July 2014

The SOS Newsletter: Help for your web stuff – JULY 2014

Logo4640

dit-dit-dit/dah-dah-dah/dit-dit-dit…

July has just whizzed right on by.  Seems like its been packed with a lot of things to do like work, maintaining security on your sites, summer vacations and Client events.  So let’s try to catch the last of July before it runs out on us.

Passwords.  They have to be strong and long to be effective.  And that’s a PAIN!  You know it.  So before we do a lot of other things, let’s get this password thing down so its a lot easier as well as safer for you.  I’m going to give you a couple of sites that will help you create a password without having to think one up.  And then, a PASSWORD MANAGER,  so you don’t have to remember them.  How cool is that?!  Plus, I have a home tech tip that will help you maximize your bandwidth

SOS Security Tips

password_strengthYou didn’t just use “iloveyou” or “monkey” for your password, did you?

In a recent talk by privacy/security expert, Lorrie Faith Craner, it was cited that the 2 most popular passwords are “iloveyou” or “monkey”  and when asked to add punctuation to their password to make it harder to hack, 40% of people chose an exclamation point!  (And we just told the hackers, right? Shhhhhh!)  😉   Lorrie is the director of the Carnegie Mellon Usable Privacy and Security Laboratory at Carnegie Mellon University and a member of the Electronic Frontier Foundation Board of Directors.  (Love the EFF!) 

Also cited in the talk were the following problems with getting users ( busy folk like you my readers) to choose strong passwords (at least 16 characters) :

  • Even when people are told to choose long passwords or password phrases, they often chose something easy to hack like “passwordpassword” or “baseballbaseball”.
  • Random-word password phrases while long, are not easy for users to remember or use.
  • Pronounceable gibberish passwords like “vadasabi” worked very well and users could remember them.

All good points.  However, the debate – passphrases vs strong passwords (which is better?) – continues. And I, myself, favor long, strong and ugly passwords.  Clint Eastwood passwords; good, bad, and ugly.  There’s no social media hack aspect to them whereas with passphrases there is the possibility of a social hack – especially if you use familiar words any hacker can pick up  by doing a search on you and scanning your social media posts.   Also, there’s a maxim that’s worked well for me for a number of years: If its easy for you to remember, its easy (or will be) for the hacker to hack.

Why all the concern about passwords in the first place?  Because hackers have password cracking software.  That software is now easier and cheaper to get because its being sold as SaaS (software as a service)  And hackers have the computing power now in a single pc to very easily hack your short, easy to remember passwords in a shorter amount of time.  (There are also easy ways now to hack into the computing power of other devices without the user knowing it to multiply the power and speed the hacker has available – but that’s another newsletter. ) That’s why I tell you to make a password at least 16 characters long or longer.  I would add to that: 16 random characters long including punctuation.

That said, the most annoying aspect is making passwords up.  Second annoying thing is remembering them.  So I am providing you two password generators to make the whole thing easier to create.  One is a passphrase generator and the other is a strong password generator.  Both are excellent and easy to use.  Second, so that you don’t have to remember them, I am recommending a password manager so that it will remember your individual passwords for each of your online accounts and all you have to do (once its set up) is remember ONE PASSWORD for everything you have online.  You even get notification if there is a security breach.  How great is that?!

The XK Passphrase Generator (image source)

The Strong Password Generator

Go ahead.  Try them out.  Have a little fun.  Then start converting your current passwords to these new, stronger passwords.  Bookmark these links in your browser.

A Password Manager To Rule Them All

LastPassLogo300Then go to LastPass and get yourself set up so that you only have to remember ONE PASSWORD for all of your online accounts.  (It’s like “One ring to rule them all!” sort of thing)  LastPass is based on a freemium model so you can choose either the free or the premium account.  Another password manager is KeePass.  It’s an open source option but I find that it is not as user-friendly.  It is highly-recommended though.

A note of caution on password managers:  they, too, have their problems.  If you have been keeping up with this newsletter, you know I try to keep you informed of the most current and dangerous hacks.  But hacks at every level of our infrastructure go on all the time.  So password managers are no exception.  The security advantage is that they will keep you in an instant notification loop. They do have a password generator of their own, but I recommend the two above first.

Home Tech SOS

The BEST Wi-Fi SetUp Tip EVER! 

Where should you point your Wi-Fi Router antenna ?  UP!  Right?  Nope.  Here’s a great tip for setting up your wi-fi router antennas for the most optimal coverage from LifeHacker.com along with WHY it works better!

WiFiSetUp

No comments
MelanieThe SOS Newsletter: Help for your web stuff – JULY 2014
read more