Password

RSS feed

Forgotten Password? Password Card Can Help

Password CardOne of the things I come across all the time is the XP forgotten password problem. Running a close second is the router forgotten password. Well, there’s a handy password card you can get that will allow you to remember your passwords in the future.

Thanks to “A password reminder to carry with you” on the IT Trenches blog letting me know about this great little tool. This thing is a real winner for all those XP forgotten password issues. Now, when you get those calls like “I forgot my password for my ____,” you can give them something that allows them to write down password clues that are secure and also easily remembered.

You visit? http://passwordcard.org and it generates an unique credit card sized matrix like the one in the picture. Just pick a symbol, a color and a number of characters and you have a secure password. You have the option of creating a numbers-only area as well as including symbols into the mix, depending on the type of passwords or PINs you require. The default is upper/lowercase and numbers. If you lose your card you can get a duplicate by going to the site and entering the number that appears on the bottom of the card, so you might want to write that down and keep it in a safe place just in case.

There are several ways you can use the password card. The simplest way is to pick a symbol, color and sequence of characters from left to right as in the illustration. You would remember this, or write it down, as “spade green 8.” But notice that there are eight rows under each symbol. You could could choose the column under the diamond symbol and use the password JwdC4aGt. You’d write that down as “diamond down.” Reverse the order, and you might write it down as “diamond up.” In this case, the password would be tGa4CdwJ.

Have fun!

0

Internet Safety in the Digital Age

Let me introduce a very special guest blogger, Mr. Paul Shirey. Paul is a young man (13 years old) who definitely has a handle on what this Internet thing is all about. In fact, given that people of his generation have this kind of savvy, I think there’s hope that the Internet will evolve from it’s current state of “Wild, Wild, Web” into something more akin to a world wide communications and information portal that is safe for everyone to use. It’s quite possible that you’ll be hearing more from this young man as a future mover and shaker.

You can contact Paul through his website at http://www.teenradiojourney.com or you can leave a comment here. Here’s his article.

——————————————–

In the digital age,? most of us, if not all, depend on the Internet to get us through the day: some jobs are even 100% online. Well,? sometimes the Internet isn’t all that great, and might be infected with malicious files. Luckily, there are ways you can defend yourself against the Internet terrorists of the digital age.

Online Accounts

The number of online accounts you have can really affect the chances of your accounts being hacked and your identity stolen. The more accounts you have, the more at risk you are. If someone steals your identity and commits a crime in your name, it is possible that you could be the one that ends up behind bars, and none of us want that to happen.

There is a simple way to keep your online accounts secure–don’t use the same password for every online account you have. Imagine this: One day your computer gets infected with malware called a keylogger. Keyloggers record everything you type on your computer. If the hacker behind the malware can find out one of your online passwords before you get the malware removed, that person would have access to all of your online accounts because you used the same password for every account.

Though using the same password for every account you create can be helpful for you (because you won’t have to remember what the password is for every account), it is a serious security threat. There are some very simple ways you can stop this bad habit.

1. If you don’t have a lot of online accounts, use a series of passwords and rotate them between accounts. This way it would be harder for someone to hack into your accounts, and your account could even be temporarily suspended from too many log in attempts.

2. Using a password keeper is an excellent way to create multiple passwords, and most of them have password generators built into them. Even though it might be a little bit annoying to have to copy and paste passwords all the time to log in, it could really be a life saver. You wouldn’t necessarily have to create a generated password for all of your accounts, just the ones you couldn’t afford to get hacked like your bank account or PayPal account. You can download a free password keeper by going here http://keepass.info/. This password keeper can even go onto a USB stick.

Spam

Spam is another way internet hackers gain control of people’s computers and lives. There are some very simple ways you can tell if an email message is spam.

Contains mostly links and is in plain text.

Comes from a free email service like Gmail or Yahoo

Your email client tells you that it is spam

Spam can be very hard to filter out; some spam may even make it through the spam filter. One example of spam that is very tempting is emails that say that you have one a large amount of money. If the email is in plain text and the email address is from a free email service like Gmail or Yahoo, its spam. Delete it and forget it.

If your email client tells you it is spam there is a very small chance that it might not be spam, if you are at a business building using business email, chances are that a lot of non spam emails go to spam due to high filtering settings. You do however need to be able to tell spam from non-spam.

Password Changes

Sites like eBay or PayPal that are heavily encrypted send you an email when your password is changed, even if you were the one that changed it they will still send you an email for security reasons. If you do get one of these emails and you didn’t change the passwoord, you need to contact them immediately.

Imagine that you are opening the door of your house to go inside after a long day at work, but you forget to disarm your security system. The alarm will go off and the alarm company will call you. You tell them that it was only a false alarm and give them your pin number for the alarm system, and they reset the alarms.

So,? going back to the site, the alarm going off when you enter your house is just like you changing your password on a highly encrypted site. The website will contact you just as the alarm company would, except with the website, you usually don’t need to tell them if you changed it or not.

Free Items

Have you ever seen those ads on websites telling you to click to win a free item of high value like a MacBook Air or an expensive car? Well to tell you the truth the website that you clicked on that ad from is just trying to make money, because advertising is how most free websites run. However, that form you will out to get the free item is just collecting your personal information, and you could start receiving tons of spam in the snail mail.

Online Shopping

Another way hackers can attack computers is through online shopping. My rule is the site either has to be approved by internet security companies like McAfee, or use PayPal for orders. I usually will only shop at an online shop if they use PayPal because the only information the store will see when you pay with PayPal is your Name and/or email. That’s a lot better than giving them your credit card number.

The best thing you can do to defend yourself while shopping online is by making sure the shopping website you are buying from is secure. Though eBay and Amazon are very secure, if they were to get hacked it is likely that websites like these would shut down part of their system temporarily until they are sure that the problem is fixed.

Downloads

Downloads can be handy, but if you download multiple programs every day, you could be even more prone to getting a virus. You need to be extremely careful when downloading files from file sharing sites, unless you truly know the person that is hosting them, or were redirected by a software company that you trust.

Sum it up

The key to internet safety is this: if a website or email doesn’t look safe, either don’t go to it,? or do searches on it to see if it is safe. Don’t just look at one search result; look at multiple ones so you are sure that the website is secure. There is a neat little antivirus programs that can keep you safe on the internet, and will even warn you if you try to open an infected webpage or email, and then clean any infected files. You can download this antivirus program by going to http://www.avast.com/. If you already have an antivirus program you trust go ahead and download McAfee Site Advisor http://www.siteadvisor.com/.

Whether you like it or not, you need an antivirus program, it might make your PC a bit slow(er) but it is worth it, you never know when your computer could be threatened in an internet infection.

Paul Shirey

0

Have You Checked Out the Password Meter?

Unless you’re a subscriber to my list, you probably haven’t noticed the new page I added recently: Password Meter. It’s over there to the right just under the link to the Leave Feedback page. Go ahead, check it out; punch in some of the passwords you use and find out if they’re really as strong as you think they are. I bet you’ll be surprised.

This meter is one of the best I’ve ever seen because it takes into account all of the best practices I endorse for creating very strong, un-guessable passwords.

Let me know what you think in the comments section and if you like it, bookmark it using the button below.

Cheers!
The Geek

1

FTP Password Thieves – Are You The Next Victim?

Guest article by Arindam Chakraborty. You can check out his blog here: http://arindamchakraborty.com

**********
Just read this article a moment ago, and thought I should let you, since it affects webmasters in a big way:

http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1357912,00.html

There are seven ways to minimize your changes of getting hacked:

a) Use Secure File Transfer Protocol (SFTP) instead of FTP. Normally, this requires SSH access. The downside is that (from what I know) most web hosting companies don’t provide SSH access to their shared hosting customers! However, some do offer jailed SSH, which should be work as well! If you are on a VPS or Dedicated server, you should already have SSH access.

b) Use strong passwords: I use Roboform‘s password generating tool for this purpose! Usually its default settings work me, but if you need stronger passwords than what the tool offers by default, you can always customize the available options!

c) Keep your PC protected with Firewalls, Antivirus tools, Malware detectors, Anti-Spyware tools, etc. If you are looking for recommendations, here is a good forum thread to get you started:

http://forums.majorgeeks.com/showthread.php?&t=44525

Remember that different security tools work and behave differently on different systems, so it might take a few months of trial and error before you find the “perfect” solution for yourself!

Above all, UPDATE these security tools regularly!

d) Always download software programs from trusted sources, such as:

http://download.com

http://www.tucows.com/

e) As soon as you have downloaded a file, scan it with an antivirus tool to make sure it is not infected, especially if it happens to be an executable program!

f) Stay away from bad sites. If you visit sites that host porn, warez, keygen, etc., you cannot blame anyone but yourself in case you get infected with Trojans and viruses!

g) Avoid downloading files from Peer-to-Peer (P2P) connections: With most P2P networks, the uploaded content is hardly monitored, so your chances downloading a Trojan are very high. Another possibility is that of identity theft. You may be happily downloading some stuff using Limewire, while a couple of thieves are busy stealing your IP address, passwords, or other secret information they can use to harm you in future! Remote attacks are also a possibility!

If you really want to use P2P networks, use a strong P2P firewall and an IP address hiding tool to protect yourself; I am not sure if these security measures would cause you any inconvenience, though! Myself I have avoided P2P networks all my life. I miss out on a lot of goodies because many of them are required to be downloaded from P2P networks, and for heaven’s sake, no matter what happens, I would never do that! :D

Here is a helpful article on Peer to Peer networks and how they work:

http://en.wikipedia.org/wiki/Peer-to-peer

Also, keep in mind that even if you follow the seven steps above, there is no guarantee that you would be totally protected from FTP password thieves! However, these security measures would certainly minimize the chances of attacks!

Arindam Chakraborty

Filed in: Password, Security, Tips
0

“14 Golden Rules of Computer Security” Nearing Completion

My new eBook, “14 Golden Rules of Computer Security” is almost complete and will be ready for downloading shortly. Written with the non-technical person in mind, the book is packed with proven, practical advice on how to stay safe on the Wild, Wild Web including bonus articles about creating strong, easy-to-remember passwords and email security tips. I give you tons of links to free and low-cost tools as well as special discounts for software and services by some of the best computer security companies in the business. It’s a must-have for every computer owner.

Based upon my popular “How to Secure Your Computer” series of web articles and fully updated with late-breaking information on safe searching and social networks, “14 Golden Rules of Computer Security” will help you develop your own secure computing practices and save you from the hassle of dealing with unpleasant malware attacks.

The book will cost $9.95 for the general public, but all Ask the Geek subscribers will be sent a download link and password for a free copy, so be sure to sign up. (If you already closed the subscription panel, you can sign up by clicking here or on the Sign Up! link on the Pages sidebar.)

Sign up today and then watch your email for the release announcement and download instructions.

0

“psyb0t” Worm Infects Routers

Two router options, both of which I’ve said are security risks (see This Router Configuration Option Can Be Dangerous), can now be exploited to turn routers into zombie botnet members. My latest post at Security Corner, Worm Targets Home Networking Equipment, gives details and references to more news items. You can read those if you want, but for now, here’s what you should immediately do:

  1. Power cycle your router.
  2. Disable WAN-facing telnet, SSH or web-based configuration interfaces.
  3. Change the passwords to something unguessable (see this article).
  4. Upgrade to the latest firmware.

If you’re not sure how to handle this, find a geek who can. While the hacker who wrote this worm appears to have disabled the botnet’s control center, others will follow and it could get ugly.

You should also read and apply the Safe Computing Tips available as a free PDF download. Just click on the link to the right.

As always, I’m looking out for you.

Cheers!

The Geek

0

Why Your Wallet is the Best Password Manager

Although I use them to store passwords for sites that don’t require much security, password managers are something I generally stay away from. Why? Because they store the information on my hard drive, a thumb drive, or a website, all of which could be compromised by a determined hacker. Even a relatively unsophisticated hacker could exploit an unpatched vulnerability leaving my passwords open to inspection. My personal security policy is to make it as hard as possible for someone to get to my passwords.

So, I write them down and keep them in my wallet.

Yes, that is the most secure “password manager” there is. No one can get to your wallet from the Internet or your PC. Passwords written on a piece of paper and stored in your wallet are nearly impossible to compromise – someone would have to steal your wallet (or you’d have to lose it) to get at them. How likely is that? I’m 55 years old and have never lost my wallet or had one stolen. Even if someone did get hold of wallet, they wouldn’t know what sites the passwords apply to. I have a secret code that tells me which password goes with what site, and no one is likely to be able to decipher it.

Just be sure not to write down your username with the passwords.

Cheers!

The Geek

Filed in: Password, Security, Tips
2
© 2017 Ask the Geek. All rights reserved.