TechBite Technology
Steve Bass's Weekly Newsletter
TechBite's columnist Steve Bass writes weekly commentary on the technology products he loves, the strategies for getting the most out of them, and the gotchas that can cause computing misery.
Password Disaster: My PayPal Account Was Hacked
Tips for secure passwords -- and managing your passwords. Plus a nifty Web printing tool and a few ways for you to waste your time.
In this issue:
My PayPal Account's Been Hacked
Quick Password Tips
Who's Got My Password?
Password: z24x680uBS4!44
Generating Strong Passwords
Keeping Track of Your Passwords
RoboForm, The Passwords Master
Time Wasters
Move Your Cursor
My PayPal Account's Been Hacked
The e-mail from PayPal said I'd sent $400 to a gaming firm in Germany. It's a dopey phishing expedition, I thought, and authentic-looking, for sure, but nothing to worry about.
The trouble was that when I logged on to PayPal, I really did have a $400 withdrawal. It was clear that someone had my password.
Quick Password Tips
Some of you may skim through this newsletter, so here are the three essential things you need to know about password security:
-- Use a password generator, a program that will create a long, complicated password.
-- Don't ever use dictionary words, even if you stick in symbols, like bill$gate$. They're very easy to break using simple hacker programs. (LOL -- Thanks, Rod.)
-- Use a different password for every important site. Using the same password on every site, especially critical ones, such as banking, is risky. Imagine using your one password on an unsavory, and possibly unscrupulous site. With that golden password, and a few guesses on your login name -- stevebass, steve_bass, sbass -- and they're in like Flynn.
Who's Got My Password?
I contacted PayPal (888/221-1161), supplied the details, and they opened up a case. My account is frozen and I don't doubt PayPal will credit me for the loss. (As I started editing this newsletter, PayPay reversed the charges.) PayPal is investigating, but I don't think they'll ever find out how someone got into my account, though it was clear the person had my password. The rep said I probably fell for a well-crafted e-mail spoof.
That's a blow to my ego. I see myself as suspicious -- verging on paranoid -- when it comes to phishing e-mails. What better prize than bragging rights to hacking a PC World guy, right? So I'm as vigilant as my dog is when I try to get her to take a pill wrapped in peanut butter. (Hey, you can't fool me, pal, she probably thinks...)
If an e-mail -- suspicious or not -- refers to any of my important accounts and provides a link to click, I ignore the offer. It's safer to manually type the URL into my browser's address field. And yes, I'll cover phishing hassles -- and ways to guard against it -- in a future newsletter.
Password: z24x680uBS4!44
I'm also careful with my passwords and, at least until now, thought they were super stealthy. For example, on PayPal I used four numbers, a symbol, and three letters. According to Microsoft's Password Checker, my standard password pattern -- 1600%wtf -- is strong. But it could be better.
Microsoft says that the most effective passwords are 14 characters and have a combination of upper and lower case letters, numbers, and a symbol or two. For example, z24x680uBS4!44 is strong enough for them to call it "best."
Test your passwords on Microsoft's site and see how well they stand up. Then browse Microsoft's excellent Strong passwords: How to create and use them. I promise you'll learn something.
your password's strength. You might be surprised.
Generating Strong Passwords
Creating a strong password is easy, provided you don't try to think one up on your own. There are dozens of Web sites that'll create passwords, but I don't use any of them. The last thing I'll do is trust someone online watching me create new passwords. Instead, download Password Generator, a freebie, and crank out all sorts of 14-character passwords.
Create a strong password with this freebie.
Keeping Track of Your Passwords
I just looked and counted roughly 220 sites I use that require a password.
Some site passwords, however, are immaterial. For instance, I use a simple-to-remember word for spots I rarely visit, places such as newspapers that force you to register and log in just to read articles, or tech sites with forum messages.
However, ever since the PayPal fiasco, I've changed every significant password on my system to a 14-digit gorilla.
Remembering all those passwords is a PITA, so you ought to consider using a password management tool. There are lots available. Many people like KeePass, a freebie; others swear by LargeSoft's $30 Password Manager. I anticipate easily 100 e-mails -- no make that 200 -- kvetching that I haven't mentioned your favorite. But as far as I'm concerned, RoboForm is the best one around, and I've used it since it was first introduced.
RoboForm, The Master at Passwords
RoboForm is a $30 program with more features for password management, privacy, and password identification than any other program I know. You provide RoboForm with all the vitals you might need to complete a site's form--name, address, phone numbers, and even credit card numbers. When you click the Fill Forms button, the program does just that. I've created multiple identities, each with different info. For instance, I have one with MasterCard info, another with VISA accounts. I have another identify I call "anonymous" that I use to fill in forms on sites that I'll never visit again.
 Enter data into RoboForm's Identity card and fill in online forms.
Click a Web site from the RoboForm Passcard screen, and RoboForm transports your Web browser to the site, logging you in if necessary. Need an industrial-strength password? RoboForm will generate one for you. And don't worry about security: RoboForm is itself password-protected. The program will also safely send an encrypted password through e-mail to another RoboForm user. (I was recently discussing with my wife the fact that neither of us can function without it.)
RoboForm's Passcard logs you in and inserts your password.
BTW, RoboForm foils keyloggers (programs that watch keystrokes) because instead of typing, RoboForm inserts characters into form fields.
Here's a summary of RoboForm's features, a comprehensive FAQ with answers to your most technical RoboForm questions and a way to compare the free and Pro versions.
If you need portability, RoboForm2Go gives you the same protection when you carry your passwords on a flash drive and use it outside the office. Both the RoboForm program and your password files reside on a USB key, so you can take them from one computer to another. The tool costs $40, but if you buy it at the same time you get RoboForm, the price drops to $20. If you dig around, you'll occasionally find discounts. (Google RoboForm discount.)
Siber Systems offers a 30-day trial of both products. They work in all versions of Windows and support IE and Firefox, but not Google Chrome, Opera, or a few other browsers. Take a look at the compatibility list.
There's lots more to say about password management, but I'm almost out of space. So while you're hot on the topic, read Bitmill's smart series of Password Security 101 articles. They're less basic than you might imagine.
Time Wasters
I know, you're not interested in fixing up your passwords; you'd rather spend time beating little monsters, figuring out if those things are float cushions, and otherwise wasting some time. So here ya go...
-- Have a guess what these things are? TechBite Reader Teri Stoddard asks, "what exactly are the things -- Scarves? Door draft stoppers? Exercise equipment? Swimming pool floaties?" Find out by looking here.
-- I know where it starts, but can't find the ending. It doesn't matter because Jenova Chen's flOw is an interesting diversion, with soothing music, that's especially valuable if you're having a tough day at the office. Use your cursor to move around and gobble up squiggly things.
-- This is one of the greatest prank calls I've heard in a while. I just feel bad for the poor schnook at the receiving end.
-- Here's a Flash animation from Adobe and I have to say, it's pretty cool (through very slow loading). Let it load completely before slowly moving the slider at the bottom; then click "Explore the new way to create" at the end of the card show for more cool graphics. [Thanks to Peggy Glenn.]
-- What more can I say. Trucking Duck is a cute video and satisfies my need for at least one animal video this week. [Thanks, Judy.]
Move Your Cursor
That's right, move it directly to the link at the bottom of the paragraph. Then use the right button on your mouse to highlight and copy it. Now you're getting the idea. Paste the URL into a new e-mail and send it to a buddy. No, make that 6 buddies. Tell said buddy (or buddies) you're enjoying this newsletter and suggest they subscribe by going to: http://www.techbite.com.
_____________________
You change your passwords yet? Bass is busy changing his, but he's still checking his inbox.
Steve Bass is TechBite's publisher and Chief Content Officer, He's also the author of "PC Annoyances, 2nd Edition: How to Fix the Most Annoying Things About Your Personal Computer," available on Amazon. Buy one soon. No, buy a dozen and get a discount.
Newsletter Subscription Resources
Enjoying this newsletter and getting something out of it? You can support us by sending a financial boost to TechBite by way of PayPal.
Sign up for TechBite's free Steve Bass Technology newsletter by heading to our, well, signup page. Previous newsletters are available online. Want a TechBite RSS feed? Here's the link to stick into your RSS reader.
To change your e-mail delivery address, or to unsubscribe, click the link at the very bottom of this newsletter.
Worried that your ISP may someday arbitrarily black list this newsletter? Us, too... So take a proactive approach: Find your ISP in our handy How To Whitelist TechBite in your Spam Filter ditty, and white list yourself.
TechBite is a joint effort of Steve Bass (in sunnyPasadena) and Mike Kronenberg (still freezing Denver).
Copyright 2009 by TechBite, LLC.
|
|
|
