Listen to the Podcast
19 Feb 2021 - Podcast #731 - (21:40)
It's Like NPR on the Web
If you find the information TechByter Worldwide provides useful or interesting, please consider a contribution.
If you find the information TechByter Worldwide provides useful or interesting, please consider a contribution.
Strong passwords are essential to the safety of your data, and there are lots of techniques for creating good ones. Let's look at some ways to create and secure good passwords.
Click any small image for a full-size view. To dismiss the larger image, press ESC or tap outside the image.
First, use a password manager such as LastPass, 1Pass, RoboForm, or Dashlane. Some people recommend against password managers, but they use faulty logic when doing so. What if someone breaks in to the password manager's server? Probably nothing happens. A good password manager will, first of all, create a secure website and will create virtually unbreakable security.
These services encrypt your passwords on their servers, during the time they're moving between their server and your computer, and when they're stored on your computer. To exploit your passwords, a crook would need to get past the password manager's security, know your user name, and break the strong encryption that's linked to your master password. Given the advantages password managers offer, fearing a threat with a minuscule (but still non-zero) possibility isn't a good use of your time.
So the first step is to choose a password manager.
Websites, especially those that involve finance in any form, often include a third item in addition to a user name and password. One bank requests my user name and then the site shows me an image. If it's not the image I expected, it's an indication that I mistyped the user name. The next step is entering the password and, if it's right, the site asks a security question. Although I'm comfortable with the security offered by this arrangement, it could be improved by substituting two-factor authentication for the picture and the security question.
Authy is a free service that provides a six-digit security key for the sites you set up. The key changes every 30 seconds, so the user must have the correct user name, password, and security key to log on to a site. Even if someone manages to capture the user name and password, the security key is likely to change before they can use it and guessing the key is unlikely because 6 numerals gives 106 — 1,000,000 — possibilities.
Most password managers have functions that generate secure passwords, but you might also want to consider a separate service such as Passwords Generator, which is a free online service.
The user specifies the length of the password, whether it will contain uppercase letters, lowercase letters, numbers, and symbols. Password Generator allows the user to specify which symbols will be used (the default is !"#$%&'()*+,-./:;<=>?@[]^_`{|}~), and whether the password can start with a symbol. Strong passwords should be long (16 characters or more), contain uppercase and lowercase letters, numbers, and symbols. It's wise to eliminate look-alike characters such as the number 1 and a lowercase l, and the number 0 and an uppercase O.
Why not just type your own random characters? As it turns out, when humans try to type random characters, they don't do a very good job. The password generator will do a better job.
If you use a password manager, a password such as X#yb_{J?6/w~YpAd isn't a problem because the password manager will supply it as needed. But if you have to remember the password so that you can type it, you'll quickly find that such a password isn't even slightly memorable.
When I worked in an office where password changes were required every 45 days and password managers were prohibited, I created a system that allowed me to leave my password hint written in plain sight. First, I set a calendar reminder to change passwords every 42 days. That's every 6 weeks so the reminder would always fall on Wednesday. That eliminated having it fall on a Monday holiday or a Friday because I took a lot of Fridays off. Also, if I had set the reminders to every 45 days, some would occur on Saturdays and Sundays, then I would be locked out of some systems on the next Monday. The password requirements for the systems varied. Most of the systems required at least eight characters, but one was limited to eight characters. That meant my password would need to be exactly eight characters. Most systems required uppercase and lowercase letters, and some required numbers. The one that didn't require numbers would accept them. Some systems required symbols, but one allowed only three symbols (!?#). So I needed an eight-character password with a mix of uppercase and lowercase letters, at least one number, and one of three symbols. And it needed to be memorable.
Good password procedures limit passwords to use on a single system, but reusing the password for multiple internal systems seemed reasonable. So I started thinking about how to create a system.
This was several years ago, and I hope the company has improved password requirements since then. My system was easy to use and depended on references that none of my co-workers knew. When I used this system, I could put a PostIt note on my desk with the clues: "Dot1 Oct Ft Wayne". None of that would have made any sense to anyone but me. Today, for the first time, I'll explain how to get from "Dot1 Oct Ft Wayne" to password: ElB#1450.
Using various family members, symbols, and references to frequencies, I had more than 40 possible passwords that I didn't have to remember. I can explain this system now because I haven't used it for several years and will never use it again. Although I don't recommend a system like this if it can be avoided, it's a workable option for anyone who refuses or is not allowed to use a password manager.
Some people create long passwords by concatenating a song title like WeAllLiveInAYellowSubmarine. That has upper and lower case letters, but no numbers or symbols. WeAllLiveInAYell0wSubmar1ne would be better and WeAllLiveIn@Yell0wSubmar1ne would be even better, but then you need to remember which letters you've chosen to replace with numbers or symbols.
Seriously, if you can just use a password manager, use a password manager, and set up two-factor authentication for any site that allows it.
Microsoft's web browsers haven't exactly been the most loved applications. Many people used Internet Explorer, even though it was a lousy browser, because they didn't know how to install another browser and set it as the default, they didn't care, or Internet Explorer wasn't bad enough to spur action. At last, Microsoft may have gotten it right.
Regardless of which browser you prefer, the browser on your computer uses one of four rendering engines, and that's about to shrink to three. Or, for Windows users, two. Google Chrome and most other browsers use Blink, Firefox uses Gecko, and Microsoft has used its own proprietary Trident rendering engine, followed by EdgeHTML. Trident has been discontinued and EdgeHTML is currently in maintenance mode because the new Edge browser uses Blink. So Windows computer users have a choice of a Blink browser or a Gecko browser. If you have an Apple computer and use Safari, it runs the WebKit engine.
So that's one mainline browser using WebKit, one mainline browser running Gecko, and everybody else using Blink. I've been trying the Development channel for Microsoft Edge and there are some features to like. Until now I've used a Microsoft browser only when I needed to confirm that a website I'm working on functions properly. Edge may change that.
Click any small image for a full-size view. To dismiss the larger image, press ESC or tap outside the image.
For the past few years, Firefox has been my preferred default browser. I like its ability to synchronize settings between computers. Consistency is helpful so that expected websites are available in bookmarks on all the computers I use. That feature is also available in Edge.
I synchronize everything but passwords and history. History because I rarely need to use it, and when I do, it's almost always to visit I site that I recently left. Syncing that data would not be useful. Passwords because I to not allow browsers to store passwords, no matter how secure the developers say they are. Instead, I use a password manager.
The feature that I find most compelling is one that will doubtless be duplicated by other browsers, but Edge is the only browser that currently offers vertical tabs. Why? If you have only one or two tabs open simultaneously, prepare to be unimpressed. But if you're like me and have 15 tabs open most of the time, you may love this feature at first sight.
Even with a wide screen and the browser running nearly full screen, the text on the tabs is truncated when they run across the top of the screen. When the tabs are listed on the left side of the screen, the main part of the browser window may be slightly smaller, but the title of each window is longer and easier to read. This feature is most useful on computers with wide screens.
With wider tabs on the left side instead of narrow tabs at the top of the screen, I no longer accidentally close tabs by clicking the X instead of selecting the tab.
Late last year, Microsoft introduced "sleeping tabs". By default, any tab you haven't visited in two hours will go dormant. Users can adjust the time from five minutes to 12 hours as well as specify that some tabs are exempt. This feature is intended to allow the browser to release memory consumed by tabs and to reduce the ongoing CPU load. When a tab is sleeping, the tab is dimmed. Selecting the tab wakes it and refreshes the page.
Memory load has been an ongoing problem with both Chrome and Firefox. I've been experimenting with the option to put tabs to sleep when I haven't used them in five minutes. This is the most aggressive setting, and the one most likely to cause problems. Microsoft says sleeping tabs use about 32% less memory and 37% less CPU on average.
The potential disadvantage is that a sleeping tab won't display new information until you open it again. Facebook, for example, won't show new private messages until you wake the tab. This could also be an advantage in that it can reduce distractions.
If your computer is running the October 2020 version of Windows (20H2), the Alt-Tab key has a new feature for Edge (and also for Chrome): To use it, open Settings > System > Multitasking and choose one of the Alt-Tab functions that mentions Edge. Now pressing Alt-Tab will display all open applications and three, five, or all tabs in the browser.
But wait! See "Vertical Tabs For Firefox, Chrome, And Other Browsers" in Short Circuits next week!
Because browsers, with only one or two exceptions, are free, I like to test drive new versions. I've switched between Firefox and Chrome as the default browser several times. As Edge matures, it's likely to join the mix.
You have choices. Windows 10 computers will already have Edge installed, but there are three development channel options: Beta, Dev, and Canary. The most cautious approach would be to just give the (B) installed version a try, but it won't have all of the latest features, including the one that I find compelling. The safest of the Edge Insider channels is Beta. It's updated every six weeks. Next is the (A) Dev channel, which is what I use because it has survived some internal quality tests. Updates arrive once a week. For those who are seriously interested in the latest features and are willing to put up with a few surprises, there's the Canary channel, which is updated daily.
If you decide to try one of the preview versions of Edge, you'll be reminded when an updated version has been installed and you'll see a list of the new features. Being part of the Edge Insider program opens a communications channel that you can use to provide feedback about what you like and what you don't, what works and what doesn't, and describe features you'd like to see.
But always remember that this is beta software. You may experience surprising features. You may experience crashes. The safer option would be to try Edge as it came with Windows 10. But where's the fun in missing the excitement of using unproven software?
Chromebook users who have wished that Wacom would make a pen for use with their computers have had their wish granted, and the One by Wacom tablet that works with Windows and MacOS computers has now been upgraded to also work with Chromebooks.
Click any small image for a full-size view. To dismiss the larger image, press ESC or tap outside the image.
The One by Wacom pen tablet is the first Wacom device to be fully compatible with Chromebooks, and Wacom is building a library of content for educators in a new teachers support network. The tablet is available in two sizes, 8 inches by 6 and 11 inches by 7. It's a basic device that lacks features that are found in Wacom's more expensive tablets. No "express keys" are included on the tablet and it is not enabled for multi-touch.
To use the tablet, Chromebook computers must be running Chrome OS 87 or later and Kernel 4.4 or higher is required. It works with any version of Windows from Windows 7 and later, and with MacOS version 10.10 and later.
The small tablet is priced at $60 and the medium sells for $175.
A stylus is better than a mouse for drawing and writing. Because the One by Wacom doesn't have the ability to display what's on the screen as the much more expensive Wacom One, Cintiq, and Cintiq Pro models do,, the user needs to master the process of looking at the screen while drawing on the tablet. This is not as difficult to do as you might think.
Note that Wacom has created no small amount of confusion by naming two very different tablets with virtually the same name: The "One by Wacom" is an inexpensive tablet with limited functionality and no display. The "Wacom One" is an entry-level tablet with a display and significantly advanced features. The Wacom One is about the same size as the medium One by Wacom, but it's not compatible with Chromebooks and it costs $400.
Why Wacom chose to give two dissimilar tablets such similar names is a mystery.
The pen with the One by Wacom doesn't need a battery and the tablet is powered via a USB port on the computer. Some users will need an adapter to convert the small USB connector to USB-C connector.