Archive for April, 2014

How important is it to have a different password for every site?

Sunday, April 6th, 2014

I’m trying to come up with a more superlative answer than “vital” or “essential” and I just can’t find one. “Necessary” and “mandatory” are up there as well.

Seriously, your critical sites for banking and investment can be at risk because one site is compromised. Don’t use online banking? Don’t buy anything online? I wouldn’t say you’re completely safe. Some simple analysis of your e-mail account and a creative and capable person can probably figure out where you bank and things can just roll down from there.

Just look at my previous post for suggestions on how to manage your passwords and do it immediately.

Back up your important files now!

Saturday, April 5th, 2014

My recent posts on password management are just one thing I discuss as often as I can. The second is backing up your files. We all have important files (pictures, documents, music) which would be tragic if they were lost. Make another copy of them now.

The simplest thing you can do is go out and buy a hard drive. Warehouse clubs and online retailers will generally provide you the best deals. Plug it into your system and install whatever software comes with the drive to assist you with backing up your files. I generally don’t recommend using this software, but it’s better than nothing.

With more experience, you can get other software which will do the job better. If you have a Mac with a recent operating system, just turn on Time Machine and stop fretting. For a PC, it’s not that simple. I’ve used Cobian Backup, SyncBack, and SyncToy as my solutions depending upon the situation. Cobian is best for a computer which has the backup drive connected to it all the time. Cobian is very configurable, powerful, and free. The downside is the author is getting tired and has put it up for sale. I don’t know how long it will remain this excellent and free product. SyncToy is from Microsoft and free. It’s quick and simple and gets the job done. I usually set it up for “backup on demand” situations whereas Cobian works in the background. There are three versions of SyncBack; one free and two pay versions. The pay versions have much more configurability in what not to back up compared to the free one. They also work well if you don’t leave the hard drive connected all the time and it gets a new drive letter the next time you plug it in.

If you buy software (like SyncBack Pro) and a hard drive, you shouldn’t be out much more than about $150 (depending upon the size if hard drive you get). If a hard drive fails, you’re out all your important files. You could send your drive to a data recovery service, but that will cost you hundreds or thousands of dollars to recover everything and there are no promises there.

Once you get a backup solution in place, be sure to use it regularly (daily is a good option). A client of mine had a hard drive fail recently. She said she had her backup drive but hadn’t used it in a long time. Weeks or months of data are gone. Don’t let this happen to you.

5 ways to keep track of your passwords (not all of them good)

Thursday, April 3rd, 2014

On my last post, I made some suggestions to assist you with managing passwords. How many ways can there be to do this, though?

1) Just use the same username and password on every site. This is really a bad idea. If someone gets ahold of the information needed to sign in to one site, this person (or persons) can now sign in as you to every site where you have an account. While it might not seem bad to you if your e-mail account is compromised (“I don’t have anything important or secret there” is the most common thing I hear), now it can be used to send spam. Now your online retailer accounts are no longer secure. Then goes your bank. Then anything else.

2) Use good passwords for “important” sites (e.g. banks), but don’t worry about the rest. While on the surface this seems like a good idea, it’s not. Much of the time, all someone needs to do is get into your email account and then do password resets on your other accounts. The tools to do this get sent to your email account which has now been compromised. Essentially, this is not more secure than the first option.

3) Memorize everything. Awesome idea if you can pull it off. Bad if something happens to you which disrupts your memory. Realistically, most of us cannot do this. The details of all those login credentials get mired in our brains.

4) Write it down. This method is only as good as the physical security of the book (or paper or stone tablets) you use to maintain this. As long as you can keep it where no one can get access to it without authorization, it can be greatly effective. However, it’s not very convenient as you can only sign on to sites you haven’t memorized when you are near your “little black book.”

5) Use some kind of software. I recommend this method as long as the software allows some kind of synchronization across devices. Part of this is for convenience (you’ll always have it with you). Part of this is for redundancy (the loss of one device won’t mean the loss of your credentials). Like option 4, it’s only as secure as the software and password you use. Dashlane and Strip both use excellent encryption on the database so all you need is a good password. Sync Strip with Dropbox or pay for Dashlane’s service and you have ready backups on all your devices.