No Surprises: Worst Passwords of 2014

January 21, 2015 at 11:25 pm (1Password, Applications, Productivity, security) (, , , )

Yesterday, SplashData announced its annual list of the 25 worst passwords (read: most common) on the internet. The list is compiled from over 3.3 million leaked passwords. Having worked at an Apple store for five years, the greatest offenders were no surprise to me. During those first few months at Apple, I was constantly amazed at the number of customers who used many of these top passwords.  Not surprisingly, many of these folks were hacked. The most common offenders were (are you ready for it?) “123456”,  “password”, and “qwerty”. Other commonly used passwords that are easily guessed by hackers, or by someone you know who might like to get into your account for nefarious purposes, include names (yours, your significant other, your favorite pet), favorite sports (baseball, football, golfer), favorite sports team (yankees, steelers, rangers), and favorite superhero (superman, batman). Hackers commonly use a “dictionary crack” which takes only a short time to run. If you use a word or words from the dictionary with no letters or symbols to break it up, your password can be easily guessed by the program.

Because of so much publicity surrounding data breaches this past year (Target, Home Depot, and many others), people are finally starting to pay attention and use slightly stronger passwords.  However, simply substituting numbers for some letters (3 for E, 4 for A, etc.) is really not enough anymore.  While “P4ssw0rd” is better than “password”, it is still easily guessed. It would be better to use something like “P4$$w)rd”, which is still “password”, but with substitution of numbers and symbols. Another big risk that people take is using the same password for all their sites.  If your login information was accessed during a data breach, all the hacker needs to do at that point is start using that login information for the common banks. If you reuse passwords (use the same password for your Target account that you use for your Bank of America account) then the hackers have just gotten both your Target account information and your banking information. Now do you see why reusing passwords is a bad idea? 

DilbertPasswordInstructions

Here are a few tips to make your passwords stronger: 
1.  Use a combination of upper and lower case letters, numbers, and symbols.  Most sites have a minimum length, but it can vary from 4 to 8 characters up to 14 to 18 characters or more.
2.  Do not reuse passwords. In other words, don’t use the same login information for multiple sites. 
3.  Use two-factor authentication when possible.  Many sites like Facebook, Twitter, Google, Battle.net, and others, are using this method, which is like having a security door in addition to your main door. Each time you log into the account, you are sent a code to your phone to enter after entering your initial credentials. It changes each time you login, so a hacker would have to have access to your device at the time of the login attempt in order to get the code.  
4.  Wait for it.  You know it’s coming.  Use a password manager such as 1Password for the best possible security.  Not only does 1Password store all your login information for every site you visit, but it will also generate strong passwords for you (and you can set criteria, such as length, number of characters and symbols,  etc.), and you only have to remember your master password.  The app remembers all your other passwords for you. In addition to login information and passwords, it also stores secure notes, attachments, software information (serial numbers and software keys), network information, banking info, and more.  It works across platforms, and is always in sync.  Best of all, the next time there is news of a data breach somewhere, and everyone is scrambling to change their passwords, you can sit there with a smug grin on your face knowing that you don’t have to worry about it. Do you have any tips or tricks to add?  Do you want to tell us the ‘best worst password’ you’ve used (or heard of)? Let us know in the comments. 

Permalink Leave a Comment

Help! I Forgot My Apple Password

December 15, 2014 at 9:09 am (1Password, Apple, Applications, How-to, iPhone/iPod Touch, security) (, , )

Back in the old days when I worked at Apple, there was hardly a day that went by when we didn’t get at least one person at the Genius Bar who had forgotten their Apple ID or Password.  They would frequently swear up one side and down the other that they knew what it was, it had always been that, and Apple was just wrong.  Uh-huh.  Right.  But, things happen, and sometimes it happens to the best of us.  Like my dad.  He is a pharmacist, one of the most intelligent men I’ve ever known.  But, bless his heart, he is not the most tech-savvy guy around.  Don’t get me wrong, he tries.  Oh, how he tries.  But, as much as I’ve tried to gently guide him and help him, I still end up going over about once a week to provide a little tech support (usually just to reset the router).

Not long ago, I was doing some routine upgrades when the box popped up for the Apple ID and Password.  I entered it, and immediately was informed that I was mistaken.  Frowning, I thought I must have entered it wrong.  I re-entered it, and got the ‘no dice’ message again.  “Dad”, I called out over the balcony, “have you changed your Apple Password without telling me?”.  He responded that he had not, so I opened my all-around favorite app, 1Password (I know, you’re shocked). I pulled up Pop’s info, only to find that the password listed was the same one I’d tried without success.  So, at this point, what to do?

There are a couple of things that one can do in this instance.  You can always contact Apple support.  This might be best for folks who are not tech-savvy.  Had I not been around and available, I would have sent Pop this route.  To get in touch with Apple’s support team for Apple ID issues, you can use this link:  https://getsupport.apple.com/Issues.do
You click a selection to let them know if your issue with your Apple ID is related to iTunes, iCloud, or “other”, where “other” includes Apple ID and password issues, as well as issues related to your security questions, game center, face time, messages, and more. When you select your issue, you’ll then be given a choice to schedule a call with Apple support.  You can call them or they will call you.  This cuts down on a long hold time for you.  A schedule is displayed, and you choose your preferred time, in fifteen minute intervals.  For instance, if I wanted to call this morning, it shows me that there are 6 appointments available between 9:45am and 11:15am.  I select the one I want, enter my contact information, then sit back and wait for them to call me.  You can call them as well, but during times of high call volume, you might have to hold for a bit.  Letting them call you is definitely the easier option.

If you have an iDevice (iPhone or iPad), you can easily recover or reset your account information.  Simply open the Settings app, then scroll to iCloud and tap it. At the top of the iCloud settings, you’ll see your name and email address.  Tap on the email address.  A box will appear for you to enter your password.  Underneath the box, tap on the blue text that says “Forgot Apple ID or Password?”  You will then have two choices:  If you don’t remember your Apple ID, tap the blue text that says “Forgot your Apple ID?”  Boxes will pop up for you to enter your name and email address to recover your Apple ID.  If you know your Apple ID but don’t remember your password, enter your email address then click “Next”. Then tap whether you want to reset your password by email or by answering your security questions. After that, you should be able to reset your password and log in to your account as usual. 

My Apple ID

You can reset your password from the “My Apple ID” site using your web browser.  Under the blue “Manage Your Apple ID” link on the right side of the page, click on the option to “Reset Your Password”.  You will have to enter your email address and correctly answer the security questions to complete the process and have your password reset. 

There is a little-known secret that allows you use your web browser to search multiple email addresses to try to find an Apple ID that you may have forgotten after changing your email from one account to another. Go to Apple’s iForgot site, enter your name, your current email address, and up to three former email addresses.  Answer the security questions to verify that you are really you. This should be enough to find your Apple ID.  You can follow the other steps to reset your password if needed.  Now you can log in as usual. 

Once you recover your Apple ID and password, please put the information into your 1Password app.  If you aren’t using it yet, there’s no better time to start.  Check it out at their 1Password website. Start using 1Password and have all your user names, passwords, login info, secure notes, and more right at your fingertips.  Best of all, you only have to remember one password (you know you wondered where the name came from) from now on.  The app remembers the rest. It’s accessible anywhere, and syncs across all your devices. Get it now, and never have to fill out another form to recover ID and password information.  Think of all the time you’ll save! 

If you have any trouble, you can always refer back to the link to get in touch with Apple’s support team.  They will help get you back on track in no time. 

Permalink Leave a Comment

Use Vehicle Placard for Safety when Geocaching

October 12, 2014 at 5:26 pm (Geocaching, Personal, safety, security) (, , , )

I’m just putting out a little Public Service Announcement (PSA) today to encourage safety while geocaching.  Every year, we hear a couple of stories about folks who went geocaching and got lost or injured, and while things generally turn out ok, there are a few things one can do to ensure a happy ending to their day.  It’s mostly common sense, but crazy things still happen.  You don’t want to be one of the Darwin award winners for the year.  ((Note: for the uninitiated, the Darwin Awards are the annual awards given, often to surviving family members, for acts of incredible stupidity).  

It’s always a good idea to use the buddy system when geocaching, partly because it’s just fun to cache with a friend;  but for those occasional times when you just want to go it alone or no one is available to go with you, there are a few things you can do to make sure you arrive home safe and sound after logging those smileys for the day.  Always let someone know where you are, especially if you are going geocaching in a remote area.  Make sure you have your geokit with you which has geoswag, snacks, and water, in case you have a flat tire, car trouble, or an accident. An emergency battery pack for your cell phone is also a good idea, since we know having the GPS enabled on our iDevices runs the battery down much quicker.  I picked up a super little solar battery pack from Amazon for under $10 and it works great, giving me several hours of extra battery life.  It’s also a good idea to have at least a small first aid kit and an emergency whistle so you can let folks know where you are if your cell phone is lost, damaged, or dead. 

Geocacher Vehicle Placard

Another thing you can do is hang a geocaching placard from your rear view mirror.  I found a nifty placard design at the Geocacher University website.  It looks similar to a disabled placard, but it is green and has the familiar geocaching logo on it.  There are two large white spaces on either side.  One side is for vehicle and owner contact information. You can enter as much info there as you are comfortable with.  I listed my first initial and my last name. I didn’t want to list a phone number, knowing that police could easily verify my vehicle, and they could also access my phone number if needed.   The other side is for the geocache information.  You can enter the GC# for the cache, or even the actual geocache coordinates.  I printed a couple copies then took them to Kinko’s and had them laminated.  That way, I can use a dry erase marker to enter the GC# of the cache each time, and just erase it when I return to my vehicle.  

Sometimes, we think we’re going to just dash into a park a couple hundred yards off the road, so we leave all our gear in the car.  Then you trip over a log and end up with a badly sprained or broken ankle, and all of a sudden that quick trek into the park becomes a minor emergency.  I used to think it meant I was less independent if I had to let someone know where I was going.  Now that I’m older (and after working many years in the ER and ICU) I see that it is just the smart thing to do. This placard is a great addition to every geokit out there.  It lets folks know where you are, what you’re doing, and helps keep you safe at the same time.  That’s good for a smiley all by itself.  

Do you have any other ideas to promote safety when geocaching?  Let me know in the comments.  Until next time, be safe, and cache on!

Permalink Leave a Comment

RFID Jackets Offer Protection From Skimmers

September 7, 2014 at 4:12 pm (gadgets, Products, security, Shopping, Travel) (, , , , )

Almost every time we turn on the news or look online these days, there is word of yet another security breach.  Some involve bank account and ID numbers.  Some involve large amounts of money while others involve information about everything from recipes to matters of national security.  

 

One way that data is being stolen on a smaller, yet very effective, level is when people hijack data such as credit card numbers from passersby in crowded public areas such as the subway, food court, or concert venues. This can be done because the information is on a small chip, called an RFID chip.  The chip is then embedded into a card, such as credit or debit cards, work ID and swipe cards, door passkeys, and more.   RFID, or Radio Frequency IDentification, is used to communicate and transmit information over short-distances.  People can use RFID scanners to look for, capture, and read the information on these cards. Those with criminal aspirations can take this information and cause quite a lot of trouble with it. 

 

SEV RFID

There are ways you can protect yourself from having your information captured. Generally, water and metal are the best ways to prevent radio signals from getting to or from your data. There is a rumor that wrapping cards in aluminum foil or lining your wallet with aluminum foil will protect your data.  This will possibly help, but will not prevent the data from being scanned or retrieved.  One of the most effective solutions available to consumers are wallets, pouches, and sleeves using a Faraday Cage inside a leather exterior. Searching for protection tagged “electromagnetically opaque” should point you in the right direction. However, another viable solution is an improved version of one of my long-term favorite products:  the ScotteVest Travel Vest, now with an RFID pocket. 

 

The RFID pocket was created as an extra pocket inside a pickpocket-proof travel document pocket to add an extra layer of security.  It’s made of a special fabric, and it protects credit cards, passports, and other documents with RFID tags from being scanned.  It doesn’t block signals from magnetic card readers or door swipe cards, but it does cover the most common wavelengths that people are generally concerned about. 

 

Their slogan that “you can never have enough pockets” certainly rings true for this long-time fan of ScotteVest products. The new travel vest features 26 total pockets, including the RFID blocking pocket, to protect the user from high-tech skimmers who are trying to steal identities and sensitive information.  The comfortable and roomy vest can easily hold things like a cellphone, flashlight, knife, iPhone, ID, pen, earbuds, iPad or iPad mini, concealed carry weapon, extra ammo, travel sewing kit, travel first aid kit, sunglasses, and lots more.  It has a couple of see-thru pockets so you can actually use your devices without taking them out of their pockets. There are small pockets for flash memory cards, earbuds, pens, and spare change, along with water bottle loops and an extendable key holder.  The weight management system ensures that the vest stays balanced and comfortable without bulging.  The advanced two-way zipper allows access to all the pockets with ease.  The CollarConnect system has also been updated for improved comfort and quicker installation. As they say, there’s more there than meets the eye and even more that doesn’t.   

 

The RFID Travel Vest is available in black, navy, khaki, and olive.  It retails for $135.

 

 They also sell a separate RFID pouch, called the Blackout Pocket, separately for $40.  It holds an iPhone and completely blocks RFID, cellphone, and GPS signals. Once you drop your device into the pouch and close it, you will be “off the grid” in a few seconds and are then untrackable by satellite according to ScotteVest.  This standalone pouch, which is approximately 6.5” x 5” when closed,  is meant to be carried in a vest or jacket pocket, or can attach with hook/loop tabs to some current ScotteVest clothing. 

 

For more information on these and other products, check out their website at ScotteVest.com.  What’s your favorite ScotteVest product?  Do you have a favorite pocket? I love the see thru pockets in my travel jacket, hoodie, and windbreaker. They are so easy to use and I can just swipe right thru the material without having to remove my iPhone. The included chamois in the eyeglasses pocket is also a nice touch.   Is there a pocket you’d like to see that they haven’t implemented yet?  Let me know in the comments. 

Permalink Leave a Comment