No Surprises: Worst Passwords of 2014

January 21, 2015 at 11:25 pm (1Password, Applications, Productivity, security) (, , , )

Yesterday, SplashData announced its annual list of the 25 worst passwords (read: most common) on the internet. The list is compiled from over 3.3 million leaked passwords. Having worked at an Apple store for five years, the greatest offenders were no surprise to me. During those first few months at Apple, I was constantly amazed at the number of customers who used many of these top passwords.  Not surprisingly, many of these folks were hacked. The most common offenders were (are you ready for it?) “123456”,  “password”, and “qwerty”. Other commonly used passwords that are easily guessed by hackers, or by someone you know who might like to get into your account for nefarious purposes, include names (yours, your significant other, your favorite pet), favorite sports (baseball, football, golfer), favorite sports team (yankees, steelers, rangers), and favorite superhero (superman, batman). Hackers commonly use a “dictionary crack” which takes only a short time to run. If you use a word or words from the dictionary with no letters or symbols to break it up, your password can be easily guessed by the program.

Because of so much publicity surrounding data breaches this past year (Target, Home Depot, and many others), people are finally starting to pay attention and use slightly stronger passwords.  However, simply substituting numbers for some letters (3 for E, 4 for A, etc.) is really not enough anymore.  While “P4ssw0rd” is better than “password”, it is still easily guessed. It would be better to use something like “P4$$w)rd”, which is still “password”, but with substitution of numbers and symbols. Another big risk that people take is using the same password for all their sites.  If your login information was accessed during a data breach, all the hacker needs to do at that point is start using that login information for the common banks. If you reuse passwords (use the same password for your Target account that you use for your Bank of America account) then the hackers have just gotten both your Target account information and your banking information. Now do you see why reusing passwords is a bad idea? 

DilbertPasswordInstructions

Here are a few tips to make your passwords stronger: 
1.  Use a combination of upper and lower case letters, numbers, and symbols.  Most sites have a minimum length, but it can vary from 4 to 8 characters up to 14 to 18 characters or more.
2.  Do not reuse passwords. In other words, don’t use the same login information for multiple sites. 
3.  Use two-factor authentication when possible.  Many sites like Facebook, Twitter, Google, Battle.net, and others, are using this method, which is like having a security door in addition to your main door. Each time you log into the account, you are sent a code to your phone to enter after entering your initial credentials. It changes each time you login, so a hacker would have to have access to your device at the time of the login attempt in order to get the code.  
4.  Wait for it.  You know it’s coming.  Use a password manager such as 1Password for the best possible security.  Not only does 1Password store all your login information for every site you visit, but it will also generate strong passwords for you (and you can set criteria, such as length, number of characters and symbols,  etc.), and you only have to remember your master password.  The app remembers all your other passwords for you. In addition to login information and passwords, it also stores secure notes, attachments, software information (serial numbers and software keys), network information, banking info, and more.  It works across platforms, and is always in sync.  Best of all, the next time there is news of a data breach somewhere, and everyone is scrambling to change their passwords, you can sit there with a smug grin on your face knowing that you don’t have to worry about it. Do you have any tips or tricks to add?  Do you want to tell us the ‘best worst password’ you’ve used (or heard of)? Let us know in the comments. 

Advertisements

Permalink Leave a Comment

Help! I Forgot My Apple Password

December 15, 2014 at 9:09 am (1Password, Apple, Applications, How-to, iPhone/iPod Touch, security) (, , )

Back in the old days when I worked at Apple, there was hardly a day that went by when we didn’t get at least one person at the Genius Bar who had forgotten their Apple ID or Password.  They would frequently swear up one side and down the other that they knew what it was, it had always been that, and Apple was just wrong.  Uh-huh.  Right.  But, things happen, and sometimes it happens to the best of us.  Like my dad.  He is a pharmacist, one of the most intelligent men I’ve ever known.  But, bless his heart, he is not the most tech-savvy guy around.  Don’t get me wrong, he tries.  Oh, how he tries.  But, as much as I’ve tried to gently guide him and help him, I still end up going over about once a week to provide a little tech support (usually just to reset the router).

Not long ago, I was doing some routine upgrades when the box popped up for the Apple ID and Password.  I entered it, and immediately was informed that I was mistaken.  Frowning, I thought I must have entered it wrong.  I re-entered it, and got the ‘no dice’ message again.  “Dad”, I called out over the balcony, “have you changed your Apple Password without telling me?”.  He responded that he had not, so I opened my all-around favorite app, 1Password (I know, you’re shocked). I pulled up Pop’s info, only to find that the password listed was the same one I’d tried without success.  So, at this point, what to do?

There are a couple of things that one can do in this instance.  You can always contact Apple support.  This might be best for folks who are not tech-savvy.  Had I not been around and available, I would have sent Pop this route.  To get in touch with Apple’s support team for Apple ID issues, you can use this link:  https://getsupport.apple.com/Issues.do
You click a selection to let them know if your issue with your Apple ID is related to iTunes, iCloud, or “other”, where “other” includes Apple ID and password issues, as well as issues related to your security questions, game center, face time, messages, and more. When you select your issue, you’ll then be given a choice to schedule a call with Apple support.  You can call them or they will call you.  This cuts down on a long hold time for you.  A schedule is displayed, and you choose your preferred time, in fifteen minute intervals.  For instance, if I wanted to call this morning, it shows me that there are 6 appointments available between 9:45am and 11:15am.  I select the one I want, enter my contact information, then sit back and wait for them to call me.  You can call them as well, but during times of high call volume, you might have to hold for a bit.  Letting them call you is definitely the easier option.

If you have an iDevice (iPhone or iPad), you can easily recover or reset your account information.  Simply open the Settings app, then scroll to iCloud and tap it. At the top of the iCloud settings, you’ll see your name and email address.  Tap on the email address.  A box will appear for you to enter your password.  Underneath the box, tap on the blue text that says “Forgot Apple ID or Password?”  You will then have two choices:  If you don’t remember your Apple ID, tap the blue text that says “Forgot your Apple ID?”  Boxes will pop up for you to enter your name and email address to recover your Apple ID.  If you know your Apple ID but don’t remember your password, enter your email address then click “Next”. Then tap whether you want to reset your password by email or by answering your security questions. After that, you should be able to reset your password and log in to your account as usual. 

My Apple ID

You can reset your password from the “My Apple ID” site using your web browser.  Under the blue “Manage Your Apple ID” link on the right side of the page, click on the option to “Reset Your Password”.  You will have to enter your email address and correctly answer the security questions to complete the process and have your password reset. 

There is a little-known secret that allows you use your web browser to search multiple email addresses to try to find an Apple ID that you may have forgotten after changing your email from one account to another. Go to Apple’s iForgot site, enter your name, your current email address, and up to three former email addresses.  Answer the security questions to verify that you are really you. This should be enough to find your Apple ID.  You can follow the other steps to reset your password if needed.  Now you can log in as usual. 

Once you recover your Apple ID and password, please put the information into your 1Password app.  If you aren’t using it yet, there’s no better time to start.  Check it out at their 1Password website. Start using 1Password and have all your user names, passwords, login info, secure notes, and more right at your fingertips.  Best of all, you only have to remember one password (you know you wondered where the name came from) from now on.  The app remembers the rest. It’s accessible anywhere, and syncs across all your devices. Get it now, and never have to fill out another form to recover ID and password information.  Think of all the time you’ll save! 

If you have any trouble, you can always refer back to the link to get in touch with Apple’s support team.  They will help get you back on track in no time. 

Permalink Leave a Comment

WireLurker: Yet Another iOS Malware threat that you don’t have to worry about

November 8, 2014 at 6:27 pm (Apple, Current Events, iDevices, iPhone/iPod Touch) (, , , )

Get ready to start defending your common sense practices again with regard to your iDevices.  A Computerworld magazine screams, “Panic!” regarding “Horrible Apple iOS virus; vectored via USB: WireLurker is ‘new brand of threat’”. I’m sure Chicken Little is running around somewhere with his cute little hardhat in place to protect said cute head from the fallout of the latest malware threat.  As usual, the majority of users need not worry.  

This latest malware threat is called WireLurker, a catchy name for this critter that spreads via “trojanized/repackaged OS X applications” found on a third-party Mac app store in China.  The Maiyadi App Store has nearly 500 apps that have been infected, and those infected apps have been downloaded over 350,000 times.  The app store is quite popular because it allegedly offers popular Mac apps for free.  Step right up and get your infected copy of Angry Birds, The Sims, and more. 

Remember, if it seems too good to be true, it probably is.  Saving a buck or two is just not worth it when it comes to the well-being of your iDevices, not to mention you’re cheating developers out of their hard-earned money.  What makes this malware different from others is that WireLurker can hop from an infected OS X computer to a non-jailbroken iDevice via USB. However, the user still has to trust the computer and approve the installation.  Nothing new here, kids.  As long as you don’t say, “Ok, I trust you, now let’s go ahead and continue to install and run the free version of this app that I know I should have paid for but I didn’t”, you should be ok. Is it really worth the risk to save two bucks and cheat the developer out of the money he should have gotten for making this cool app? As long as you use common sense, only download apps from the Apple store, and don’t download software from third party sites (especially in China), you should be just fine.  

Permalink Leave a Comment

Use Vehicle Placard for Safety when Geocaching

October 12, 2014 at 5:26 pm (Geocaching, Personal, safety, security) (, , , )

I’m just putting out a little Public Service Announcement (PSA) today to encourage safety while geocaching.  Every year, we hear a couple of stories about folks who went geocaching and got lost or injured, and while things generally turn out ok, there are a few things one can do to ensure a happy ending to their day.  It’s mostly common sense, but crazy things still happen.  You don’t want to be one of the Darwin award winners for the year.  ((Note: for the uninitiated, the Darwin Awards are the annual awards given, often to surviving family members, for acts of incredible stupidity).  

It’s always a good idea to use the buddy system when geocaching, partly because it’s just fun to cache with a friend;  but for those occasional times when you just want to go it alone or no one is available to go with you, there are a few things you can do to make sure you arrive home safe and sound after logging those smileys for the day.  Always let someone know where you are, especially if you are going geocaching in a remote area.  Make sure you have your geokit with you which has geoswag, snacks, and water, in case you have a flat tire, car trouble, or an accident. An emergency battery pack for your cell phone is also a good idea, since we know having the GPS enabled on our iDevices runs the battery down much quicker.  I picked up a super little solar battery pack from Amazon for under $10 and it works great, giving me several hours of extra battery life.  It’s also a good idea to have at least a small first aid kit and an emergency whistle so you can let folks know where you are if your cell phone is lost, damaged, or dead. 

Geocacher Vehicle Placard

Another thing you can do is hang a geocaching placard from your rear view mirror.  I found a nifty placard design at the Geocacher University website.  It looks similar to a disabled placard, but it is green and has the familiar geocaching logo on it.  There are two large white spaces on either side.  One side is for vehicle and owner contact information. You can enter as much info there as you are comfortable with.  I listed my first initial and my last name. I didn’t want to list a phone number, knowing that police could easily verify my vehicle, and they could also access my phone number if needed.   The other side is for the geocache information.  You can enter the GC# for the cache, or even the actual geocache coordinates.  I printed a couple copies then took them to Kinko’s and had them laminated.  That way, I can use a dry erase marker to enter the GC# of the cache each time, and just erase it when I return to my vehicle.  

Sometimes, we think we’re going to just dash into a park a couple hundred yards off the road, so we leave all our gear in the car.  Then you trip over a log and end up with a badly sprained or broken ankle, and all of a sudden that quick trek into the park becomes a minor emergency.  I used to think it meant I was less independent if I had to let someone know where I was going.  Now that I’m older (and after working many years in the ER and ICU) I see that it is just the smart thing to do. This placard is a great addition to every geokit out there.  It lets folks know where you are, what you’re doing, and helps keep you safe at the same time.  That’s good for a smiley all by itself.  

Do you have any other ideas to promote safety when geocaching?  Let me know in the comments.  Until next time, be safe, and cache on!

Permalink Leave a Comment

RFID Jackets Offer Protection From Skimmers

September 7, 2014 at 4:12 pm (gadgets, Products, security, Shopping, Travel) (, , , , )

Almost every time we turn on the news or look online these days, there is word of yet another security breach.  Some involve bank account and ID numbers.  Some involve large amounts of money while others involve information about everything from recipes to matters of national security.  

 

One way that data is being stolen on a smaller, yet very effective, level is when people hijack data such as credit card numbers from passersby in crowded public areas such as the subway, food court, or concert venues. This can be done because the information is on a small chip, called an RFID chip.  The chip is then embedded into a card, such as credit or debit cards, work ID and swipe cards, door passkeys, and more.   RFID, or Radio Frequency IDentification, is used to communicate and transmit information over short-distances.  People can use RFID scanners to look for, capture, and read the information on these cards. Those with criminal aspirations can take this information and cause quite a lot of trouble with it. 

 

SEV RFID

There are ways you can protect yourself from having your information captured. Generally, water and metal are the best ways to prevent radio signals from getting to or from your data. There is a rumor that wrapping cards in aluminum foil or lining your wallet with aluminum foil will protect your data.  This will possibly help, but will not prevent the data from being scanned or retrieved.  One of the most effective solutions available to consumers are wallets, pouches, and sleeves using a Faraday Cage inside a leather exterior. Searching for protection tagged “electromagnetically opaque” should point you in the right direction. However, another viable solution is an improved version of one of my long-term favorite products:  the ScotteVest Travel Vest, now with an RFID pocket. 

 

The RFID pocket was created as an extra pocket inside a pickpocket-proof travel document pocket to add an extra layer of security.  It’s made of a special fabric, and it protects credit cards, passports, and other documents with RFID tags from being scanned.  It doesn’t block signals from magnetic card readers or door swipe cards, but it does cover the most common wavelengths that people are generally concerned about. 

 

Their slogan that “you can never have enough pockets” certainly rings true for this long-time fan of ScotteVest products. The new travel vest features 26 total pockets, including the RFID blocking pocket, to protect the user from high-tech skimmers who are trying to steal identities and sensitive information.  The comfortable and roomy vest can easily hold things like a cellphone, flashlight, knife, iPhone, ID, pen, earbuds, iPad or iPad mini, concealed carry weapon, extra ammo, travel sewing kit, travel first aid kit, sunglasses, and lots more.  It has a couple of see-thru pockets so you can actually use your devices without taking them out of their pockets. There are small pockets for flash memory cards, earbuds, pens, and spare change, along with water bottle loops and an extendable key holder.  The weight management system ensures that the vest stays balanced and comfortable without bulging.  The advanced two-way zipper allows access to all the pockets with ease.  The CollarConnect system has also been updated for improved comfort and quicker installation. As they say, there’s more there than meets the eye and even more that doesn’t.   

 

The RFID Travel Vest is available in black, navy, khaki, and olive.  It retails for $135.

 

 They also sell a separate RFID pouch, called the Blackout Pocket, separately for $40.  It holds an iPhone and completely blocks RFID, cellphone, and GPS signals. Once you drop your device into the pouch and close it, you will be “off the grid” in a few seconds and are then untrackable by satellite according to ScotteVest.  This standalone pouch, which is approximately 6.5” x 5” when closed,  is meant to be carried in a vest or jacket pocket, or can attach with hook/loop tabs to some current ScotteVest clothing. 

 

For more information on these and other products, check out their website at ScotteVest.com.  What’s your favorite ScotteVest product?  Do you have a favorite pocket? I love the see thru pockets in my travel jacket, hoodie, and windbreaker. They are so easy to use and I can just swipe right thru the material without having to remove my iPhone. The included chamois in the eyeglasses pocket is also a nice touch.   Is there a pocket you’d like to see that they haven’t implemented yet?  Let me know in the comments. 

Permalink Leave a Comment

Where do you keep your Passwords? No More Sticky Notes!

June 8, 2014 at 11:31 am (1Password, Apple, Applications, Current Events, iDevices, iPhone/iPod Touch, Productivity, Products, shareware) (, , , , )

I realize I’ve been hyping the fantastic 1Password app quite a bit lately.  There’s a good reason for that.  It’s the best.  If you care anything about your data, you owe it to yourself to protect it.  That means using 1Password. 

 

Friends frequently ask me what 1Password is, what it does, why they need it, and many other questions.  I’d gotten my “elevator spiel” down to about a minute or so, but I was afraid of being inconsistent, or leaving out something important, (especially with all the new features added recently), or just freezing up (it happens sometimes). But, now there is something even better. 


Now there is a real video, complete with snazzy soundtrack, that can be clicked and watched again and again. Keep watching until you realize that you cannot go another minute without the muscle that 1Password provides.   

 

Enjoy this brief video, then head on over to 1Password and pick up a copy today.  


Permalink Leave a Comment

Apple iDevices Held for Ransom Down Under: Don’t Reuse Those Passwords, Mate

May 29, 2014 at 2:13 pm (1Password, Apple, Applications, Current Events, iDevices, iPhone/iPod Touch) (, , , )

Something interesting happened in Australia recently when Mac, iPhone, and iPad users were hacked using Apple’s Find My iPhone feature to lock devices and send ransom messages to the owners. They demanded a $50 “unlock fee” to be paid via PayPal payment from the owners. 

 

While it wasn’t immediately evident how these hackers gained access to the devices, it was soon ascertained that they obtained the information from a data breach. Because many people reuse passwords, it is likely that the hackers found people who used the same passwords for the accounts from the data breach and their Apple ID, which then allowed them control of  the iDevices. 

 

Apple made a brief statement to let people know that iCloud was not compromised.  They also advised those affected to change their passwords. They can also go to their local Apple store or call Apple Care if they need additional assistance. 

 

This reinforces the sensibility of utilizing two-step authentication whenever possible, and reminds users to never reuse the same password across accounts. It also reiterates the need to use a good password manager such as 1Password to create strong passwords for all your accounts. Until next time, be safe with those passwords folks. Friends don’t let friends reuse passwords.  


Permalink Leave a Comment

The Heartbleed Bug, 1Password, Watchtower, and You

April 18, 2014 at 6:58 pm (1Password, Apple, Current Events, iDevices) (, , , , , )

Anyone who has spent any time with me knows that 1Password is one of my favorite applications.  It ranks right up there with Evernote, TextExpander, and Dropbox for must-have, can’t live without applications for Mac and iDevices alike (and even Android and Windows folks are covered).  1Password has long been my go-to app for password management, secure note storage, software license info, and general account and login information. It even helps me complete online orders quickly, easily, and securely. 

 

Heartbleed logo

 There was a new bug discovered recently called Heartbleed.  This bug is of the electronic variety, not the pesky outdoor variety…although both have the potential to be particularly troublesome.  The Heartbleed bug affects most all of us in one way or another.  It has been shown to be a serious vulnerability with SSL encryption, which is used to provide security over the internet for many applications such as instant messaging, web applications, email, and some virtual private networks (VPNs). SSL is the ’s’ in https, or to break it down a little more, it is what usually keeps your information secure and is shown by the little padlock icon in your browser’s address bar.  Without getting too technical, the Heartbleed bug essentially allows the bad guys to access what the user thought was their secure data, such as account user names, passwords, and possibly even the actual content. 

 

In order to fix it and recover, the owners of the services and the service providers must patch the vulnerabilities and distribute new versions that clients will implement generally by upgrading their software. Additionally, users should change their passwords, 

 

Most everyone is affected in some way, largely because of the widespread popularity of OpenSSL. In addition to being used by many social networking sites, blogging sites, ecommerce sites, and even some government sites, OpenSSL is also used for mail and chat servers, and VPNs (virtual private networks). It is very difficult to detect because the bug leaves no trace of abnormalities in the user logs. 


Dave Teare, co-founder of AgileBits, and developer of the aforementioned awesome password management software, 1Password, released a newsletter to users to inform them of the Heartbleed bug, and to let them know how 1Password can help them defend themselves. 

 

1Password was not affected by Heartbleed because it uses a different type of encryption. The data within 1Password is completely safe.  However, you will need to change your password for any websites that were affected.   

 

1P logo

 1Password makes it incredibly easy to change your passwords. They have a terrific feature that enables you to do something called a security audit. With a click of a button, it tells you which of your passwords are weak, which are duplicates (bad!), and which are older (6-12 months, 1-3 years, 3+ years) which is especially good if you use time sensitive passwords or work somewhere that requires they be changed monthly or quarterly.  I could never keep up with the timing on those when I worked at Apple, and it never failed that I would have to change my password at the most inconvenient time.   

 

One of the most common questions after Heartbleed was publicized was, “Which passwords do I need to change?” but part of the problem was that folks didn’t know whether a particular site had patched (or fixed) their vulnerability without going to every single website for which they had an account.  Talk about a huge time suck.  I could have spent a few days just checking websites.  Then, I would have had to note which sites were fixed, and which sites I needed to follow up with if they had not been patched.  Surely there was an easier way, right?  Yep, and the wonderful folks at 1Password helped us with that. 

 

Watchtower

 Enter 1Password Watchtower. Talk about slick!  I am so loving this new feature.  It will let you know the status of the websites affected by Heartbleed.   For example, it will let you know if you need to avoid the site until it is fixed, if it has been fixed and you need to change your password (see example screen grab), or if it was never vulnerable and therefore not affected, so you don’t have to change your password for that particular site.   The danger of reusing passwords (using the same password for multiple sites) is because if you use a password on a site that was vulnerable, the bad guys could have accessed your user name and password.  Then they could go to a site that wasn’t vulnerable on its own, but they didn’t need it to be vulnerable, because you had already handed them your user name and password on one of the other sites. Does that help to better explain why it’s such a bad idea to use the same user name and password for everything?  Here is more information on the new Watchtower service.  


Cult of Mac published a very helpful article  that walks one through the process of resetting affected passwords quickly and easily.  They have also listed links to the password reset page of popular websites such as Facebook, Google, Amazon, Instagram, IFTTT, and many others. Using the Security Audit feature, you simply start at the top of the list and follow the step-by-step instructions to change your password.  Once you’ve finished with that website, just go to the next one on the list until you’ve finished all of them.  How much time it takes will obviously vary depending on how many passwords you need to change, but it really is a fairly quick and painless process.  Plus, it should go without saying that now you will have peace of mind that your login information is safe again. 

If you don’t already have it, pick up 1Password today and get started on your path to a safer online experience.  Then, next time your friends are freaking out because “ACME Data” got breached, you can say, “Meh, I have 1Password. Not worried.” and keep on watching your videos.


For more information about Heartbleed, 1Password, and Watchtower, head over to 1Password’s website.  Their terrific blog has all the latest information about things that would be rocking your world in a bad way, were it not for 1Password keeping things in balance.  Cheers!


Permalink Leave a Comment

Beware of Friendly Emails from Social Media Contacts

September 5, 2013 at 4:43 am (Uncategorized) (, , , , , )

1Password Logo

I’m beginning to really hate Facebook these days.  Their lack of privacy protection coupled with scum of the earth who prey on others is almost enough to make me delete all social media forever. Almost. 

After getting a message telling me my account had been hacked (and knowing it hadn’t), I started investigating.  It seems a lot of people have been getting messages purporting to be from myself and others in my contacts list, but the email address is different.  You can quickly check to see if your account has truly been compromised by checking the “Sent” mail to see if mail has actually been sent out to others. If it has, you’re dealing with something different entirely.  Most likely, though, it is just the contacts list that was compromised by someone you know on a social media site. 

So, what usually happens is something like this:

Someone has their account compromised. Their friends list is obtained. Now, phishers send email to those contacts from a person’s name on their friends list, and often the email address is hidden (or folks just don’t notice it is a totally different email address because they see a person’s name with whom they are familiar, and they just skip over the email address).  Then, the recipient clicks on the link from the brief message (which ALWAYS includes a link of some sort, be it a photo, video, or weblink). Now, the unsuspecting person has likely just come in contact with some spyware, malware, etc.  If they have a Mac, they are probably ok.  If they have a PC, it depends on their protection package. 

The scammers generally have not accessed the account details of the folks on their list, it’s just a list of contact names, kind of like someone writing any name in the return address field of a letter to be mailed. I can choose any name from my address book to place in that field, then I can add any address to it as well. 

Note that it often happens to those of us with friends in common.  I suspect the spambots gather webs of common friends, then use them to send email phishing scams to targets. 

This is typically what you’ll see in the resulting email:

1.Friend’s name (John Smith) in the “From” field, but with a different email address.  These are frequently from a Yahoo or Hotmail address (gencobet@yahoo.co.id)

2.Subject is usually something like “Check this out” or “For ‘your name’”

3.Generally, the messages are very brief and always include links, saying something like “You’ve gotta see this” or “Look what I found” or (lately) “Saw this picture of you on (insert your social media site here)”


There are a few things you can do to protect yourself.  If you don’t use a really good Password manager like 1Password (https://agilebits.com/onepassword) please start now.  I can almost guarantee the safety of my accounts because I use 1Password with its random password generator.  I don’t reuse passwords, I don’t use my spouse’s name or pet’s name or birthdays or words that are in the dictionary for passwords…all of those things that make some folks perfect targets to have their accounts compromised.  You only have to remember your main (master) password, and the rest is automatic. It takes care of logging in to sites for you and does so much more, including protecting you from phishers by making sure the website you think you are viewing is the actual site, and not just pretending to be that site (a popular way many folks give up their passwords is to think they are on sites such as banks, PayPal, etc. but they really are not). Therefore, not only does 1Password securely store your passwords, logins, and other information, it also acts as your first line of defense against scammers, phishers, and other unscrupulous scum of the earth.  It used to be Mac-only, but now there are versions for Windows, iOS, and Android, so virtually everyone is covered.  The versions all sync, so you always have all your information where you need it. This is the one of the top three apps that I absolutely, positively could not be without. 

Enable 2-factor authentication, also known as two-step verification, when possible.  This means that in addition to logging in to a site with your user name and password (first step), you will be sent a code, often by SMS on your cell phone, to verify the account (second step).  Several sites offer 2-step verification now, including Google, Facebook, Twitter, and others.  Here is a link to a Gizmodo article telling you how to enable it on your other services: http://gizmodo.com/how-to-enable-two-factor-authentication-on-all-your-acc-510245714  I’ve been using 2-factor authentication with Facebook for awhile now, and, while it can occasionally be a pain, I have gotten used to it and feel much safer using it knowing that it would be very difficult for someone to access my account. 

If you aren’t sure about a message you receive from someone, look at the return email address.  Make sure it is actually the sender’s email address. 

This should go without saying, but don’t EVER click on the links. Doing so will almost always invite trouble. It might look harmless, but a link can be named almost anything. I can send you a link to a site that will install really bad juju on your PC, yet I can title it, “Beautiful Sunset”. 

Above all, be vigilant and use common sense. It’s always ok to send someone a message to ask them if they sent you something. Replying to the message will not send it back to your ‘friend’ in most cases, because it wasn’t from them anyway. It’s best to just ignore it. Still, one of the best things one can do to protect themselves online is to make good use of 1Password. Be safe out there. 

Permalink Leave a Comment

New Scam on the Block: Scamming via Text Messaging

August 5, 2013 at 8:46 pm (Uncategorized) (, , )

The conversation started innocently enough.  My partner asked if something was wrong with the debit card.  I said, “No, why?”.  The response was that she’d received a text from Regions saying the Visa debit card had been temporarily deactivated, and it gave a number to call for reactivation.  Alarm bells started ringing in my head.  First of all, we don’t have a Regions debit card.  Second, a text message?  Third, it gave a local phone number for assistance.  

Text Scam

This works for a few reasons.  They pick a large bank knowing that a large percentage of the population will have an account.  There is some convincing information there, because they have the first few digits of the card, right?  Nope.  All Visa cards begin with 4, Mastercards begin with 5.  By including a little information that sounds plausible, some folks might automatically think it is legitimate.  They only need a few people to respond to make it worthwhile. Congratulations.  You’ve just given your card information over to someone planning a small shopping spree. A few keystrokes later,  I was reading about one of the newer scams on the block:  SMS phishing, or “smishing”.  Scammers send out a burst of text messages to local numbers with a message that starts something like this:  “(name_of_bank) NOTICE: Your VISA #4355-47xx has been temporarily deactivated. To reactivate, please call (local number)”.  When you call the number, you get a message telling you that you have reached the automated service center. They tell you to leave your card number, expiration date, and 3-digit code on the back (not all include the code part), and your card will be promptly reactivated.  

If you think your debit or credit cards have been compromised in any way, call ONLY the toll-free number on the back of the card.   Do not be embarrassed and hope that nothing will happen if you did slip up and give someone some information about your account.  In many cases, the thieves will rack up charges halfway around the world within half an hour. They do it quickly before folks have time to think about it. By the time it gets reported, the damage is done.  So, report it quickly so your card can be blocked, and a new one can be issued.

Be vigilant folks.  It’s a whole new world. Stay safe out there. 

Permalink Leave a Comment