Posts Tagged ‘passwords’

I Really Hope By Now You Know Better

imageHere’s the article, the rest you’ve heard from me before regarding crazy simple passwords….  http://www.mysinchew.com/node/112775

“fourwordsalluppercase” (What’s so hard?)

Yes, I truly understand why you find passwords confusing, does this one make your brain melt?

 

Hello? Passwords? Use Different Ones!!!

Another week of security breaches this week.  The Trump hotel system it was recently found was hacked similar to how Target was hacked a year or so ago.  It took a year to discover it, so if you stayed at any Trump properties in the last year, keep an eye on your credit card statements.

15 million T-Mobile customers had information stolen because the hackers got into Experian, who did the credit checks for T-Mobile.  The credit reporting side of Experian was NOT hacked, just the part that does credit checks for in this case, T-Mobile.  It seems they got names, birth dates and SSN’s, so identity theft is an issue here.  T-Mobil is offering a year of credit watch service, ironically offered by Experian (go figure.)

And on Saturday we found out Scottrade was hacked.  Scottrade didn’t even know it, the FBI somehow figured it out and told Scottrade.  It happened between late 2013 and early 2014, so I imagine if you’re a victim, the damage has been done by now.

If you think you may have been affected, contact the credit reporting agencies TransUnion, Experian and Equifax and put a freeze on your credit profile.  That way no new accounts can get opened.

Use a different password at each site you log into, that way if a hacker gets your password to one site, it won’t work at another.  Yes, I know it’s hard, but safety required effort – such is life.

LastPass Basics – The BEST Password Manager

LastPass is a great tool for managing your passwords.  As I mentioned in my August 2010 article, having good passwords is essential to keeping your information secure.  But having good passwords AND remembering them is almost impossible to do, so that’s why you need to go to www.lastpass.com and download LastPass.  The name LastPass is reference to “The Last Password You’ll Have to Remember!”  With LastPass you only have to remember one really good password – your “master” password.  This master password unlocks your vault, allowing LastPass not only to remember your usernames and passwords, but now it can fill it in for you the next time you visit the site.  Most browsers already have this capability, but they are not secure and easy for a bad guy to see.  All you data in LastPass is highly encrypted, and without your master password, all anyone can see is gibberish.

The advantages of LastPass are many: 1) your vault is stored encrypted on the web and is accessible to you from any computer, anywhere.  2) It works with all the major browsers.  3) It works on Windows, Mac and Linux, so the password you created on your Windows machine at work will be available to you on your Mac or Linux machine at home.  4) It’s FREE for use on your computers, and for only $1.00 a month you can access to your login information on your smartphone (iPhone, BlackBerry, Windows Phone, Symbian and Android phones.)

Here’s 1 minute video on the basic function of LastPass:

                          

So give LastPass a try.  I’ll posts later on some of the more advanced but very cool features of LastPass.

Why You Need Secure Passwords

I can’t tell you how many of my clients were using the names of their dogs, or their own names, or their children’s names as their single password to everything – including their BANK, the same password everywhere! All it takes is a bad guy to capture your password at one location or web site, and now he has the keys to the candy store. Of course, if your password is based on common names or words found in the dictionary, he won’t need to snoop or even guess your password. They use programs that run the dictionary and simple variations (like adding “1” to the end) against your login and wait to get lucky, these are called “brute force” attacks. If you have a common 6 character word as your password like “flower”, a hacker will get it in about 3 minutes.

Let’s start by talking about random numbers – like the PIN you use with your bank debit card. Using 4 spaces (or positions), and the numbers 0-9, there are exactly 10,000 variations possible (0000 counts as one possibility.) So there are 10 digits (or characters) and 4 positions, this is 10 to the 4th power (or 104.)

Now let’s add the alphabet. Most passwords are case-sensitive, so including both upper and lower case characters; we’ve added 52 possibilities to each position. With 62 characters, those same 4 positions now have 624 (sixty-two to the fourth power) possibilities, or 14,776,336 different combinations. 14 million combinations still isn’t a big task for a computer to work on, that can easily be done in less than a day (and computers don’t need to take breaks.)

The minimum length you need for a secure password is 8 characters. 628 gives you over 218 trillion combinations. Many websites also allow “special” characters (like [email protected]#$%^&*()_). So let’s add 12 special characters to the mix – we now have 748 and almost 900 trillion possible passwords. Now you have a password that probably won’t get cracked in your lifetime and frankly, unless you’re a high level government official, a spy or maybe a CEO of a major corporation.

So what does this secure password look like, oh – something like this: [email protected]&#2. Now, I know with some practice you would be able to remember a password like this, BUT we don’t want to be using the SAME PASSWORD for all our logins. Unless you are some kind of savant like Dustin Hoffman in Rain Man, you’re going to need help. Read my article about Lastpass in the Apps/Tools category, this is a FREE tool that integrates with your browser to SECURELY remember all your logins and passwords. It also will generate secure passwords for you and safely store any other information you wish to keep safe.

So now you know what a secure password is, and that you need LOTS of them to keep your personal information and identity safe from thieves. Check out Lastpass, it’s free and not hard to use.

Until next time….

Laurie Scott / Tek-Chic Systems
“Because Everybody Needs a Geek in Their Life”®

Are You Broadcasting From Your Home?

You Might Be and Not Even Know It

Laptop computers have made computing mobile and very convenient. Wireless routers in our homes have made it possible to use our computers anywhere in the home, and not just where the connection comes into your home.

If you have a wireless router at home, then you are using one of three possible levels of security, 1) none, 2) poor and 3) what you SHOULD be using. “None” is real simple, open the box, plug in the router, connect to the Internet. With this connection, ANYONE within range, meaning your neighbors, passersby and that annoying teen-age kid down the who likes to hang around your house in the evening can use your wireless network to access the internet or worse, access your computers at home. Also, any illegal activity over the Internet is going to be traced back to your home, not to the person or computer that may have done it.

I often tell the story of the time I moved here to Austin from Sacramento 5 1/2 years ago over the Thanksgiving holiday. I stayed overnight with a friend in Flagstaff, Arizona at her parents’ home. Lots of relatives were there and they all smoked (and smoked a lot). Even though it was 35 degrees outside, I went and sat in my car for an hour just to breath fresh air. While in my car I powered up my laptop and discovered a completely unsecured network within range. I connected to it and took the opportunity to check my email and do some web surfing. Then the good Samaritan in me decided to do them a favor. I figured they hadn’t changed the default password on their router, and sure enough I was right. I logged onto their router and took a screen shot of it. Since they were also using the default name for their computer network, I changed mine to match and could see that they had a computer turned on with one of their hard drives shared (no, I didn’t peek at it.) I also saw that they had an Epson printer connected to it, so I downloaded the printer driver and installed it on my laptop, opened Microsoft Word and pasted the screen shot of their router into it. I also included instructions on how to keep prying eyes out of their network, thanked them that I was able to check my email, and then I PRINTED the document out on their printer. Keep in mind I have no idea which house I had connected to. I imagine if they were home that they were a little shocked to have their printer start all by itself and print a note from a complete stranger. Lucky for them I wasn’t someone who wanted to copy their files, plant a virus or lock them out of their own network.

The two levels of security that are usually displayed with a padlock symbol are WEP and WPA. WEP falls into the “poor” category of security. WEP will keep honest people out of your network, and will prevent someone from accidentally getting connected to your network, but WEP was “cracked” several years ago, and nowadays it only takes a laptop and 60 seconds to break into a network secured with WEP.

What you should be using is WPA (or WPA2) to provided a connection that (with a good password) can’t be cracked in a comfortable lifetime. Log into your router (usually at http://192.168.0.1 or http://192.168.1.1), go to the wireless security settings and set it for WPA. Then change your laptops and other wireless devices to match.

There are many different routers on the market, but there are a few standard rules to follow: Changing the security settings on your router should always be done with the computer attached to the router via a network cable – don’t change it over a wireless connection. If you make a mistake, you won’t be able to get back in to fix it. In the wireless security settings on your router, you will see WEP and SHOULD see WPA as options. If you don’t see WPA as an option, your router is probably several years old. Go to the manufacturer’s support page on their web site and look for updated “firmware” to download. Download the firmware and update the router per the instructions provided by the manufacturer. If the latest firmware doesn’t provide WPA encryption, then it’s time for a trip to Best Buy or Fry’s for a new router. ANY new router will provide WPA encryption. At Fry’s you can pick up their house brand router for $20. Next use a strong password. A strong password should be at least 12 characters long, feel free to make it a lot longer – the longer the better. Be sure to use upper and lower case letters, use numbers AND use special characters like # * ( } [ @ ! &. Write it down and put it in a safe place. If it helps, use 2 or 3 non-related words or numbers that you know but no one is likely to guess. Something like maybe the city you got married in with the year of your first car and the name of your brother’s daughter. It might look something like [email protected]!Samantha#. Even people you know you won’t guess this. Be creative and have fun, but MAKE IT STRONG!

Until next time….

Laurie Scott / Tek-Chic Systems

“Because Everybody Needs a Geek in Their Life”®

Computer repair in Austin, computer service in Austin, Windows help in Austin, computer repair in Steiner Ranch, computer repair in Lakeway, pc repair in Austin, pc service in Steiner Ranch, pc service in Lakeway.