I hate your internet provider!

July 8th, 2014

But that’s okay, because I hate mine, too.

Recently, a client of mine was having trouble sending e-mail. Receiving was fine, however. Of note, the e-mail account in use was one from my client’s internet provider. Another account through Gmail was working fine. Also, e-mail using a local program (in this case, Thunderbird) wouldn’t go out, but using the provider’s web site worked fine.

So, I called the provider’s tech support line and essentially got nowhere. The basic line from them is, while they will assist with settings for a third-party program, they don’t guarantee access using one. I’d gone through the settings a number of times and tries various combinations of servers and account logins to no avail. I got to the point of asking the support representative if there was some kind of block on my client. The representative was unable to see anything and also unable to transfer me to a higher level of support to check on this contingency.

Some more details about this. I had removed some malware from this computer a week or so prior to this email issue. A different computer, using a different email address from the same internet provider, couldn’t send either. This other computer did not have any malware on it (its user tends not to do anything extravagant). It’s looking more like there’s a block of some kind, but at the IP address level and not the user level.

One of the features most consumer internet routers have is the ability to mimic the MAC address of one of the computers on the network. This has been around since the dark ages of broadband when some internet providers would lock you down to one device. The idea being to limit you to one computer on your end attaching to their network. This feature of the router allowed you to circumvent that limitation. The IP address assigned by your provider will generally remain the same so long as the MAC address of the device on your end doesn’t change.

So, I told the router to mimic the MAC address of one of the computers on the network so it would get a different IP address from the provider. Once this was done, mail began to work again.

What this did was get around the blocking the provider had done as well as proved to me one existed in the first place. The first level of tech support didn’t even seem to be aware such a block existed.  A downside is if the problem causing the block still exists (in other words, I didn’t successfully get rid of the malware), a new block will occur. I can only work this magic trick so many times before I run out of devices on the client’s network. Another downside is I’ve just now shifted the problem from my client to a random subscriber of this same provider who will now get the same lack of help from the provider.

The final takeaway from this is a recommendation I have of never using an e-mail address supplied by your internet provider. Which service you end up using doesn’t matter so much as using anyone other than your internet provider for your e-mail. The secondary advantage of this is never having to change your e-mail just because you’ve changed internet providers.

How important is it to have a different password for every site?

April 6th, 2014

I’m trying to come up with a more superlative answer than “vital” or “essential” and I just can’t find one. “Necessary” and “mandatory” are up there as well.

Seriously, your critical sites for banking and investment can be at risk because one site is compromised. Don’t use online banking? Don’t buy anything online? I wouldn’t say you’re completely safe. Some simple analysis of your e-mail account and a creative and capable person can probably figure out where you bank and things can just roll down from there.

Just look at my previous post for suggestions on how to manage your passwords and do it immediately.

Back up your important files now!

April 5th, 2014

My recent posts on password management are just one thing I discuss as often as I can. The second is backing up your files. We all have important files (pictures, documents, music) which would be tragic if they were lost. Make another copy of them now.

The simplest thing you can do is go out and buy a hard drive. Warehouse clubs and online retailers will generally provide you the best deals. Plug it into your system and install whatever software comes with the drive to assist you with backing up your files. I generally don’t recommend using this software, but it’s better than nothing.

With more experience, you can get other software which will do the job better. If you have a Mac with a recent operating system, just turn on Time Machine and stop fretting. For a PC, it’s not that simple. I’ve used Cobian Backup, SyncBack, and SyncToy as my solutions depending upon the situation. Cobian is best for a computer which has the backup drive connected to it all the time. Cobian is very configurable, powerful, and free. The downside is the author is getting tired and has put it up for sale. I don’t know how long it will remain this excellent and free product. SyncToy is from Microsoft and free. It’s quick and simple and gets the job done. I usually set it up for “backup on demand” situations whereas Cobian works in the background. There are three versions of SyncBack; one free and two pay versions. The pay versions have much more configurability in what not to back up compared to the free one. They also work well if you don’t leave the hard drive connected all the time and it gets a new drive letter the next time you plug it in.

If you buy software (like SyncBack Pro) and a hard drive, you shouldn’t be out much more than about $150 (depending upon the size if hard drive you get). If a hard drive fails, you’re out all your important files. You could send your drive to a data recovery service, but that will cost you hundreds or thousands of dollars to recover everything and there are no promises there.

Once you get a backup solution in place, be sure to use it regularly (daily is a good option). A client of mine had a hard drive fail recently. She said she had her backup drive but hadn’t used it in a long time. Weeks or months of data are gone. Don’t let this happen to you.

5 ways to keep track of your passwords (not all of them good)

April 3rd, 2014

On my last post, I made some suggestions to assist you with managing passwords. How many ways can there be to do this, though?

1) Just use the same username and password on every site. This is really a bad idea. If someone gets ahold of the information needed to sign in to one site, this person (or persons) can now sign in as you to every site where you have an account. While it might not seem bad to you if your e-mail account is compromised (“I don’t have anything important or secret there” is the most common thing I hear), now it can be used to send spam. Now your online retailer accounts are no longer secure. Then goes your bank. Then anything else.

2) Use good passwords for “important” sites (e.g. banks), but don’t worry about the rest. While on the surface this seems like a good idea, it’s not. Much of the time, all someone needs to do is get into your email account and then do password resets on your other accounts. The tools to do this get sent to your email account which has now been compromised. Essentially, this is not more secure than the first option.

3) Memorize everything. Awesome idea if you can pull it off. Bad if something happens to you which disrupts your memory. Realistically, most of us cannot do this. The details of all those login credentials get mired in our brains.

4) Write it down. This method is only as good as the physical security of the book (or paper or stone tablets) you use to maintain this. As long as you can keep it where no one can get access to it without authorization, it can be greatly effective. However, it’s not very convenient as you can only sign on to sites you haven’t memorized when you are near your “little black book.”

5) Use some kind of software. I recommend this method as long as the software allows some kind of synchronization across devices. Part of this is for convenience (you’ll always have it with you). Part of this is for redundancy (the loss of one device won’t mean the loss of your credentials). Like option 4, it’s only as secure as the software and password you use. Dashlane and Strip both use excellent encryption on the database so all you need is a good password. Sync Strip with Dropbox or pay for Dashlane’s service and you have ready backups on all your devices.

Have you made better passwords, yet?

March 31st, 2014

Recently, a new list of the post popular passwords has been making the rounds. I’ve talked about this kind of thing before, and I usually discuss this kind of issue with clients on a regular basis, but no one ever seems to take me seriously.

Passwords are the primary keys we use on the locks of our personal information. The tough ones are when people tell me they have nothing important worth protecting. I’m sure if someone got into your e-mail account and took all of the things saved there, you’d see how important it was.

So, what are you supposed to do? The ideal situation is to create different passwords for different sites. Having different user names can increase the security of your information, but often you’ll still have issues with how many e-mail addresses you’ll use for the sites (most people use only one e-mail address for all their communication). However, using a different password for every site can be difficult to manage. Using a tool will help greatly.

Which tool to use is going to depend on you. Some can get by with a “little black book” so to speak. However, writing down your passwords leaves you open to someone else reading the book (which usually has no security of its own) or leaving the book behind when you need to use the password while you’re away from your computer.

There are many different software titles and a few websites you can use to help manage your passwords. Depending upon the solution, it can allow you to have access to your passwords regardless of where you are at or which computer you are using. The downside is you then have to rely on the security of the application or website.

I chose a solution which rated highly on the security of its database (essentially, the database was uncrackable compared to other solutions available at the time of the review). Unfortunately, it’s not as convenient to use (e.g. synchronizing across devices is done manually, it doesn’t automatically fill in forms). This article from a couple of years ago goes over some analysis of popular password managers for the iPhone.

Because of that article, I stopped using the password manager I had been using and switched to Strip. They don’t appear to have a free version any more, but it’s inexpensive enough to be a relative no-brainer to just go out and buy. Their licensing terms are also very reasonable; you buy it once for each operating system and can use it on as many devices as you own. For myself, I had to buy the Mac, Windows, and Android versions. It only cost me $25. If I had an iOS device, it would only add another $5 to my cost.

You can synchronize your various devices using a cloud service such as Dropbox or Google Drive.

Another popular product I’ve seen recommended is Dashlane. While the application is free, to synchronize across all your devices, you’ll need to pay for their service at about $30 per year. It has the convenience of filling in web forms for you and the synchronization is automatic.

Both of these applications will help you manage and create strong passwords. Every time I create new credentials, I use Strip to create a password for it and save the password in the program which I can now synchronize across all my devices.

As I see it, with these kinds of apps available, there really isn’t a good excuse for not maintaining good passwords for your sites. Each site can have a good, long, strong, and unique password.