Online Security Part 4 – Even More About Passwords

As explained in the last post in this series, a good password manager is critical to staying safe online. It is also the key to working efficiently. With more and more websites requiring a new login each time they are used, the lowly username screen has become a source of stress for many.

Luckily, there are many options and here is a summary of the best of them.

1Password is definitely at the top of the list and well worth the small cost of $3 a month. It works on MacOS, iOS, Android, and Windows devices and can synchronize passwords between them. It even has a family plan for $5 a month that can organize shared passwords while still allowing each member to store private ones in the same account. As a bonus, it can store much more than passwords, including WiFi logins, credit card information, drivers license, and secure notes. Finally, it has a well written tutorial for new users that can be found here.

The next option is for MacOS / iOS users and is called iCloud Keychain. Apple’s free solution is great due to the integration with their default browser Safari. Once turned on, it fills in passwords automatically, suggests strong passwords for new websites, offers to save existing passwords, and synchronizes passwords between devices logged into the same iCloud account. It can also securely store and fill in credit card information to making online shopping quicker. The website 9to5Mac recently published a post on iCloud Keychain that is worth reading, “iCloud Keychain and Answering Your Common Password Management Concerns.”

For Windows users, Microsoft’s Edge browser built-in password management is fine too. For complex reasons, it is a little less secure than professional solutions, but better than nothing. The biggest drawback is that it cannot synchronize passwords between Windows and a mobile device like an iOS or Android phone.

Finally, KeePass is a free and open source password manager, but more complex to install and use. You can find it at http://keepass.info/.

There is a constant stream of online articles on the best practices for password management. The 9to5Mac posts, “How to Approach and Manage Passwords” and “How to Implement and Benefit From Password Management Software” dive deep into the subject. For people short on time, they both end with an excellent summary simply called, “Do This.” So what are you waiting for? Do This!!!

Online Security Part 3 – More About Passwords

(This post is part of an ongoing series on Online Security. The other parts can be found here.)

These days, almost everybody has dozens of online accounts most of which are tied to their email address. It is tempting to reuse the same ‘easy to remember’ password but securing online accounts such as banking, email, Facebook, App Stores, and others with strong, unique passwords is critical to staying safe online. Email accounts are especially tempting targets for hackers because they not only provide the usernames for other accounts, but they also can be used to reset passwords and spread malware to other users.

For example, as reported in the news last December, hackers currently have data on over 1.5 billion Yahoo accounts. The Wikipedia article (https://en.wikipedia.org/wiki/Yahoo!_data_breaches) states that in the first part of the attack “The hackers had obtained data from over 500 million user accounts, including account names, email addresses, telephone numbers, dates of birth, hashed passwords, and in some cases, encrypted or unencrypted security questions and answers.” Hashed passwords can be translated as encrypted passwords, but to make a long story short, easy to guess passwords such as ‘123456 or qwerty’ are so common that hackers don’t even need to break the encryption.

Since user names are known by many other terms such as account name, user, user ID, email, login, login id, and screen name, this Yahoo data is an excellent starting point for more serious hacking. However, finding the time to change passwords is a daunting task. Each website’s password change option is in a different place and requires entering the old and new passwords. Then the new password has to be recorded somewhere safe. In a family, some of these new passwords also have to be available to others.

The good news is that the change doesn’t have to be done all at once. It is easier to start with the most critical accounts such as email, banking, computer locking, and cell phone passcodes. Next other accounts can be updated such as social media, utilities, games, etc. little by little as they are used. The problem then becomes how to safely store those passwords. Many people store them in a small notebook next to their computer or in a text file on the desktop named PASSWORD.TXT. Please do not do that! The next post will provide several options for storing and automatically entering safe, strong passwords. As a teaser, if you don’t mind paying less than the cost of a latte a month, try 1Password from AgileBits. It can automatically securely store, enter, and share passwords. Ahhh, finally a world where only ‘1Password’ has to be remembered! (https://agilebits.com).

A Lesson in Greatness from Meryl Streep

“The sense of truth, the character, the relationship with objects, and the body language.”

At almost the two hour mark during the Academy Awards last weekend, Javier Bardem introduced these attributes as “the four miracles of acting” and explained them through the performances by Meryl Streep and Clint Eastwood in the 1995 movie “The Bridges of Madison County.” In a larger sense, they can also be considered keys to all great work. A chef who creates a delicious and healthy new dish, an airline that provides an extraordinary inflight experience, and companies that build particularly powerful products or services are all artists expressing a combination of these traits.

First, the Sense of Truth is the most critical factor and is also known as right intent. Is there an intent to develop a great product that inspires and enables creativity or is the focus to make something not so bad that customers will go elsewhere? A creator’s passion is a magical force that can influence everything from a single work of art to a complex piece of technology made by thousands of people.

Corporations are not run by artificial intelligence, they are run by The Characters, i.e. people. Managers have a special responsibility to lead in creating and maintaining a healthy corporate “personality.” Narcissism, immaturity, power trips, and other neurotic behaviors can quickly contaminate a company’s culture.

The Relationship with Objects refers to how a product or service interacts with the intended user. An airline can provide inexpensive flights, but still be on-time and award valuable perks to good customers. A consultant can be paid on a fixed fee basis, yet still go the extra mile to provide the best service possible to clients.

Finally, body language is the non-verbal part of how a company presents itself to the world. Beyond the glossy marketing materials, special promotions, and written promises is a grey area of customer service, technical support, complaint resolution, and community involvement. Some companies are arrogant, charging for every little extra and focusing on “keeping costs down” through shoddy customer service. Others are generous yet sensible, providing a good product at a fair price while still making a healthy profit.

In an age where more and more customers are quietly making a statement with their wallets, it pays to take notes from the best in the most competitive occupation, acting. Who knew that a slow dance between Meryl Streep and Clint Eastwood could be so inspiring?

Original poster designed by Bill Gold

Sound Matters: Booting Up My Old Computer

Here’s a blast from the past to end the week thanks to an article in The Verge this morning, “Happy fourth anniversary to my favorite tech video, ‘Booting up my old computer’,”

While the techno nostalgia is fun, The Verge article focuses on the power that the sounds convey in the associated YouTube video: a spinning hard drive accessing, the high pitched whine of an old CRT, the CD tray opening and closing, the sighs of the user trying to recover files from an ancient Acer computer, and the finality of decreasing pitch at the moment of shutdown.

While “a picture is worth 1,000 words,” sounds evoke emotional content like nothing else can. As The Verge writer beautifully concludes, “Next time we review a new Chromebook, smartphone, or VR headset, I’ll think more about what the experience is like for the ears, not just the eyes and fingertips. Because four years later — or 10 or 20 — it will be the sound that’s still stuck in our heads.”

Sound matters…

Online Security Part 2 – Malware for the Rest of Us

(continued from Part 1)

However most malware is typically more subtle. A common sign of infection is when an internet browser (Internet Explorer, Edge, Chrome, Safari, etc.) displays a different website than the user types in. This can also happen to links clicked on from a Google search. The technical terms for this malware include a “browser redirect virus” or “browser hijacker.” It can also change the homepage, add new toolbars, display advertising, and create pop-up messages even when not online.

Other signs can include a computer that suddenly runs very slowly, constantly crashes / freezes, or if a user discovers new icons that appear on the desktop. Malware is a very complex topic, it can be difficult to detect and remove even for experts. Worse still, it can include spyware that steals passwords and emails itself to others so it’s obviously best to avoid getting it in the first place.

One key to avoiding malware is to think before clicking on any link online. Dangers can include free software downloads, links on shady websites of all types, downloading a “required” video player, and clicking on online ads. Even plugging in a friend’s USB memory stick can deliver malware. Another way it can be installed is through something called “social engineering” where a user is tricked into clicking on a dangerous link through a carefully written fake email, text, or instant message. These messages are also known as “phishing campaigns” and they can be VERY convincing (even coming from friends).

To summarize, here are a few tips for avoiding malware. Keep in mind that each of these suggestions could be expanded into an entire post!

  • Make sure computer and phone software is kept up to date (if you’re still on Windows 95, you’re really in trouble).
  • Never click on links or open attachments in messages from unknown sources. Unexpected messages from known sources should be also be treated with suspicion since some viruses can access a user’s email and send a message to friends in their entire address book.
  • Never click on links in emails from banks, Apple, Google, Microsoft, etc. Access the website directly.
  • Backup regularly! Backups are an effective way to recover from digital and physical disasters if the 321 rule is used: three full backups on two different types of media with one copy stored “somewhere else” (more details in a future post).
  • On Windows, at least use Windows Defender (anti-virus software is a massive topic on its own).
  • Use strong / unique passwords and a password manager. Two factor authentication is an advanced technique that is also very effective for securing critical accounts such as email, banking, and social media (another topic for a future post).
  • Look for secure connections to websites (the padlock symbol = HTTPS) and logout when done. The padlock is in different places on different computers / browsers. Some examples are below.

Additional Resources:

  1. Glossary – https://www.f-secure.com/en/web/labs_global/terminology
  2. General Articles – https://www.f-secure.com/en/web/labs_global/articles
  3. Symptoms – https://blog.malwarebytes.com/101/2016/05/how-to-tell-if-youre-infected-with-malware/
  4. Google Safe Browsing – https://www.google.com/transparencyreport/safebrowsing/
  5. Google Malware Efforts – http://www.theverge.com/2017/1/25/14391462/gmail-javascript-block-file-attachments-malware-security
  6. Google Malware Video – https://www.youtube.com/watch?v=uJRqZTNMCMo
  7. Antivirus? – https://arstechnica.com/information-technology/2017/01/antivirus-is-bad/
  8. Ransomware – https://www.f-secure.com/documents/996508/1030745/Ransomware_how_to_ppdr.pdf
  9. Phone Malware – https://arstechnica.com/security/2016/11/1-million-android-accounts-compromised-by-android-malware-called-gooligan/