to the original provider. This allows for granular control over what data can be accessed and providing a way to revoke that access. Twitter, Android Apps and even Facebook are all examples of this oAuth model.

So it's a shame to see websites still asking for your prized passwords. For example, many social sites will ask for your Google user name and password so it can connect with your friends. This is a bad precedent not only because it trivialise the importance of security but there's no assurance that a rogue employee, error log or cache dump wont let slip your precious password.

So what can be done to protect your accounts? Vigilance, common sense and a small amount of paranoia will all help. Regularly checking and pruning what has access to your accounts, such as your Google account, applying the Duck test, and searching for chatter around any new service are all good preventative measures that will help keep your accounts safe. But its also import to put pressure on those sites that ask for account passwords, pushing them to transition over to more secure techniques like oAuth.

Checking my HTC Hero custom Android 2.1 ROM mobile this morning I was alerted to a security problem. The browser certificate on google.com was throwing up security warnings. On closer inspection it seems the certificate was issued by the "google interenet authority".

I really don't like the smell of this. Either Google are trialing something that has accidentally been exposed, or more likely, there is something malicious going on with the custom ROM.

It was not so long ago since a password mangers where unnecessary. The only password you needed to remember was for your work computer login and a credit card pin number. However, with the rise of the Internet and the growth of website services such as Gmail and Facebook, the number of passwords you need to remember has increased dramatically.

Choosing a secure password is essential. For example, I use Gmail as my central hub for all websites. Online banking, social networks, and every web service I sign-up to has my Gmail email address as its primary point of contact. The one thing all these websites have in common is they allow you to reset your password by sending a confirmation email. If someone has access to that central email account, then they have 'sunk your battle ship'. This is not a hypothetical either, Twitter was compromised in this exact manner.

So what's the solution? A unique, strong, difficult to guess password for ever website. And there in lies the problem. With people using many different websites, it has become effectively impossible to remember so many different passwords. This is not a new problem and there have been many solutions proposed, from the browser storing the passwords to dedicated password managers installed on your computer. However, these solutions are out-of-step with how people use the Internet today.

People are becoming much more mobile. The days of the Internet being restricted the home office computer is quickly being replaced by iPhones, netbooks and touch-screens on planes. Having all your passwords stored on the home computer doesn't help you 10,000 feet above the Atlantic. The issue is mobility. How can you carry that database of passwords with you wherever you go.

The first attempt to carry passwords with you was the thumb-drive. It was a logical step. You carry keys everywhere, your thumb-drive is on the key-chain, why not copy the password database onto there? And why not, it's a good solution. There are a few issues however. Having to get out your keys every time you need a password can be a hassle. Andy dhat if you lose your keys? Or there's no USB port. Then you're out of luck.

Then came along accessible online storage, also know as 'the cloud'. Data was no longer siloed on individual computers. Software solutions appeared that took advantage of this cheap and abundant storage; Allowing syncing of data between different computers and ensuring consistency between locations. It was then a small step to move the password database onto this new system and the omnipresent password manager was born.

The current leader in cloud based password storage is LastPass. A small, but growing, company based in Virginia, US. Their success is down to a multi-platform approach to their software. Working on different browsers, operating systems and most importantly, mobile phones, the software allows access to your passwords whereever you are.

LastPass is not the only option. I myself use a more complicated make-shift solution involving SuperGenPass, KeePass and Dropbox. Overly complex I know, but I like full control over my data.

What is certain is online security is becoming more important as we move more of our lives online. Where once we only had an email account, we now have banking details, shopping history, social network relationships and soon health records. The days of using one simple password for every site is behind us. And while stronger passwords and online data storage is a good interim solution, a more convenient and universal solution is required.

With the ever increasing popularity of Netbooks, more and more people are using laptops at work and at home. Yet, I find it disturbing how few people protect their laptops against lose of theft.

Just think for a moment, if you were to lose your laptop right now what information would be on there? Website log in details, facebook passwords, personal emails? What about your IM chat history and all those "downloads"? You get the picture. That's why it's important to encrypt your laptop.

It is not enough to just have a log in name and password, even a novice techy can remove the hard drive and look at the file contents via a HD caddy. To truly secure your data you need to encrypt the data. Encrypted data cannot be viewed without the secret pass-phrase.

So how do you encrypt your laptop? Well that all depends on your laptop's Operating System. The most popular OS is still Windows and for that TrueCrypt is the best option.

TrueCrypt is an open-source encryption tool that can secure data in many different ways, but one of its more impressive features is the ability to encrypt your entire Windows hard-drive. It will sit in the backing and work away at securing all you data. Once finished, every time you boot up you'll be asked for the secret pass-phrase, without this no-one can view the data contained within.

Unfortunately, TrueCrypt does not currently support full drive encryption on Mac or Linux systems. However, both of these come with their own solutions. Mac has FileVault and the Ubuntu distribution of Linux now comes with an install option to encypt users /home directory.

Whatever solution you use, it is essential to secure your data. With free and built in solutions now available on all platforms, there really isn't any excuse not to encrypt your laptop.