No Surprises: Worst Passwords of 2014

January 21, 2015 at 11:25 pm (1Password, Applications, Productivity, security) (, , , )

Yesterday, SplashData announced its annual list of the 25 worst passwords (read: most common) on the internet. The list is compiled from over 3.3 million leaked passwords. Having worked at an Apple store for five years, the greatest offenders were no surprise to me. During those first few months at Apple, I was constantly amazed at the number of customers who used many of these top passwords.  Not surprisingly, many of these folks were hacked. The most common offenders were (are you ready for it?) “123456”,  “password”, and “qwerty”. Other commonly used passwords that are easily guessed by hackers, or by someone you know who might like to get into your account for nefarious purposes, include names (yours, your significant other, your favorite pet), favorite sports (baseball, football, golfer), favorite sports team (yankees, steelers, rangers), and favorite superhero (superman, batman). Hackers commonly use a “dictionary crack” which takes only a short time to run. If you use a word or words from the dictionary with no letters or symbols to break it up, your password can be easily guessed by the program.

Because of so much publicity surrounding data breaches this past year (Target, Home Depot, and many others), people are finally starting to pay attention and use slightly stronger passwords.  However, simply substituting numbers for some letters (3 for E, 4 for A, etc.) is really not enough anymore.  While “P4ssw0rd” is better than “password”, it is still easily guessed. It would be better to use something like “P4$$w)rd”, which is still “password”, but with substitution of numbers and symbols. Another big risk that people take is using the same password for all their sites.  If your login information was accessed during a data breach, all the hacker needs to do at that point is start using that login information for the common banks. If you reuse passwords (use the same password for your Target account that you use for your Bank of America account) then the hackers have just gotten both your Target account information and your banking information. Now do you see why reusing passwords is a bad idea? 

DilbertPasswordInstructions

Here are a few tips to make your passwords stronger: 
1.  Use a combination of upper and lower case letters, numbers, and symbols.  Most sites have a minimum length, but it can vary from 4 to 8 characters up to 14 to 18 characters or more.
2.  Do not reuse passwords. In other words, don’t use the same login information for multiple sites. 
3.  Use two-factor authentication when possible.  Many sites like Facebook, Twitter, Google, Battle.net, and others, are using this method, which is like having a security door in addition to your main door. Each time you log into the account, you are sent a code to your phone to enter after entering your initial credentials. It changes each time you login, so a hacker would have to have access to your device at the time of the login attempt in order to get the code.  
4.  Wait for it.  You know it’s coming.  Use a password manager such as 1Password for the best possible security.  Not only does 1Password store all your login information for every site you visit, but it will also generate strong passwords for you (and you can set criteria, such as length, number of characters and symbols,  etc.), and you only have to remember your master password.  The app remembers all your other passwords for you. In addition to login information and passwords, it also stores secure notes, attachments, software information (serial numbers and software keys), network information, banking info, and more.  It works across platforms, and is always in sync.  Best of all, the next time there is news of a data breach somewhere, and everyone is scrambling to change their passwords, you can sit there with a smug grin on your face knowing that you don’t have to worry about it. Do you have any tips or tricks to add?  Do you want to tell us the ‘best worst password’ you’ve used (or heard of)? Let us know in the comments. 

Permalink Leave a Comment

Help! I Forgot My Apple Password

December 15, 2014 at 9:09 am (1Password, Apple, Applications, How-to, iPhone/iPod Touch, security) (, , )

Back in the old days when I worked at Apple, there was hardly a day that went by when we didn’t get at least one person at the Genius Bar who had forgotten their Apple ID or Password.  They would frequently swear up one side and down the other that they knew what it was, it had always been that, and Apple was just wrong.  Uh-huh.  Right.  But, things happen, and sometimes it happens to the best of us.  Like my dad.  He is a pharmacist, one of the most intelligent men I’ve ever known.  But, bless his heart, he is not the most tech-savvy guy around.  Don’t get me wrong, he tries.  Oh, how he tries.  But, as much as I’ve tried to gently guide him and help him, I still end up going over about once a week to provide a little tech support (usually just to reset the router).

Not long ago, I was doing some routine upgrades when the box popped up for the Apple ID and Password.  I entered it, and immediately was informed that I was mistaken.  Frowning, I thought I must have entered it wrong.  I re-entered it, and got the ‘no dice’ message again.  “Dad”, I called out over the balcony, “have you changed your Apple Password without telling me?”.  He responded that he had not, so I opened my all-around favorite app, 1Password (I know, you’re shocked). I pulled up Pop’s info, only to find that the password listed was the same one I’d tried without success.  So, at this point, what to do?

There are a couple of things that one can do in this instance.  You can always contact Apple support.  This might be best for folks who are not tech-savvy.  Had I not been around and available, I would have sent Pop this route.  To get in touch with Apple’s support team for Apple ID issues, you can use this link:  https://getsupport.apple.com/Issues.do
You click a selection to let them know if your issue with your Apple ID is related to iTunes, iCloud, or “other”, where “other” includes Apple ID and password issues, as well as issues related to your security questions, game center, face time, messages, and more. When you select your issue, you’ll then be given a choice to schedule a call with Apple support.  You can call them or they will call you.  This cuts down on a long hold time for you.  A schedule is displayed, and you choose your preferred time, in fifteen minute intervals.  For instance, if I wanted to call this morning, it shows me that there are 6 appointments available between 9:45am and 11:15am.  I select the one I want, enter my contact information, then sit back and wait for them to call me.  You can call them as well, but during times of high call volume, you might have to hold for a bit.  Letting them call you is definitely the easier option.

If you have an iDevice (iPhone or iPad), you can easily recover or reset your account information.  Simply open the Settings app, then scroll to iCloud and tap it. At the top of the iCloud settings, you’ll see your name and email address.  Tap on the email address.  A box will appear for you to enter your password.  Underneath the box, tap on the blue text that says “Forgot Apple ID or Password?”  You will then have two choices:  If you don’t remember your Apple ID, tap the blue text that says “Forgot your Apple ID?”  Boxes will pop up for you to enter your name and email address to recover your Apple ID.  If you know your Apple ID but don’t remember your password, enter your email address then click “Next”. Then tap whether you want to reset your password by email or by answering your security questions. After that, you should be able to reset your password and log in to your account as usual. 

My Apple ID

You can reset your password from the “My Apple ID” site using your web browser.  Under the blue “Manage Your Apple ID” link on the right side of the page, click on the option to “Reset Your Password”.  You will have to enter your email address and correctly answer the security questions to complete the process and have your password reset. 

There is a little-known secret that allows you use your web browser to search multiple email addresses to try to find an Apple ID that you may have forgotten after changing your email from one account to another. Go to Apple’s iForgot site, enter your name, your current email address, and up to three former email addresses.  Answer the security questions to verify that you are really you. This should be enough to find your Apple ID.  You can follow the other steps to reset your password if needed.  Now you can log in as usual. 

Once you recover your Apple ID and password, please put the information into your 1Password app.  If you aren’t using it yet, there’s no better time to start.  Check it out at their 1Password website. Start using 1Password and have all your user names, passwords, login info, secure notes, and more right at your fingertips.  Best of all, you only have to remember one password (you know you wondered where the name came from) from now on.  The app remembers the rest. It’s accessible anywhere, and syncs across all your devices. Get it now, and never have to fill out another form to recover ID and password information.  Think of all the time you’ll save! 

If you have any trouble, you can always refer back to the link to get in touch with Apple’s support team.  They will help get you back on track in no time. 

Permalink Leave a Comment

WireLurker: Yet Another iOS Malware threat that you don’t have to worry about

November 8, 2014 at 6:27 pm (Apple, Current Events, iDevices, iPhone/iPod Touch) (, , , )

Get ready to start defending your common sense practices again with regard to your iDevices.  A Computerworld magazine screams, “Panic!” regarding “Horrible Apple iOS virus; vectored via USB: WireLurker is ‘new brand of threat’”. I’m sure Chicken Little is running around somewhere with his cute little hardhat in place to protect said cute head from the fallout of the latest malware threat.  As usual, the majority of users need not worry.  

This latest malware threat is called WireLurker, a catchy name for this critter that spreads via “trojanized/repackaged OS X applications” found on a third-party Mac app store in China.  The Maiyadi App Store has nearly 500 apps that have been infected, and those infected apps have been downloaded over 350,000 times.  The app store is quite popular because it allegedly offers popular Mac apps for free.  Step right up and get your infected copy of Angry Birds, The Sims, and more. 

Remember, if it seems too good to be true, it probably is.  Saving a buck or two is just not worth it when it comes to the well-being of your iDevices, not to mention you’re cheating developers out of their hard-earned money.  What makes this malware different from others is that WireLurker can hop from an infected OS X computer to a non-jailbroken iDevice via USB. However, the user still has to trust the computer and approve the installation.  Nothing new here, kids.  As long as you don’t say, “Ok, I trust you, now let’s go ahead and continue to install and run the free version of this app that I know I should have paid for but I didn’t”, you should be ok. Is it really worth the risk to save two bucks and cheat the developer out of the money he should have gotten for making this cool app? As long as you use common sense, only download apps from the Apple store, and don’t download software from third party sites (especially in China), you should be just fine.  

Permalink Leave a Comment

Use Vehicle Placard for Safety when Geocaching

October 12, 2014 at 5:26 pm (Geocaching, Personal, safety, security) (, , , )

I’m just putting out a little Public Service Announcement (PSA) today to encourage safety while geocaching.  Every year, we hear a couple of stories about folks who went geocaching and got lost or injured, and while things generally turn out ok, there are a few things one can do to ensure a happy ending to their day.  It’s mostly common sense, but crazy things still happen.  You don’t want to be one of the Darwin award winners for the year.  ((Note: for the uninitiated, the Darwin Awards are the annual awards given, often to surviving family members, for acts of incredible stupidity).  

It’s always a good idea to use the buddy system when geocaching, partly because it’s just fun to cache with a friend;  but for those occasional times when you just want to go it alone or no one is available to go with you, there are a few things you can do to make sure you arrive home safe and sound after logging those smileys for the day.  Always let someone know where you are, especially if you are going geocaching in a remote area.  Make sure you have your geokit with you which has geoswag, snacks, and water, in case you have a flat tire, car trouble, or an accident. An emergency battery pack for your cell phone is also a good idea, since we know having the GPS enabled on our iDevices runs the battery down much quicker.  I picked up a super little solar battery pack from Amazon for under $10 and it works great, giving me several hours of extra battery life.  It’s also a good idea to have at least a small first aid kit and an emergency whistle so you can let folks know where you are if your cell phone is lost, damaged, or dead. 

Geocacher Vehicle Placard

Another thing you can do is hang a geocaching placard from your rear view mirror.  I found a nifty placard design at the Geocacher University website.  It looks similar to a disabled placard, but it is green and has the familiar geocaching logo on it.  There are two large white spaces on either side.  One side is for vehicle and owner contact information. You can enter as much info there as you are comfortable with.  I listed my first initial and my last name. I didn’t want to list a phone number, knowing that police could easily verify my vehicle, and they could also access my phone number if needed.   The other side is for the geocache information.  You can enter the GC# for the cache, or even the actual geocache coordinates.  I printed a couple copies then took them to Kinko’s and had them laminated.  That way, I can use a dry erase marker to enter the GC# of the cache each time, and just erase it when I return to my vehicle.  

Sometimes, we think we’re going to just dash into a park a couple hundred yards off the road, so we leave all our gear in the car.  Then you trip over a log and end up with a badly sprained or broken ankle, and all of a sudden that quick trek into the park becomes a minor emergency.  I used to think it meant I was less independent if I had to let someone know where I was going.  Now that I’m older (and after working many years in the ER and ICU) I see that it is just the smart thing to do. This placard is a great addition to every geokit out there.  It lets folks know where you are, what you’re doing, and helps keep you safe at the same time.  That’s good for a smiley all by itself.  

Do you have any other ideas to promote safety when geocaching?  Let me know in the comments.  Until next time, be safe, and cache on!

Permalink Leave a Comment

RFID Jackets Offer Protection From Skimmers

September 7, 2014 at 4:12 pm (gadgets, Products, security, Shopping, Travel) (, , , , )

Almost every time we turn on the news or look online these days, there is word of yet another security breach.  Some involve bank account and ID numbers.  Some involve large amounts of money while others involve information about everything from recipes to matters of national security.  

 

One way that data is being stolen on a smaller, yet very effective, level is when people hijack data such as credit card numbers from passersby in crowded public areas such as the subway, food court, or concert venues. This can be done because the information is on a small chip, called an RFID chip.  The chip is then embedded into a card, such as credit or debit cards, work ID and swipe cards, door passkeys, and more.   RFID, or Radio Frequency IDentification, is used to communicate and transmit information over short-distances.  People can use RFID scanners to look for, capture, and read the information on these cards. Those with criminal aspirations can take this information and cause quite a lot of trouble with it. 

 

SEV RFID

There are ways you can protect yourself from having your information captured. Generally, water and metal are the best ways to prevent radio signals from getting to or from your data. There is a rumor that wrapping cards in aluminum foil or lining your wallet with aluminum foil will protect your data.  This will possibly help, but will not prevent the data from being scanned or retrieved.  One of the most effective solutions available to consumers are wallets, pouches, and sleeves using a Faraday Cage inside a leather exterior. Searching for protection tagged “electromagnetically opaque” should point you in the right direction. However, another viable solution is an improved version of one of my long-term favorite products:  the ScotteVest Travel Vest, now with an RFID pocket. 

 

The RFID pocket was created as an extra pocket inside a pickpocket-proof travel document pocket to add an extra layer of security.  It’s made of a special fabric, and it protects credit cards, passports, and other documents with RFID tags from being scanned.  It doesn’t block signals from magnetic card readers or door swipe cards, but it does cover the most common wavelengths that people are generally concerned about. 

 

Their slogan that “you can never have enough pockets” certainly rings true for this long-time fan of ScotteVest products. The new travel vest features 26 total pockets, including the RFID blocking pocket, to protect the user from high-tech skimmers who are trying to steal identities and sensitive information.  The comfortable and roomy vest can easily hold things like a cellphone, flashlight, knife, iPhone, ID, pen, earbuds, iPad or iPad mini, concealed carry weapon, extra ammo, travel sewing kit, travel first aid kit, sunglasses, and lots more.  It has a couple of see-thru pockets so you can actually use your devices without taking them out of their pockets. There are small pockets for flash memory cards, earbuds, pens, and spare change, along with water bottle loops and an extendable key holder.  The weight management system ensures that the vest stays balanced and comfortable without bulging.  The advanced two-way zipper allows access to all the pockets with ease.  The CollarConnect system has also been updated for improved comfort and quicker installation. As they say, there’s more there than meets the eye and even more that doesn’t.   

 

The RFID Travel Vest is available in black, navy, khaki, and olive.  It retails for $135.

 

 They also sell a separate RFID pouch, called the Blackout Pocket, separately for $40.  It holds an iPhone and completely blocks RFID, cellphone, and GPS signals. Once you drop your device into the pouch and close it, you will be “off the grid” in a few seconds and are then untrackable by satellite according to ScotteVest.  This standalone pouch, which is approximately 6.5” x 5” when closed,  is meant to be carried in a vest or jacket pocket, or can attach with hook/loop tabs to some current ScotteVest clothing. 

 

For more information on these and other products, check out their website at ScotteVest.com.  What’s your favorite ScotteVest product?  Do you have a favorite pocket? I love the see thru pockets in my travel jacket, hoodie, and windbreaker. They are so easy to use and I can just swipe right thru the material without having to remove my iPhone. The included chamois in the eyeglasses pocket is also a nice touch.   Is there a pocket you’d like to see that they haven’t implemented yet?  Let me know in the comments. 

Permalink Leave a Comment

Doggie First Aid: It Really Matters

August 15, 2014 at 11:55 pm (How-to, pugs) (, , , )

As a follow-up to my post about canine heat injuries, I’m sharing some information about how to properly take care of your fur-babyf  You never know what might happen.  But, if the unthinkable happens, and your fur-baby has a minor accident or injury, you’ll be equipped to handle it, even if it’s just to stabilize your pet and get to the vet’s office (or doggie ER, depending on when it happens). 

You can purchase ready-made kits, but they are ridiculously expensive.  You can make your own for a fraction of the cost, especially if you pick up a lot of the supplies at the Dollar Tree (or similar store where everything is $1). So, let’s get started.

First, you need something in which to place everything, preferably with some hint at organization.  If you just toss everything into a bag or pack, you won’t be able to get it quickly when you need it.  My first doggie first aid kit was made from a small tackle box that I picked up from Wal-Mart for less than five bucks.   Now that you have a container, you need to add the equivalent of your pet’s demographic information.  First of all, make sure your pet’s ID, recent photo, microchip info (if applicable), vaccination information , along with your vet’s name and address, is noted prominently.  That way, if you are out somewhere and have an issue, you won’t have to look up the info.  You can drop the info into a baggie and tape it inside the lid. Another option is to use the stick-on document “pouch” that is used by USPS, FedEx, and others to display shipping bills.  

Now, let’s get it stocked. Obviously, how much you can add will depend on the size.  You don’t need a dozen of everything.  Remember, this is just for basics, to take care of the moment, until you can get to the vet.  Start with basic: scissors, tweezers, flashlight/penlight, gloves, eyedropper, bulb syringe or small meat baster (to irrigate wounds), tongue depressor (to examine mouth or use as a splint), nail trimmers, styptic powder (for bleeding), rectal thermometer, disposable razor (safety kind, in case area around a wound needs shaving), brush, towels, emergency thermal blanket (I got one at Dollar Tree), bandanna, hemostat, tick key (for removing ticks), Krazy glue (for small skin lacerations), and anti-bacterial wipes (or  make your own with a bottle of antibacterial liquid and gauze pads).

Next, we’ll add in the mostly disposable supplies that you will want to replace after using them, so your kit stays well-stocked at all times.  You will want the following: sterile gauze pads, roll of gauze, coban (self-adhesive wrap that sticks to itself but not to skin or fur), hot/cold pack,  activated charcoal tablets, Betadine (antiseptic), antibiotic ointment, hydrogen peroxide (for wounds or to induce vomiting), rubbing alcohol (multiple uses, but especially good for cooling the body in instances of heat exhaustion or heatstroke), doggie socks (can use baby socks, used to cover paws for protection or to cover a wound).  Q-tips, sterile saline for eyes (to flush debris from eyes), artificial tears, eye ointment (no steroid), epsom salt (to draw infection and to help itching skin and paws — 1 tsp. in 2 cups warm water), udder cream/bag balm or equivalent (for paw pads).  

Now that you’ve got a great kit put together, you still need to know what to do with all those goodies.  Here is the link for first aid procedures from the Royal Canin’s site:  http://breeds.royalcanin.co.uk/health/diseases-of-the-dog/first-aid-procedures

Familiarize yourself with the basics and you’ll be able to take good care of your fur baby should the need arise.  What else do you need in your dog’s first aid kit? Let us know in the comments below.  

Permalink Leave a Comment

1Password App Extension Coming in iOS 8

August 6, 2014 at 9:48 am (1Password, Apple, Applications, Current Events, iDevices, iPhone/iPod Touch, Productivity) (, , , )

One of the really cool things announced at Apple’s WWCD this year was the addition of app extensions for iOS 8 (iOS is the operating system that runs our iDevices).  When you log in to an app on an iDevice, you have to do the copy and paste dance of going to 1Password (or your notes or wherever you have your login info), go back and forth between the screens a couple of times, until you submit the info and successfully log in to the app…unless you use the same password for everything, but you don’t do that, right?  Because that’s just wrong, and setting yourself up for a world of hurt.  So, the announcement about app extensions was fantastic!  Because now, you won’t have to do that do-si-do anymore.  There is a short video at 1Password’s blog where you can get a look at the coolness of it.  More info will be coming soon, but I can’t wait for this feature.  Be sure to let your favorite app developers know that you want them to use the 1Password extension with their apps. 

Permalink Leave a Comment

Geocaching: 7 Souvenirs of August

August 1, 2014 at 10:15 am (Geocaching) ()

What’s your favorite type of geocache?  Do you love the big ammo can full of swag? Do you enjoy logging film canisters and race your friends to the latest skirt-lifter? Do you groan or do you rejoice when you realize the cache you thought was going to be filled with travel bugs is actually a magnetic nano smaller than your thumbnail? Are you one of the first to go after the latest puzzle cache as soon as it’s posted, or do you pull your hair out because you’re not a good puzzle-solver? Some folks stick to one kind of cache, be it because of comfort or just not being familiar with the others.  Now is your chance to spread your wings. 

Explorer

The month of August will shed some light on each type of geocache. You will earn six unique souvenirs for your geocaching profile. They correspond to each of the following cache types: traditional, mystery, multi, virtual, CITO or EarthCache, and event. Once you get all six, you will get a special seventh souvenir:  The Achiever.  The souvenirs will show up on your profile at geocaching.com. If you use the Geocaching app on your iDevice, the souvenirs can be found there as well.  The souvenir shown is the “Explorer”, which is associated with the Traditional cache.  

What is your favorite type of cache?  Leave a comment and let us know which type of souvenir will be hardest for you to achieve. Remember, it’s all about the journey.  Cache on!

 

Permalink Leave a Comment

Too Hot for Spot

July 10, 2014 at 9:34 pm (Current Events, Personal, Pets) (, , , )

Every year when school starts back, there are always stories about kids who have been left in a car or bus and succumbed to heat stroke.  But another  common issue is that of pets that are left in vehicles, often with fatal results.  

 

What many people don’t realize is that the temperature inside a vehicle can exceed 100ºF in just a few minutes, even in what seems to be pleasant outdoor conditions of 75º.  

 

Some things you can do if you must take your pet with you include keeping fresh drinking water and a bowl (keep water in a cooler or insulated bag with cold packs) and take your pet with you (on a leash) into pet-friendly stores.  You cannot rely on leaving the air-conditioning on, because it could malfunction and begin blowing hot air or shut off altogether. 


Dogs cannot cool themselves as easily as we do, and they don’t sweat like us.  They release heat by panting and thru their paws.  Their paw pads are sensitive and can burn easily.  If the asphalt and sidewalk are hot to you, they are hot for your pet. Walk them on grass or dirt instead of on the pavement.  

 

If you’re out and about and see an animal in a hot car, call animal control or 911 and stay until help arrives. Local law enforcement officials can enter the vehicle and rescue the pet. You can also alert store managers at local businesses.

   

 

VehicleTempChart

 This graph shows the outside temperature and the corresponding temperature inside a vehicle. As you can see, it only takes a few minutes for the temperature inside the vehicle to reach very dangerous levels. 


Symptoms of heatstroke include excessive panting, vomiting, discoloration of the tongue, rapid heart rate, glazed eyes, dizziness, and lethargy.  If your dog exhibits any of these symptoms, gradually lower their temperature by giving them water, placing a cold towel or ice pack on the head, neck, and chest, or immersing them in cool (not cold) water.  Call your veterinarian for further instructions and please take your pet to the vet for follow up care.


If you routinely travel with your pet, it is a good idea to keep a canine first aid kit with you.  Partnership for Animal Welfare has an excellent resource on their website for Canine First Aid Kits and Emergency Treatment, including a list of necessary supplies for you to make your own “Doggie First Aid Kit”. There are also links to ready-made kits that can be purchased. 

 


There are several flyers available online for free download.  Keep a few of these available with you to place on vehicles while you’re out and help educate others. 

 

Too Hot for Spot from PETA:  http://www.mediapeta.com/peta/pdf/toohotforspot_parkingspace.pdf

 

Overheating Kills  from ASPCA:  https://www.aspca.org/sites/default/files/pets-in-hot-cars.pdf

 

Hot Car Flyers from Humane Society: http://www.humanesociety.org/assets/pdfs/pets/hot_car_flyer.pdf


Taking a few minutes to get involved might save a dog’s life. 


Permalink Leave a Comment

Where do you keep your Passwords? No More Sticky Notes!

June 8, 2014 at 11:31 am (1Password, Apple, Applications, Current Events, iDevices, iPhone/iPod Touch, Productivity, Products, shareware) (, , , , )

I realize I’ve been hyping the fantastic 1Password app quite a bit lately.  There’s a good reason for that.  It’s the best.  If you care anything about your data, you owe it to yourself to protect it.  That means using 1Password. 

 

Friends frequently ask me what 1Password is, what it does, why they need it, and many other questions.  I’d gotten my “elevator spiel” down to about a minute or so, but I was afraid of being inconsistent, or leaving out something important, (especially with all the new features added recently), or just freezing up (it happens sometimes). But, now there is something even better. 


Now there is a real video, complete with snazzy soundtrack, that can be clicked and watched again and again. Keep watching until you realize that you cannot go another minute without the muscle that 1Password provides.   

 

Enjoy this brief video, then head on over to 1Password and pick up a copy today.  


Permalink Leave a Comment

Next page »