Passwords Are All That Stand Between You and Thieves
How many messages do you receive every week that claim to be from people you know and may come from their computers but contain either spam messages or malware? It's a rare week when I receive no messages like this. In some cases, people have been victimized more than once. That's because they continue to use easy-to-guess passwords such as "ABC123", "LetMeIn", or even "password". As more of us deal with online businesses and as more of us store data online, passwords become increasingly important. It's not hard to devise secure passwords.
Note the plural. Those who use the same password for everything are simply asking for trouble but you don't need to create a unique password for every account you have. After all, some are more important than others.
Three Categories
I divide passwords into 3 general categories.
- LEVEL ONE: If you engage in online banking or store any financial data online, these accounts should have strong passwords and each financial institution or company you have an account with should have a unique password. Ideally, your user name should be difficult to associate with your name. In other words, instead of using "bblinn" as a user name, I might choose TreeHugger3458 (consisting of a term I'll remember and my street address when I was 10). Should someone find a way to obtain the user name and password for one critical account, you want to avoid giving the crook access to other critical accounts. Consider this practice to be a firewall of sorts.
- LEVEL TWO: Between the sites that contain critical information and the sites that contain nothing of value to thieves are sites that need to maintain confidentiality but don't require the same level of protection afforded the critical sites. These might be subscription sites for publications. If you have a New York Times subscription, you might create a password such as NYTpine93475fennel (NYT is unique to this password but you use the pine93475fennel part for dozens of publications) -- TIpine93475fennel for Time Magazine, NRpine93475fennel for the National Review, and TNpine93475fennel for The Nation.
In this case "pine" is your favorite kind of tree, "93475" is your Zip code, and "fennel" is your preferred spice so all you need to remember is the prefix (indicated by the name of the publication) and the root part of the password (pine93475fennel). - LEVEL THREE: Miscellaneous accounts that, if compromised, would not expose any critical information can share user names and passwords. Technically, this isn't the best practice but if you don't want to remember dozens of user names and passwords, this is acceptable for online discussion sites, manufacturer support sites, and blog sites that require registration. It's still not a good idea, though, because someone can impersonate you if they have your credentials; there's a better way to handle the problem of remembering hundreds of user names and passwords. I'll get to that in a moment.
NOTE: I do not use "TreeHugger" or any variation of that term in any ID, I have never lived at "3458" (or any combination of those numbers) on any street, I have never even visited Zip code 93475 (Oceano, California), pine trees (although fine plants are probably not my favorites), and I don't particularly care for fennel. So if you're trying to crack my passwords, those are not good places to start.
Is Your Password in the Dictionary?
A good password should not be found in a dictionary. That's a common precaution but it seems that many people misunderstand the meaning of this recommendation. You shouldn't use a password such as "grapefruit" because using any dictionary word simplifies a cracker's task. But you could use "grape7329fruit" (break the word and insert a number in the middle). Better still: "Gr@pe7329fruIt" (with a symbol to replace the "a" and some random capitalization).
Another way to create a strong password is to use a phrase. Some sites now allow long passwords and anything over about 15 characters is extraordinarily difficult to crack. Let's say you were a fan of the Doors. "RidersOnTheStormIntoThisHouseWereBorn" would be a good password. Swap out some of the letters for numbers and symbols to make it even stronger ("R1dersOn+heSt0rmInto+hisH0useWereBorn").
The best passwords are long and completely random. Many programs exist to create these kinds of passwords. KeePass, for example allows you to specify the length of the password and which kinds of characters will be used.
You can then create a list of passwords that can be used as needed.
Remembering All Those Passwords
In addition to creating passwords, KeePass can store them securely on your computer. It's tempting and easy to create an Excel spreadsheet or text file or Word document with all of your user names and passwords. The trouble is that when you do that, you make them available to any malware that finds its way onto your computer.
KeePass keeps the passwords on your computer, but the file is encrypted so that even if a cyber-thug gains access to your computer, your passwords are safe. KeePass must be installed on every computer where you need it, though—home computer, office computer, notebook computer. And what happens if you need to use a public computer?
I've found LastPass to be an even better solution because it stores your passwords on a server (the server file is encrypted, a duplicate file on your computer is encrypted, and communications between your computer and the server are encrypted). When passwords are created or updated, they become available on all your computers.
Both KeePass and LastPass require that you create a single strong password for access to your other passwords. This password must be strong and unique. If you lose it, your passwords will no longer be accessible. If somebody else obtains it, all of your passwords will be exposed. Create this password carefully and protect it. LastPass does offer other options for unlocking the file with your passwords but most people seem to choose the familiar process of creating a master password.
With LastPass you can turn off the processes by which browsers store passwords. Browser-based password storage is far less secure than it needs to be and should be turned off.
Although my preferred application is LastPass because I use many computers, KeePass is an excellent free open-source application that provides a secure way to store your passwords. You won't go wrong with either one.
How to Be Your Own Domain
If you're in business, you already know that you need a domain name even if you choose not to have a website. A follow-up message from "joe.house@aol.com" will raise questions in the receiver's mind about how large the real estate business is and how serious it is about being in business. A message from "joe.house@bigrealestate.com" sends a much more professional message. But should individuals should consider creating a domain name, too? My answer is Yes.
(Note: The domain "bigrealestate.com" exists but it is not associated with any realty company. It's just an example that I pulled out of thin air. Don't go there.)
In addition to techbyter.com, I also own blinn.com and have for many years. During those years, I've changed Internet service providers a few times but my e-mail address has remained the same. While it's true that you can maintain the same e-mail address with yahoo.com, outlook.com, or aol.com, creating your own unique domain and address isn't difficult or expensive.
If you're in business, this isn't an option. It's a necessity. "Perception is reality." I can't tell you who said this, but I can tell you that it's true. If you believe that I'm an idiot, then I'm an idiot. We all see the world through our own filters. If people perceive you as being serious about business, then you are (even if you really aren't) and if they perceive you to be just playing around, then you are (even if you are dead serious about your business.) That's why a domain name is essential for businesses.
"Being your own domain" has several advantages and perception is just one of them. For individuals, it's helpful, too. When I tell someone that my address is "william dot blinn at blinn dot com", there's no question that they'll remember it better than if I tell them it's williamblinn1437 at gmail dot com.
Registering a domain name costs around $10 per year for the common top-level domains such as com, org, biz, and info. Certain other top-level domains cost considerably more. A hosting account that includes space for a website and e-mail (usually with an unlimited number of addresses) can cost as little as $40 per year and you can find e-mail only accounts for $20 per year if you don't need a website.
There's no shortage of domain registrars. Here are some of the better known registrars:
- GoDaddy.com
- Register.com
- NetworkSolutions.com
- Or choose from any of the hundreds of ICANN-registered registrars.
When it comes to hosting, my favorite is BlueHost, but there are other good hosting services:
- GoDaddy.com
- 1and1.com
- verio.com
- Or choose from any of hundreds of hosting services you'll find with a Google search. But beware: Offers that seem to good to be true probably are.
Have You Turned 64 Yet?
64-bit computing has been available since about 2001 and it's continuing to catch on, but slowly. If you're in the market for a computer this year or next, now might be the time to consider 64-bit hardware and a 64-bit operating system. Less than 1% of Windows XP users installed the 64-bit version. Only 11% of Vista users installed the 64-bit version. But Windows 7 broke through the clutter and, about 2 years ago, half of Windows 7 users had moved to 64-bit systems. That number should rise with the advent of Windows 8.
Current software has exceeded the limits of 32-bit computing. Some Adobe products, for example, are no longer available for 32-bit systems and the trend is clear for any application that requires either a lot of memory or a lot of processing power. Whether you need this power at home depends on what you use a computer for.
If you're already planning to buy a new computer, moving to a 64-bit system will cost about the same as buying a new 32-bit system and it will provide options for expansion that 32-bit systems cannot. Memory is limited to 4GB on 32-bit systems and, although that sounds like a lot, you might benefit from 6 or 8GB and consumer-grade computers are available with that much memory.
The trend of hardware and software manufacturers to support 64-bit systems is clear and the cost of supporting both 32- and 64-bit systems is prohibitive so the future is clearly betting on 64-bit systems.
In more or less plain English, the difference between a 32-bit system and a 64-bit system is the data path. Imagine a freeway with 32 lanes. It would carry a lot of traffic. Now consider a double-decker freeway, each with 32 lanes. In a 64-bit computer the processors can handle data that's 64 bits wide.
Besides faster processing that's the result of "more traffic", another huge advantage of 64-bit processing is the ability to address more memory. 32-bit systems are limited to about 4GB of RAM, and that includes any memory used by the video subsystem. 64-bit systems can address 2^64 bytes of RAM. That number looks small but it works out to be (16 exabytes): 16,000,000,000,000,000,000. And good luck, by the way, finding a way to use that much RAM in any current hardware. But you can find systems that allow for 32 or 64 gigabytes of RAM (32,000,000,000,000 or 64,000,000,000,000 bytes). Any application that needs a lot of memory and has been written to take advantage of 64-bit architecture will see an immediate performance boost from the extra memory.
That last part is important, too. If the software hasn't been designed to support 64-bit architecture, it will run as a 32-bit application and will be no faster than if it was running on a 32-bit system with 4GB of RAM.
You won't see your e-mail program or Web browser speed up. Differences will be seen in applications such as Adobe Photoshop, Adobe Premiere, large database applications, and scientific calculations.
Short Circuits
What Can We Say About Electronics During the Election?
Apparently not much. There were a few random voting machine irregularities reported but nothing that looked particularly suspicious. Let's consider what happened and look at ways to make the electoral process better.
There were reports from Ohio and Pennsylvania (and probably elsewhere) indicating that touch screens had malfunctioned. A vote for one candidate registered a mark for that candidate's opponent. Voters noticed and were moved to other machines or given paper ballots.
Having been a poll worker, I've seen this problem. In one election, a voter reported that the machine was recording the wrong candidate. One judge from each party observed and confirmed the voter's statement. The process when something like this happens involves marking the current vote on the machine as invalid, moving the voter to another machine, recording a description of the problem, noting the tally difference on a paper that stays with the voting machine, and taking the machine out of service.
We did all of those things and then notified the board of elections. A technician arrived a short time later and fixed the machine. We restored it to service but later another voter reported a similar problem. After moving the voter to a new machine, we took the problem machine out of service for the remainder of the election.
Various other minor problems were reported around the country, including one in Massachusetts that involved a spider that had taken up residence in one of the machines.
The most serious problems were ones that occurred in areas where the machines don't have a paper audit trail and even those seemed to have been relatively minor. Still, this seems to be a good time for me to climb up on the soap box and again proclaim that the best system of electronic vote counting would involve paper ballots and scanners. Those systems can always be audited later because a clear paper record exists for every vote.
Even though a paper-based system would cost far less, particularly when coupled with voting by mail, and would be more secure, I don't expect anything to change anytime soon because the people who make voting machines have a vested interest in maintaining the status quo. And they have the lobbying power to maintain it.
The Incredible Shrinking Disk Drive (Price)
It's time to upgrade some hardware at TechByter Worldwide in advance of installing Windows 8 on the primary desktop computer. Two of the most astonishing things I've seen in the review of options with Marshall Thompson at TCR Computers are the prices of disk drives and memory. Three years ago, I migrated to a 64-bit system, which meant that I could install more than 4GB of RAM in the computer. I installed 8 even though I knew that 16 would have provided better service. This time around, it will be 32GB of RAM in conjunction with a solid-state drive (SSD) for the operating systems and 2 new 2TB drives for storage. (Video files, photos, and audio files can take a lot of space.)
Solid-state drives are still pricey but they can speed system startup substantially and, because Windows will install applications on the boot drive by default, all applications should also start faster. When combined with Windows 8 and Office 2013, the start-up process should be significantly improved.
But two 2TB disk drives? And 32GB of RAM?
Anything within reason that can be done to make the computer perform tasks better or faster is worth it and the cost of making computers faster drops every year.
Remember when hand-held calculators cost $400, then $100, then $10, and now you can buy them for $1 from companies that provide cheap trinkets. The same thing has happened to disk drives. The $1600 16MB disk drives of long ago have been supplanted 2TB drives that can be purchased for not much more than $100.
The same is true for RAM. Instead of hundreds of dollars for 128KB of RAM, you can find 32GB of RAM for around $150.
Suit-Happy Apple Smacked Out of Court
This week a federal judge booted Apple’s patent abuse lawsuit against Google’s Motorola Mobility unit out of court. Apple has been trying to beat back the attack of the Android devices and this is a setback for Apple's attempt to eliminate rivals from the smart phone marketplace.
Apple's apparent policy: We want to sue the other guys but if we don't agree with the court, we'll ignore the verdict.
The trial was scheduled to get underway on Monday in Madison, Wisconsin, with Apple contending that Motorola's licensing practices were unfair. Google acquired a portfolio of patents when it purchased Motorola's cell phone business in May for more than $12 billion. Before the trial could start, Judge Barbara Crabb, who had earlier questioned whether she could rule on Apple's case, dismissed the case.
Apple has traveled the world filing suits against Google and anyone who has worked with Google -- Samsung, for example, because Samsung uses the Android operating system for its phones. In the suit that was just dismissed, Apple claimed that Google's royalties were too high but, even though it brought the suit, Apple said that it would not be bound by Judge Crabb's decision if she set the rate higher than $1 per Apple Iphone.