Notes From The Tech Man

If you’re like most people, your password is not nearly secure enough to thwart a hacker from getting into your account. The reason why most people don’t choose a secure password is that it makes it more difficult to remember. There are many ways to improve your ability to remember a complex password. This article at Naked Security has a video explaining one method.

But how do you know if your password is really secure? I’ve recently learned of a web site which will let you know just how difficult it is to crack your password; How Secure Is My Password?

To test, I ran a few passwords into it to see how secure they are. For example, kangaroo comes up with the result of “Common Password: In The Top 2,490 Most Used Passwords Your password is very commonly used. It would be cracked almost instantly.” Adjust that with some numbers (replacing the o with zeros) to kangar00 and we get a result of 3 hours to crack the password. Make more adjustments (replacing the a with @) to k@ng@r00 gives us a result of 2 days to crack the password. Much better. It looks less like a dictionary word; has numbers, letters, and symbols; and is easy to remember. Throw in a capital letter, k@ng@R00, increases the cracking time to 57 days.

Increasing the length of your password will also make it harder to crack (this is why some sites have minimum password lengths). I put in a random string of six characters, Mn0#85, which could be cracked in about 13 minutes. Adding a 1 to the end of that increased the cracking time to 17 hours. Add a $ to that to achieve 57 days. Add j to make 12 years the new length to crack. New random 12-character password, KGkDqd#12$7O, will take 5 million years.

Now, the times are approximate, but as you can see, each additional character adds a greatly increasing amount of time to crack the password. Using just lower-case letters, a 12-character password, xlgcezhdkpnm, will only take 12 years. From 12 years to 5 million years by just adding mixed case, numbers, and symbols.

There is a companion site, Make Me a Password, which will generate a password for you. It will start with words and put in some common substitutions to make the password easier to remember (use the check-boxes to see how that works).

Why are you still reading this? You should be going to all your important sites (especially banking and investing, followed by on-line stores). Don’t delay. Make this one of your New Year’s resolutions.

Sorry I’ve been so infrequent in blogging lately.  I’ve been sick and I’ve largely wanted to sleep when I haven’t been doing any actual revenue-generating work.

I wasn’t sure what to think about the title to this article.  It’s not that I don’t agree, it’s how the article went on to talk about how internet traffic is generally up worldwide and also about the sources of attack traffic (you know, the bad people trying to break into things).  It’s a good read, but I want to talk about the title and the leading paragraphs.

I find it disappointing that the country where the internet started doesn’t have a lead in speeds available to its citizens.  C’mon!  The Czech Republic has a faster average speed than the United States of America.  How can this be possible?

I’m not aware of any laws or government regulations limiting how much bandwidth we may have in our homes.  That being said, the following is just going to be “pulled from a random body orifice” guessing on my part as to why we lag behind.

It’s all about the money.  As dial-up services waned, we saw an increase in our internet services being provided by telephone and cable companies.  Their primary revenue focus has never been the internet so they had no real incentive to bring more to that side of the picture.  The internet is also becoming a greater source of competition for their primary services.  There are so many low-cost options for telephone and television programming, there may be little need to subscribing to them from your local company.

You could say that I’m part of the problem here.  I subscribe to the internet from my local cable company.  That’s it.  I have an indoor antenna which gets the local PBS station with amazing clarity (in my observation, this was the only station regularly watched in my house).  I can download TV shows from iTunes and Amazon.  I can stream them directly from the network web sites and places like Hulu.com.  I use a couple of different voice over IP services for telephone service.  Let’s not forget streaming from Netflix directly to my game console.  All of this has been cheaper than if I got television and telephone from my cable company as well.

I remember reading an article some time ago where the author told the story of how he had saved money by eliminating his cable television service and switched to iTunes for his television programming.  It spoke to me, but it still took me a few years to get everything in place to make the conversion.  There’s still some resistance from the family, but otherwise it’s been a great cost savings.

Unfortunately, I don’t think there’s going to be a great incentive for our broadband providers to invest in speeding up our internet (mind you, it’s faster than it was a few years ago, but not to the point of other countries like South Korea).  We’ll probably need a large government program to get that done.  Something along the lines of the old rural electrification project to give us faster speeds and get broadband out to those not in a major metropolitan area.  If something like this is going to happen, I just hope it happens soon.

Part of me wishes this was a veiled Star Trek reference, but it’s not.  A few days ago, Apple sent out a promotional e-mail entitled “Mac in the Enterprise.”  It’s about time, if you ask me, that Apple pushed this particular environment.

Previously, there didn’t seem to be a great deal of push for Apple products into big business.  Sure, they are easier to support than their Windows counterparts, but all the “cool” business software runs on Windows, so who’d want a Mac?  For the most part, Macs have only existed in the creative departments at businesses because all the “cool” graphics software is available for the Mac.

My belief is that the iPhone has changed much of that.  The iPhone has been such a “must have” device that businesses have had no choice but to figure out how to integrate and support it.  It’s only a matter of time before the rest of the Apple product line gets into businesses in a big way.

Now, Apple seems to be actively targeting businesses and I can’t wait to see more exposure there.  Windows should be given a good run for its money.

It appears that Java is being used increasingly in malware attacks.  In this article there is mention of compromised web sites being used to deliver the malware.  It’s sophisticated enough to be able to tell if the payload will be delivered to a Mac or a PC and alter itself accordingly.  Given that Java is pretty much everywhere, malware can be written to take advantage of it and work on pretty much any system.

While it doesn’t happen all the time, many malware require the computer user to do something to allow for its installation.  With Windows Vista and 7, this became more likely with User Account Control popping up whenever something was going to be installed.  My normal advice here is that you should be saying “no” unless you were intentionally trying to install something.  This advice is not often heeded because inexperienced computer users may not have the necessary background to know when to not say “yes” to one of these.

In my opinion, you’re probably better off saying “no” when you aren’t sure and asking someone more experienced to guide you on how you should be responding to these dialogs.

It’s probably another good time to talk about making regular backups of your system.  Since some of this malware can be rather catastrophic to how your computer operates, sometimes the only way to get rid of it is to completely erase your computer and reinstall everything from scratch.  In my experience, malware is either of the “minor annoyance to the expert” variety or the “gotta nuke it from orbit to be sure” variety.  By making regular backups, you assure yourself the ability to recover from the latter if it occurs.

One of the worst things that can happen to a computer is for it to be stolen.  Along with the computer will be data important to the owner.  This data can range from pictures of important events, a music collection, to the credentials needed to log into web sites.  The loss of all of these at one time can be devistating.

In a video posted at this site (note: the video contains strong language throughout and a few questionable pictures), a man details the circumstances surrounding the theft of his computer and what he did to get it back.  The remarkable thing was that he recovered his computer two years after the original theft.

Now, the speaker did say that if he had better security, he wouldn’t have been able to get his machine back.  Plus, he’s quite an expert at what he does and used those expert skills to get the details needed to find his computer.  The person who had the computer was a typical home user.

What can you do?  The first thing is to consider what you do to physically secure your computer.  For the most part, just consider how you secure your home and how easy it would be for a thief to get in.  In general, the more difficult the task, the less likely a thief will get in (further details on home security are beyond the scope of my blog).  However, if you have a notebook computer, you carry this thing with you frequently and it can be lost, stolen, or damaged far more easily than a desktop computer locked in your home.
I’ve spoken before of the importance of backup.  I mention again how important it is in the event your computer is stolen.  In fact, having a backup located somewhere other than near your computer will drastically increase your chances of recovering your data (you’ll see some reinforcement of this idea in the video).  I recommend two services, Mozy and Carbonite (links to the right), if you want a service to do it.  You could also send copies of your data to a trusted friend or relative.

Recovery of your stolen computer can be assisted by the use of some free software or using a commercial service such as LoJack.  Some of the free software includes FireFound, a plugin for the Firefox web browser (FireFound works for free but you can pay for advanced features).  These software options send information to the company that can be used to help locate your computer.

All of these things are forms of insurance.  You have to decide how much insurance to carry on your equipment and of what type.  My personal belief is that your information is far more valuable than the computer and you should look at making sure there is a backup for it both near the computer (for quick access) and away from the computer (for increased chance of data recovery).