How To Create Strong Passwords (2016 Edition)

Computer SecurityTime once again for my updated guidelines on creating passwords. The short version: use passphrases that are at least 12 characters long and different on every site, plus two-factor authentication where possible. And for pity’s sake, stop using weak passwords!

Many people say to me, “I don’t need a secure password. I don’t have anything sensitive on my computer, so I don’t care if a hacker gets in.” You, my friends, are a hacker’s dream. Because it’s not necessarily your personal information they want, although they’ll happily steal your credit card info if they can. No, what they really want is control of your computer, your email address, your Facebook page… anything and everything that will let them do their dirty work from behind a smokescreen.

Strong passwords must be:

  • Not in use on any other system
    This is perhaps the biggest no-no in the password rulebook. When hackers nab passwords, they try the same account/password combinations on popular sites like Google, Facebook, Twitter. If you’re using the same password you just let them in. Do not ever, ever, ever use the same password anywhere. Before you despair, keep reading. There are tools to make it easier.
  • Changed regularly
    Yes, you have to change your passwords. And yes, they still have to be different everywhere. In fact this is one of the best things you can do to secure your passwords. Use a password management tool if you need help keeping track of everything (see below).
  • 12 characters or longer
    Think passphrase rather than password. The longer and more complex a password is, the less likely it can be cracked.
  • A mix of upper- and lowercase letters, numbers, and symbols
    Some systems won’t allow you to use a range of characters in your password, in which case I suggest you reconsider using that site. Do you really trust someone who isn’t going to allow you to secure your account properly? Makes you wonder how secure everything else on the site is.
  • Not common words or proper nouns found in a dictionary
    Here’s a list of the 25 worst passwords of 2015. If your passwords sound like these, change them now.
  • Not the names of your spouse, kids, pets, or other personally identifying information
    Don’t create passwords out of information that can be gleaned about you, and don’t share information that can be used to guess security questions. For example, if you have pictures of your dog Fido on Facebook, and you also answer your bank’s security question “What’s your dog’s name?” with “Fido,” guess what? You have just given a hacker potential access to your bank account.

Examples of good and bad passwords

Good passwords (but don’t use these!)

AP@ssw0rdIJustMADE!UP!4U
Here’sAnOtHeR1FOR$You

Bad passwords

password
password1
password!
123456
<blank>
mypassword
spouse’s name
pet’s name

Password Don’ts…

  • Don’t rotate between the same two or three passwords. It’s just as bad as using the same password everywhere.
  • Don’t send passwords via sites like email, Facebook, Twitter. Use another means like text message, which goes directly to the recipient. Or even better, a phone call.
  • Don’t stick passwords on Post-It notes. Whether it’s under the keyboard or on a bulletin board, it’s exposed. Be like Gandalf: Keep it secret, keep it safe.
  • Don’t share passwords and accounts. This is especially prevalent in small businesses. Don’t create one account then share the password; create multiple accounts for each person who needs access. More time consuming? Sure. More secure? You bet.

Tools to manage your secure passwords

With a password management tool such as 1PasswordLastPass, or KeePass, all you have to remember is one master password and the software takes care of the rest. You can use the same password management tool on your computer and on your mobile devices.

But there’s a catch. Unfortunately any company can be breached by hackers and password management firms are no exception, as was demonstrated by a recent LastPass breach. In other words, passwords stored in management tools can be swept up in data breaches just like any other kind of data.

The good news is that most password managers encrypt your data, so even if hackers get hold of it, they will hopefully be hard-pressed to recover your actual passwords. That being said, you need to safeguard your master password with more vigilance than any other password you use. Please do NOT re-use your master password anywhere else! And be sure to keep another copy of your passwords somewhere safe in case you lose access to your password management tool.

Two-factor authentication

Two-factor authentication (2FA) uses a password plus another unique identifier, like a passcode messaged to your phone. This is much safer than a password alone because the second identifier is constantly changing, making it much harder to break into an account. If a site offers 2FA, you should consider using it.

However, 2FA does not make a weak password safe. Your best bet is 2FA plus an excellent password. As with a password manager’s master password, you need to make absolutely sure you have copies of your 2FA backup codes, because that’s what’s going to get you into your account if you have trouble.

Password harvesting scams

Password harvesters are everywhere. For example, you might get a spam email saying you need to update your account. This message contains links to a page that looks like the real login, but it’s really just a fake designed to steal your credentials. Similarly, password-harvesting scams can be distributed via Facebook, Twitter, and other social media sites. When in doubt, type the address for the site into your Web browser manually rather than clicking on a link.

Why not take this opportunity to change your passwords? It’s the best thing you can do to protect yourself against identity theft and cybercrime.

[Originally posted in 2010 as How To Create Secure Passwords. This version has been updated with the latest advice on secure passwords.]

Security Basics For Mac Users

appleIf you’re not protecting your Mac from Internet threats, your computer can easily be overcome by viruses and malware. But running antivirus isn’t enough. Mac users also need to be just as aware of scams, fake apps, and other Internet dangers as their Windows counterparts. Here are some resources to get you started.

If you’d like to know more about Mac security, stay tuned to Tech Tips via Facebook, Twitter, and RSS, or subscribe by email.

Mac Antivirus Programs

Mac Security Help

Tech Tips – Recommended Advice For Mac Users

Microsoft Alienates Customers With Forced Windows 10 Upgrades

win10Microsoft is facing public backlash for automatically upgrading the computers of unsuspecting customers to Windows 10.

Since public outcry Microsoft has reversed course, claiming that the forced installations were due to their accidentally making the Windows 10 upgrade checked by default. In theory, this means that there should be no more forced upgrades.

But the antagonism Microsoft is generating through such aggressive marketing methods is eroding customer goodwill. Microsoft has certainly been pushy about those “Get Windows 10” messages on Windows 7 and Windows 8 computers. And they’ve demonstrated aggressive Windows 10 tactics in the past, when they downloaded the Win10 installers onto computers without the user’s knowledge. So it didn’t come as much of a surprise to the IT community when reports began to trickle in that Microsoft had taken it one step further and actually performed system upgrades without user consent.

Microsoft Alienates And Frustrates Their Customers
Who wants to do business with a company that dictates when and how you upgrade your computer? Microsoft’s tactics show a vast disregard for the people who actually have to rely on their computers in real-world situations.

If you’ve ever upgraded your computer, you know things fail. Programs stop working. Devices stop working. Things are hectic until you’ve tested and re-tested everything. Even then, weeks later, you’ll stumble across something else to fix. I never upgrade without making several backups first. Microsoft didn’t even give people that chance before plunking Windows 10 in their laps.

Not only is this going to alienate their customer base, it makes people not want the software. People may start associating “Windows 10” with “aggressive marketing tactics” and steer clear. How are consumers supposed to believe tech security experts when we tell them to upgrade for their own safety? They’ll think we’re doing it for the same reasons Microsoft is foisting Win10 onto their computers: to keep them in the Windows ecosystem so they’ll buy more MicroStuff.

Upgrades Are Necessary, But Not Like This
Now, I’m all for upgrading, in certain circumstances. If you’re on Windows XP, for example, it’s long past time you did. Older software can’t run current antivirus, can’t run a modern Web browser, can’t receive security updates. Even Windows 7 is fairly long in the tooth at this point. From a security standpoint you really should be running Windows 8 or Windows 10. But I don’t want people to upgrade to cost them money or to make their lives difficult. I want them to upgrade because I don’t want them to suffer the financial loss and identity theft that comes with a severely infected computer. Trust me. I’ve seen it and it’s not pretty.

But forcing system software onto unwitting end users is unheard-of. You don’t pester users to upgrade. You don’t stealthily download installers onto their computers, taking up pricey bandwidth and drive space. And you certainly don’t upgrade somebody’s computer to an entirely new operating system without at least giving them the chance to opt out!

What Could Microsoft Do Instead?
Instead of aggressive marketing tactics, MS should spend their time and money educating users on why they need to upgrade older computers for security’s sake. But Microsoft would rather spend their time and money on ridiculous ads like “PC Does Whaaat?”, a collaborative effort between Microsoft, Intel, HP, Dell, and Lenovo geared towards encouraging more PC sales. According to the AP, this ad campaign cost $70 million.

I wonder how far $70 million would go towards helping consumers understand the necessity of upgrading — on their own terms.

Don’t forget to sign up to receive Tech Tips by email and get the latest computer news straight to your inbox. You can also follow Tech Tips on Facebook and @trionaguidry on Twitter for more computer help for PC and Mac.

How To Protect Your Web Browser

browserYour Web browser lets you access Internet sites, but it can also be a gateway for viruses, malware, and more. Here’s how to keep your browser protected and secure.

(Don’t miss my latest article for The Northwest Herald – Protect Your Window To The Internet by Triona Guidry)

Remember that it’s vital to keep your browser up to date. If you can’t run an updated browser, you may need to consider an alternate browser or even a computer upgrade. Old computers running outdated browsers are holy grails to hackers and virus-writers because they’re so easy to infect. The US-CERT web site has detailed information about how and why you need to protect your Web browser.

Your computer’s default Web browser is Internet Explorer for Windows, and Safari for Mac. Here’s some information about how to secure them. Bear in mind that software manufacturers don’t provide security updates for outdated versions of their browsers, which may be why you don’t see yours here.

Internet Explorer (Microsoft)

Safari (Apple)

Alternate browsers include Mozilla Firefox, Google Chrome, and Opera, among others.

Do you have questions about securing your Web browser? Ask in the comments, and don’t forget to follow Tech Tips on Facebook and @trionaguidry on Twitter.

Windows XP Is Dead. Now What?

Windows XPAs you may have heard, Microsoft has ceased support for Windows XP. Many people assume it’s okay to keep using it. They’re dead wrong.

WinXP is already vulnerable to viruses because it’s been out so long. Now we have the nightmare scenario in which bugs are discovered but not fixed. Here’s how it goes: Microsoft announces a security vulnerability and offers patches for Win7 and Win8. The hackers rub their hands with glee and start testing to see if WinXP has the same vulnerability. Lo and behold it does, and they have an easy way to sneak into your computer.

Like the recently discovered Internet Explorer bug, which gives hackers a way to take over your entire system. It’s the first major vulnerability since XP’s demise. We know the bug exists in IE under XP. At first Microsoft said they weren’t going to patch it for XP, but now they’ve changed their minds. The question is, what about the next big bug? Using WinXP is like leaving your front door keys in the lock with a sign that says “Come on in, the best valuables are right over there!”

This isn’t a marketing gimmick or a way to increase PC sales, though I’m sure tech vendors don’t mind if you give them money. This is about you and the real-world repercussions of a hacked computer. Do you want your bank accounts wiped out? Do you want your identity stolen? Do you want your online identities hijacked? If not, then get off Windows XP.

Some of you will decide you don’t want to upgrade. That’s up to you, but I strongly recommend you reconsider. A very few of you – less than you think – will have some business-critical function that requires XP. Unless you are in that infinitesimal group, upgrade now.

What are your choices? Windows 7, Windows 8, or Mac. I did a rundown on them a while back based on a question from a reader. At this time, my recommendation stands at Windows 7 or Mac depending on your preference, with Windows 8 a distant runner-up due to its unfamiliar interface and lack of apps. Or, you could go pure mobile with tablet and smart phone.

For those of you who really, truly, honestly cannot upgrade from Windows XP, you have my condolences and some advice:

  • Use a browser other than Internet Explorer. Never use IE even for a moment.
  • Make sure you have the last round of updates Microsoft offered for XP. You can still use Automatic Updates to install them.
  • Run a good antivirus program.
  • Double-check regularly with Malwarebytes and CCleaner.
  • Don’t use Windows XP for finances or online purchasing. Ever. Your smart phone is safer at this point and I don’t advocate using smart phones for finances.
  • Don’t use WinXP to access social media sites (Facebook, Twitter, etc). Social media is a virus cesspool and you don’t have a lifejacket.
  • Plan your upgrade. This is not a permanent solution. Eventually your PC will fail and you will have to replace it.

Do you have questions about Windows XP’s end of support? Ask in the comments, and don’t forget to subscribe to Tech Tips by email and follow on Facebook. You can also follow @trionaguidry on Twitter.

How To Protect Your Privacy On Social Media Sites Like Facebook And Twitter

socialmediaWhen was the last time you checked the privacy settings on your social media accounts? Once? Twice? Never? If you don’t check periodically, you run the risk of having your account hijacked by hackers.

Related article: Strong passwords key to social media privacy by Triona Guidry (The Northwest Herald)

What do you mean by “social media”?

Sites primarily used as a means of mass communication: Facebook, Twitter, LinkedIn, Pinterest, Instagram, Tumblr… You could also think of them as virtual communities, each with different rules and tendencies.

Why should I bother securing my social media accounts?

Because having your account hijacked stinks. At best, it’s inconvenient to reset your passwords and notify your friends. At worst, it results in data loss, identity theft, and financial ruin.

But aren’t these sites private?

Nope. They have privacy settings, most of which aren’t on by default. But anyone can sign up on these sites, and anyone can pretend to be anyone else on them. They’re designed to share information, not keep it private. Which is why the idea of people sharing their entire life stories and that of their kids gives me the screaming heebie-jeebies. Social media sites aren’t private photo albums and diaries. They’re publicly-accessible news sites (and data aggregators for advertisers).

Why do hackers want to hijack me?

In short: money. Cybercrime is a multi-billion dollar global industry. With economies tanking and people out of work, the idea of making tons of cash through Internet scams is hard to resist. Through commandeering your account, cybercriminals sell everything from Internet pharmaceuticals to fake antivirus programs to Twitter followers using your hijacked identity. It’s the go-to crime of the 21st Century.

Should everyone protect their social media accounts?

Yes. Absolutely. There’s no excuse not to.

How can I protect my social media accounts?

Use strong passwords that are unique on every site

Double-check your privacy settings

Report fake followers and inappropriate content

Verify links before sharing

Do you have questions about securing your social media account? Ask in the comments, and don’t forget to subscribe to Tech Tips by email and follow on Facebook. You can also follow @trionaguidry on Twitter.

 

How To Secure Your Web Browser

Did you know that most viruses sneak onto your computer through your Web browser? Here’s how you can secure your Internet surfing experience.

First, some basic safety tips. You’ll want to look through these before you proceed.

Then, take a look at your Web browser(s) with the following advice in mind.

Related Article: Eight Tips For Safer Web Browser Searching by Triona Guidry (The Northwest Herald)

How To Clear Your Web Browser’s Cache

How To Activate Your Web Browser’s Privacy Controls

Do you have questions about securing your Web browser? Ask in the comments, and don’t forget to subscribe to Tech Tips by email and follow on Facebook. You can also follow @trionaguidry on Twitter.

 

A Parent’s Guide To Protecting Your Kids Online

kidsIt’s hard to protect kids online, because parents and educators often have a hard time finding resources that can help them understand the latest risks and recommendations. I’ve gathered a variety of information in one place so you can learn about antivirus, parental controls, and protecting your kids while using mobile devices and video games.

Kids’ computers are among the most vulnerable to security threats. That’s not to say your kids are doing anything wrong. On the contrary, they’re the victims. Not only do virus-writers like to booby-trap kids with malicious web sites, they also like to infiltrate legitimate ones. Kids are also at much at risk of identity theft as any Internet user. More so, because cyberbullying has become such a deadly and devastating menace.

These are resources every parent needs to know about how computer viruses and Internet threats work. If you have questions, please feel free to comment. You can also subscribe to Tech Tips by email and follow on Facebook. You can also follow @trionaguidry on Twitter.

Antivirus And Security

Mobile Devices

Video Games

Cyberbullying And Harassment

 

Hands-On With The Samsung Galaxy S4, Plus Antivirus For Android

galaxy-s4I recently had the opportunity to test-drive the Samsung Galaxy S4 from Verizon. If you’re looking for a powerful smart phone with some of the features of a tablet, this might be the device for you.

Related article: Galaxy S4: Vivid Color, Vibrant Performance by Triona Guidry (The Northwest Herald)

The Galaxy S4 looks similar to the Galaxy Note II, which I previously reviewed. In the hand it feels light and lively, matched by smooth performance when you use it. The 1080p Super AMOLED screen is unbelievably vivid even in sunlight, just the thing for entertainment on the go.

The S Apps are interesting, but I don’t know anyone who buys a device solely for the manufacturer’s add-on apps. If you want them they’re there, but as a recent article in Forbes asked, do people actually use these brand-name features? If you do, I’m curious to hear how you like them.

The Galaxy S4 is an Android device so you’ll get the full performance of Android 4.2 Jelly Bean plus the features available in the Google Play store. Just watch out for bad apps! Android is notorious for malware. You should run an antivirus program on any mobile device you use. For Android I am fond of Sophos’s Android security app. It’s free so there’s no excuse not to protect yourself.

Verizon is promoting its VZ Security service, which gives you antivirus plus SiteAdvisor for free, or antivirus, SiteAdvisor, and some other goodies for $1.99/month. Whether you pick Sophos, Verizon, or another product, please make sure you are running legitimate antivirus. Fake antivirus is skyrocketing on Android along with other malware.

Have you tried the Samsung Galaxy series? What do you think? Share in the comments, and don’t forget to subscribe to Tech Tips by email and follow on Facebook. You can also follow @trionaguidry on Twitter.

 Disclaimer: Samsung Galaxy S4 provided by Verizon; this is an unpaid review.

 

 

Six Things Every PC User Needs To Know About Windows 8.1

Windows81The new Windows 8.1 affects you, even if you’re still using previous versions of Windows. Here’s what you need to know about the upgrade.

First Rule of Windows 8.1: There Is No Start Menu
Microsoft’s been shouting it from the rooftops: “The Start button’s back! The Start button’s back!” Except that doesn’t mean what you think it means.

What Windows 8.1 does is stick a Start button in the lower left corner, which brings up the new Start screen – not to be confused with the old Start menu you’re probably looking for. Dizzy yet? To make matters worse, not all applications will support the returned Start button, meaning it’s less of a fix than a kludge. A Start button that isn’t always present is as confusing as a Start button that’s missing entirely, if not more so.

Second Rule Of Windows 8.1: The New Look Is Here To Stay
Regardless of what they’ve done with the Start buttonmenuscreen, the Windows 8 interface (which I would call “Metro” except Microsoft says we’re not supposed to call it that anymore) is the future of Windows. So don’t expect Windows 8.1, or any other update, to restore your computer to yesteryear. The new look and feel is here to stay, and it’s time to get used to it if you intend to stay in the Microsoft world.

Third Rule Of Windows 8.1: Say Goodbye To Your Keyboard And Mouse
Windows 8 is made for tablets. In fact, many of us are still trying to figure out why Microsoft thinks a tablet interface is a good idea in a PC environment. If you don’t have a touch interface, it’s klunky to use – in other words if you’re one of the 99.99999% who still have a keyboard and mouse, which is SO 2012, PEOPLE.

Fourth Rule Of Windows 8.1: You Need It, Unless You Like Viruses
If history is any indication, expect Windows 8.1 to become the only acceptable version of Windows as far as being able to fix problems or install updates. Doesn’t matter if you want it or not, eventually you’ll have to install it or your computer is guaranteed to become a writhing infestation of identity-stealing viruses and malware.

This means you, Windows XP people – you need to upgrade. Now. I don’t care if you go Win7 or Win8, either is better than what you’re using now. Don’t wait until your computer is unusable, your financial data stolen, your accounts hacked, and your personal information spread across the Internet.

Fifth Rule Of Windows 8.1: It’s Not That Bad And In Some Ways Good
If it weren’t for the klunky interface and the lack of training for the average consumer (you know, the people for whom it’s purportedly designed), I would like Windows 8.

It’s fast. It’s powerful. It doesn’t take up a ton of memory (looking at YOU, WinME), doesn’t throttle your processor (Windows Vista), doesn’t cause incompatibilities with every single piece of hardware you own (Windows 95).

So, yes, it’s a technically superior operating system. So was OS/2 Warp, only it wasn’t widely used because it was hamstrung by a lack of apps and a failure to educate people on how to use it. Ironic that Microsoft may be following the same road to ruin decades later.

Sixth Rule Of Windows 8.1: You’re On Your Own Learning It (But I’ll Help!)
Microsoft has information online, but you have to hunt for it – using an unfamiliar touch-swipe interface, unless you happen to have another device handy, and doesn’t that eliminate the point? It’s no wonder many businesses have decided to hold off on upgrading. I don’t know why Microsoft has such blinders on when it comes to understanding that your average, everyday person needs to be able to use this without spending the entire morning trying to figure out how to accomplish a task.

To that end, here are some resources to get you started with Windows 8:

And don’t forget to follow Tech Tips for the latest on Windows 8, Mac, and more:

Once again we come to the age-old dilemma: Do you put up with the new features for the sake of security? If I were you, I would either a) get on Windows 7 ASAP, b) get on Windows 8 ASAP, or c) pick another platform (Mac? tablet? phablet?) because the Windows 8 train has left the station and anybody who didn’t jump on board is going to get run over eventually by viruses, malware, and other Internet scum.

What do you think about Windows 8? Love it? Hate it? Cowering in a corner hugging your Timex-Sinclair and dreaming of punchcards? Share in the comments!