Tuesday, November 5, 2013

Password Security!

Passwords Password Security! 

 Strong passwords do not have to be difficult to remember.

We've all been there.  It's time to change your password on one of your many online or work accounts, and you have no idea what to do.  Do I add in symbols to make it harder to crack?  What about numbers?  I know, how about some punctuation!?  After all of that, you change the password satisfied your account is safe.  In fact, it's so safe you have forgotten the password by the next day!

Recent conventional wisdom was to replace some of the letters, such as an "l" (el), with the number "1".  You might also swap out "a" with the "@" symbol.  Another trick is to change "o" (oh) with a "0" (zero).  Your password might end up looking like this:  P@ssw0rd!.  As you can see, this will get confusing rather fast.  Now you can see why passwords are forgotten, or worse yet written down right next to the computer.

You might even bounce the other direction.  Why try and remember difficult passwords.  My dog's name will be sufficient.  Well, hackers know this all too well, and will browse social networks looking for information to crack accounts.  Oh look, Sally has an AOL email account and her dog's name is Brandy.  Let's see if Brandy (or a form of it) is the password to her AOL account.  Voila!  Sandy's account is now being used to deliver spam (and possibly a virus) to everyone in your address book.  (I actually found a user with the password 1234!)
Google reveals the 10 worst password ideas.
  1. Pet names
  2. A notable date, such as a wedding anniversary
  3. A family member’s birthday
  4. Your child’s name
  5. Another family member’s name
  6. Your birthplace
  7. A favorite holiday
  8. Something related to your favorite sports team
  9. The name of a significant other
  10. The word “Password”
Read more: Google Reveals the 10 Worst Password Ideas | TIME.com http://www.techlicious.com/blog/the-10-worst-password-ideas-as-revealed-by-google/#ixzz2jpTfECHG
 
On top of that, many do not use different passwords for different types of accounts.  Why use the same password for your email account that you do for your bank.  If one gets cracked then the other is vulnerable.

There are a lot of people explaining why longer passwords are better, but I feel the comic site XKCD.com does it best.  Use a pass phrase instead of a random bunch of letters, numbers, and symbols to protect your data.
Password Strength
http://xkcd.com/936/

Yes, the math can get in the way, but having a higher entropy is better.  If the system you are creating a password for will accept a longer password then why not try a longer password phrase?  It will be easier to remember for you, and harder for the cracker to break.  Even though the words are simple, the cracker has no idea if he gets any one of the words correct.  The whole password must be guessed (cracked) to obtain access.

Additional Info:

If you still would like to use a random bunch of letters, numbers, and symbols then try these guys:
https://www.grc.com/passwords.htm
This password generator will give you a VERY secure password.  It will be hard to remember but very hard to crack.

One the same site, there is also a password checker:
https://www.grc.com/haystack.htm

And Microsoft also has a password strength checker:
https://www.microsoft.com/en-gb/security/pc-security/password-checker.aspx

The bottom line is security is up to you.  Create long passwords to thwart attacks, and do not use the same passwords across multiple accounts.  
Posted by at No comments:

Wednesday, October 30, 2013

Computer security is more than just strong passwords!


 
Strong passwords and password phrases can really strengthen your defenses against hackers and attackers, but what if someone calls from Microsoft and tells you that your computer is out of compliance?  Would you oblige the caller and provide information?  How about letting that person have control of your computer to check the software that is installed to confirm it is in compliance?


Well, it happens everyday.  These unscrupulous people randomly call and provide just enough information to sound legit.  As they speak to you they glean more information and build a compelling case of deceit.  Their confidence puts you at ease.  In essence, these people are social engineers.  They are social engineering an attack specifically geared to you using information they gather as they are speaking to you.  As a rule of thumb, Microsoft will NEVER call you about a problem.  If someone calls and claims to be from Microsoft, be very leery. 

Here are some helpful hints from Microsoft Security Team:
http://www.microsoft.com/security/online-privacy/avoid-phone-scams.aspx

I recently had a customer who thought their computer might be infected and received a phone call from "Microsoft".  During the conversation, the fake technician asked to have remote access to their system to perform a series of tests to confirm the problems.  After a brief amount of time, the fake tech claimed he found the issues and wanted $199 to complete the fix!  The client, beginning to realize this was not legitimate, began talking the tech down.  Another offer was made for $99 - a special discount for seniors.  My customer said no again and began asking the fake tech some more information.  The fake tech completely changed their attitude.  Fake tech then changed the user's password, locked the computer (remember they had remote access), and told the user they would not have access to the computer until the money is paid and then hung up. 

The best passwords, antivirus, and firewalls in the world can't defend against user actions.  Be smart out there and don't trust unsolicited calls.

Even Wal-Mart is vulnerable:
http://money.cnn.com/2012/08/07/technology/walmart-hack-defcon/index.htm?iid=Popular

Security is up to you!
Posted by at No comments:

Wednesday, September 11, 2013

Short cuts to make your life easier

The other day I was helping someone, and told them to cut & paste something.  This particular person highlighted, went to edit menu and selected copy, to the new document and selected edit, and then pasted the information.

This doesn't seem like a lot of steps, but if you have to do this again and again the extra steps add up.  I suggested using the keyboard shortcuts, and received a blank stare.  This isn't the first time I've found a person that did not know of the keyboard shortcuts.

There are many ways to cut and past.  You can use menu options, keyboard shortcuts, right clicking, etc.  Today we're just going to focus on the keyboard shortcut method.

Highlight what you'd like to copy/cut.
Note:  Cutting removes the item while copying leaves the item in place.

Press "Ctrl c" to copy and "Ctrl x" to cut.
Note:  Most keyboards have two Ctrl keys.  They are in the lower right and left corners of the keyboard.


Place the cursor where you'd like to paste.
To paste, press "Ctrl v". 

Voila!  The copied/cut item is inserted into the space.  Once you get used to the keyboard shortcuts it will be much faster than going to the menu.  I have even run into instances where right-clicking and menu options would not work, but the keyboard shortcuts worked beautifully.

A note for Mac users: This works very well for you, too.  Instead of using the "Ctrl" key, use your "Command" key.




Like any other tool it has its uses.  Add it into your toolbox and you may just save yourself some time.

If you haven't done so already, please "Like Me" on Facebook.

Until next time!
Posted by at No comments:

Wednesday, September 4, 2013

Welcome to The Trusted Nerd Blog!

Hello and welcome!  

I'm starting The Trusted Nerd blog to supplement my Facebook and website.  Each has their benefits, but I feel this forum will allow a quicker and more fluid posts for my tech tips. 

Hopefully I'll post a new tech tip every week.  Keep a lookout.
Posted by at No comments:
Subscribe to: Posts (Atom)