Silver Surfing Safe & Easy

Stay Safe & Happy on the Internet

Watch Out for Password Gotchas

Weak passwords are often a factor in the theft of user data. It is also true that it is becoming harder to create secure passwords. No longer can we simply add a few numbers to the end of our old passwords. Even using symbols to replace letters, like @ for a, or 3 for e, isn’t as effective as it used to be because hackers have figured that out, too. More and more it seems that random character generation is the answer.

Programs that store and protect our passwords usually provide random character generators and have the added value of not taxing our memory. Yet, are they any safer than the single password used to open your list? Biometric password protection is on the horizon, but not yet here for the average computer user. So what are we to do?

For me the answer is still long, complicated passwords that are easy to remember, and a password system that doesn’t required writing them down. (See “Creating a Secure Password That’s Easy to Remember”) Today I’m updating that article with a few new rules for creating passwords.

  1. Create long passwords; as long as a site’s rules will allow if they are limited.
  2. Avoid beginning passwords with a capital letter, because that is the most common way to begin a password. Try starting with a number, small letter or a symbol.
  3. Avoid ending passwords with a string of numbers. It won’t fool the hackers.
  4. To give the appearance of randomness try strings of initials such as the first letter of each word in a sentence, title or quote that you can easily remember.
  5. Find ways to use symbols and numbers creatively.

Here are a few examples for creating passwords using a combination of rules:

“The Lakewood Center for Orthopedics and Sports Medicine gets too much of my money,” becomes tLC4O&SMg2momm.

“A Funny Thing Happened on the Way to the Forum starring Zero Mostel is my favorite comedy,” becomes (with a smiley representing the word Funny) – a:-)THotW2tFsZMimfc.

“My day begins at six with a shower and breakfast so I won’t be late to work,” becomes mdb@6waS&BsIwbl82w

Get creative. You Can Do It!

 

Dyslexie: A Computer Font for People with Dyslexia…and Older Eyes, Too

I never thought of myself as having dyslexia, but when I read an article on Dyslexie, a font created for dyslexics, I began to wonder if perhaps I had acquired it in my many years on the planet. For instance, I was once an avid reader, but now I can hardly finish a book – largely due to failing eyesight.

Heavier BaselineThe beauty of Dyslexie is that the letters are much more differentiated than standard fonts and punctuation is more pronounced, making it easier to distinguish each letter and less likely to confuse an 8 with a B, or a capital O with a zero for instance. In my years of reading serial numbers and program installation codes those were two of my nemeses.

Slant for mirrorIf you have dealt with dyslexia you know that dyslexics tend to see letters in mirror image or upside down. The Dyslexie typeface improves letter recognition by making parts of letters longer, or wider or slanted a little differently so that they are less easily confused. I borrowed the two examples above from DyslexieFont.com to illustrate.Research has shown

 

Cloud Computing in a Nut Shell

Cloud in a NutshellCloud computing consists mainly of hardware and software resources made available on the Internet. For businesses these services typically provide access to advanced software applications and high-end networks of server computers. Individuals are more likely to be interested in cloud storage and backup, although there are some software packages available for us, too, like Google’s Docs, Sheets and Slides that come free with your free Google Drive and Gmail account. A good place to learn about how to work with Google Drive and Docs (as well as Microsoft OneDrive with Online Apps) and much more is GCFLearnFree.org.

Another popular use of the cloud is file sharing, such as pictures you might share on Facebook, or documents, like the ones I share with my students via my OneDrive. (a.k.a. Angie’s Cloud on my home page.) Technically your email is a cloud application provided by a host company represented by whatever comes after the @.

You may already be using the cloud. For instance if you have an Amazon Kindle or a Barnes & Noble Nook, your books are stored the cloud. These companies store the books you purchase on their servers and when you “buy” a book you are granted access to it. In like manner, you download iTunes, once again you are using the cloud. So you’re probably more savvy than you realized.

Cloud storage and online backup are sometimes viewed as one in the same. However, cloud storage is keeping files online to be accessed via the internet, while online backup is keeping your files on your local hard drive with copies in the cloud. The two services are often combined. A good article on cloud storage that includes both free and fee-based options and is always up to date can be found on PC Magazine’s website. If you’re using or considering cloud storage and backup be sure to read Protect Yourself from Ransomeware for some hints on safety.

As always, You Can Do It!

Protect Yourself from Ransomware

In the last two months I’ve learned of three friends who were the victims of various forms of ransomware. The object of ransomware is to block access to your computer’s data and/or operating system until you pay a ransom to the crooks. Two of my friends weren’t sure how they’d gotten hacked, but suspected that it was something they clicked on while surfing the Internet or in an email, which is the most common way of contacting this Trojan Horse type of virus. Even more devastating is that the newer strains of ransomware will encrypt your cloud files (Dropbox, OneDrive, etc.) and even your backup files if they’re accessible.

The third victim received a phone call from someone purporting to be connected with Microsoft who told her that her Windows license was out-of-date and her computer was in bad shape. He offered to fix it if she would go to a web site and click on a link that would allow him remote access to her computer. This scam artist was very convincing and tried to get her credit card information by presenting her with an official looking invoice. When she hesitated he put a password on her computer so that she could not get to her desktop or any of her files. Although this was as much scam as ransomware, the effect was the same. If she had given her credit card information it is doubtful whether her computer would have been restored to her and all too likely that she would have found unauthorized charges on her card. Be aware that no reputable company will cold call you to repair your computer.

Other than disconnecting from the Internet it may seem that we cannot protect ourselves, but take heart. There are steps we can take to avoid or block these attacks and to prepare to recover if we should fall victim to ransomware.

  1. Install and keep up-to-date a good Internet security program. Four programs that are consistently top-rated are Norton, McAfee, Bitdefender and Kaspersky. (Note: Some of the larger Internet hosts, such as Comcast and ATT, are offering free protection downloads to their customers.)
  2. Keep good backups that are not directly connected to your computer. In other words, if you backup to an external hard drive, disconnect it when the backup is complete. It would be a good idea to have at least two drives and switch them out after every backup. Better yet, consider an encrypted backup service such as Malwarebytes, Carbonite or Mozy.
  3. Consider ransomware blocking software such as CryptoPrevent by Foolish IT. (At this writing other blockers are few and designed for professional networks.)
  4. Be suspicious! If a link or an email doesn’t feel right you can double-check the source by hovering your mouse pointer over the link or email address and watching for a pop-up or an indicator in the lower left corner of your screen that will show you the real web or email address of that link. (Example: Hover over this link to look for the address https://www.timeanddate.com/, a great site for keeping track of time changes and what’s going on in the sky.)

Be vigilant and stay safe. You can do it!

Make Your Browser More Readable

In a world where we don’t all have 20/20 vision or better we sometimes need to adjust our screen in order to see words and pictures more clearly. Many sites now offer options for text size without effecting the size of the images. But since these are not universal, it’s good to know that modern browsers understand this and have created controls to help us adjust the size of what we see. Here are a few tricks that work in all those modern browsers.

  • Type too small? If you’re using the Windows operating system, try holding down your Control (CTRL) key while pressing and releasing your + (plus) key.
  • For a Mac use the Command key with the plus key (+). You can do this as many times as it takes.
  • If the type is too big or you can’t see the whole picture, try holding down your Control (CTRL) key while pressing and releasing the minus key (-).
  • For a Mac use the Command key with the minus key.
  • For a faster response roll your mouse’s scroll wheel back and forth while hold down your Control key.

As always, You can do it!

Getting Clues from “Safe Internet” Applications

Most modern Internet security suites include indicators to let you know which websites are trustworthy when you are using search engines. It is becoming common to see green, orange or red bars to indicate a site’s rating. You can also download indicator apps such as Web of Trust (WOT) which gives colored markers that show customer reported satisfaction or dissatisfaction to help you decide a site’s trustworthiness. When searching with these apps you’ll see indicators similar to those pictured below:

Safe Internet Indicators

Healthy Computer Habits

This article focuses on Windows computers, however many of the pointers apply to other operating systems.

  1. Reboot your PC at least once a week.
    The restart process performs self-diagnostic chores and most automatic upgrades. Rebooting will often cure minor glitches.
  2. Leave your PC on all night at least once a week.
    Most PCs have schedules that run in the background for such things as checking for updates and performing automatic backup. These scheduled activities are often performed in the wee small hours of the morning so that they will not cause a slowdown when you are likely working.
  3. Accept updates from original software companies.
    Accept only updates you are sure of. It’s best to check the vendor’s support page if you are unsure of the legitimacy of an update. However, it is good policy to accept most updates unless you have an unusual situation.
  4. Keep abreast of news of the latest scams and phishing schemes.
    There are many services that can help you stay alert. For instance, the US Government Consumer Protection site: https://www.usa.gov/scams-and-fraud.
  5. Use security alerts on the Internet
    Many Internet security programs give you safety indicators, such as stars or bars, when you use a search engine. You can also download programs, such as the customer driven Web of Trust, which give you indicators and feedback about the safety and customer satisfaction of various sites.
  6. Back up your data on a regular schedule.
    Windows has a Backup and Restore application that you can open by typing the word backup in the Start Menu search box. You can also use backup services such as SugarSync or Carbonite. Many of these services will give you a free trial or the first few gigabytes free. Some even do continuous backup so that you would never lose more than what you’d done since your last save. Others, such as Dropbox, One Drive and Google Drive, give you a special folder to save documents you want to keep safe.
  7. Use secure passwords and protect their location.
    A secure password is one that is not easily guessed, so children’s and pets’ names are rarely the basis for a secure password. Password requirements are becoming more and more stringent thus making it harder to create passwords we can remember. So it is good to come up with a system of passwords that you can remember without writing down and tucking under your keyboard. I explain one such system in Creating a Secure Password Set That’s Easy to Remember.
  8. Password protect your profile and keep a guest profile for visitors.
    I often work on a PC because the grandkids have loaded a lot of games and/or picked up a bit of malware while visiting. You can prevent most of these threats by password protecting your profile with a secure password and setting up a guest profile as a Standard User with limited permissions. (See User Accounts in Control Panel.)

Creating a Secure Password That’s Easy to Remember

I used to keep a three-page list of passwords because I had so many. Not very secure. Now I keep a much shorter list, on which no passwords are written. It’s based only on what sites require/allow what elements.

The elements I need to keep track of are letters, numbers, special characters and whether or not password changes are required. Password Type A (most common) allows letters & numbers only. Type B (growing more common) allows special characters. Sites that require periodical password changes are Type C, which can be combined with other types (e.g. Type AC). If I run across an exception I simply write a rule and give it a type.

Next I created a pass phrase since multiple words are harder to crack than a single word. For best results I start with an unusual combination, such as “Chocolate Ankle.” (You might prefer made up words, which is okay as long it’s easy for YOU to remember.) I’ll use Chocolate Ankle for my example.

Now that I have a base I squish it together so that it’s long enough for security, but not cumbersome to type: ChocoAnkle. Next I substitute a couple of numbers that look like letters and get: Ch0coAnk1e, which becomes my base for Type A. For Type B I change a letter to a special character: Ch0co@nk1e.

The key step is to create a code that makes every password specific to its website so that if one password gets cracked the rest aren’t compromised. For instance you might decide to use the first two letters of the site name in reverse, thus the password for mybank.com might become Ch0coYm@nk1e.

The trickiest type is Type C. How do I remember what change I made last without writing down the whole password? My solution was to choose a specific location within my password, such as the third character, and change only that character. Then for that site I do write down the site name and only the new character. So my entry for mybank.com might be: “Bank-BC!” and the current password would be:Ch!coYm@nk1e, which looks very hard to remember, but it’s not because it follows my personal rules.

Now I can keep a single-page cheat sheet, because all I list is the website and its type. Best of all no more written down passwords…well, one exception on the last page of my will. Only my executor knows about the types and their rules. I send him my cheat sheet periodically.