Dear friend,

 

Welcome to the Aug 15, 2009 issue of
CompuNerds.Net-News

 

(Our privacy policy: We will never sell, rent or give your email address to anyone else. Period.
If someone forwarded this e-newsletter to you and you'd like to subscribe to it, please click here.
If you don't want to receive it any more, press 'Reply' and type 'unsubscribe' in the Subject line. Thanks!)


Our intention is to send out this e-newsletter every two weeks. The goal of our CN.Net-News is to share information that we think you'll find helpful as you wrestle with that little monster on your desk, your computer. And we aim to present this information from a Christian worldview. So here goes!

THOUGHT FOR THE DAY
Give a hungry man a fish, and you'll feed him for a day.
Teach a hungry man to fish, and he'll buy a funny hat.
Talk to a hungry man about fish, and you're a consultant. - Scott Adams

TODAY'S TOPIC: PASSWORD SECURITY
Why bother with creating strong passwords, or any at all? Why not use one password on all websites you visit? Because first of all, passwords protect your identity and your property. Secondly, if someone can guess your password on one website (like Facebook) and you use the same password on other websites (like e-Bay or your bank), you can be out thousands of dollars before you know it.

Your identity consists of the information about you - your ID ("identification") cards such as driver's license, car registration and license certificate, birth certificate, Social Security card, credit cards, health insurance card, etc. But your identity, who you are, is also made up of the information that you take into your mind on a regular basis. Think about it: your friends' names, addresses, phone numbers, and email addresses; your workplace name, address, phone number and your title there; your church info and other social relationships - all of these define who you are, your "persona."

More and more, this information is stored on your computer, on someone else's computer, or on the Internet somewhere. What happens if you can't get at this information any more? If a person comes down with amnesia, all of this information about these social relationships has vanished from his conscious mind. I wrote in the introduction to my book The Ministry Driven Church - which you can get for free at http://www.agape-biblia.org/ministry/ - the following:

Our being and purpose is defined in relationship to other people and to God, the Ground of Being who "came down" to Moses. When a person wakes from a head injury and has amnesia, he asks, "Who am I?" He then reconstructs his identity by his relationships as people close to him come to him and remind him who they are to him. When God comes down to us and we begin to have a relationship with Him, we find our true being and purpose.

That's why your identity is so closely related to your passwords: if you lose them, it's like you contracted a sudden case of amnesia. Or if you have easily-guessable passwords such as "123456", "password", your parent's, spouse's or child's middle name or your birth date (in reverse order to try to be clever!), your pet's name, if your mail is stolen, etc., someone can ask a few seemingly innocent questions or dig around in public records and then try using that info at a store or bank, on your stolen computer or on websites you visit frequently. Then bingo! Identity theft has taken place!

This happened once to my wife. We found out the hard way about identity theft: while we were living in Russia someone had used her old Sears credit card number to run up thousands of dollars in debt. She hadn't used the account in years, so she had simply cut up the card. We suspect that a renewal letter from Sears Credit was delivered to our old address. We had moved from that house a few years earlier, but the bill collectors thought that was still our address. After dozens of harassing phone calls from bill collectors, and hours and hours over several months we finally cleared up this mess and Sears wrote off the debt. Our first lesson is this: if you stop using a credit account, don't just cut up the card, also notify the lender to close your account. Identity theft is very real!

Identity theft takes place most frequently today, however, by someone getting your passwords or otherwise bypassing security and stealing your personal information. Lesson two: don't let your birth date, place of birth or other personal information be displayed for all to see on some website like Facebook. Did you know that there's a formula to compute your SSN (Social Security Number) by knowing your full name, and your place and date of birth? It's often correct on the first try, and if that number was already taken, a few more tries will generate your SSN about 90% of the time.

A survey taken not long ago showed that most people use normal English words for their passwords. Ask yourself and some friends if they do this - you'll be surprised how many people do! Hackers know this, and have programs that first try a list of common passwords and next simply go through the dictionary trying each word on websites where they can see people's User-IDs. These programs can make hundreds of login attempts per minute.

CNET.news recently revealed that the Conficker worm infected millions of computers all over the Internet by first guessing people's Gmail passwords, then logging in to those hacked email accounts and sending the worm to 500 people per day from each of those accounts. Google had been allowing people make 100 attempts per hour to guess their lost password - that's 1,200 attempts per day - and to send 500 messages per day. When the folks at Google learned about this "security hole" in Gmail, they immediately decreased the number of login attempts allowed, and limited the number of email messages each account can send per day from 500 down to 100.

So how can you come up with unique, hard-to-guess passwords for each website that requires one? And where do you keep your website passwords, bank account and credit card numbers, driver's license number, etc.? Are they written on a sticky note attached to the back of your computer monitor or the bottom of your keyboard? Bingo! That's where a burglar will look right away. Are they in a .txt or .doc file that would be plainly readable if the wrong person had access to your computer, or the file would disappear if your hard disk crashed?

The answer is a good password vault program. You first create a "master password" that's hard to guess but easy for you to remember. The program will encrypt the master password and all of the other passwords for websites you visit, your various ID numbers, etc. Then you should back up the file of encrypted passwords and your password vault program in at least two separate places. A good master password consists of a combination of 8 or more numbers and letters in uppercase and lowercase. You can use special characters like $, *, !, # and _ if you want.

How can you remember this jumble of special characters, numbers and letters? Easy: think of a phrase like "row your boat" then deliberately misspell some words, capitalize some letters, add a number or two and some special characters. The result might be "2Roe#Yer%Boot!". Or you might use the first letters of a sentence you can remember, such as "I graduated from U of Minnesota in 78" which produces "IgfUoMi78" (don't use these - some hacker has probably copied them down by now).

What are some of these password vault programs? The one I've been using for a few years is Acerose, free from www.dexadine.com. Like most such programs, it will generate impossible-to-guess random passwords like "nqGpHyNkei2esl7" for the websites you visit that require passwords. It can also copy the password to your clipboard if you right-click on an entry in your list of websites, and launch your browser to that site. I'm quite satisfied with this program.

Another good program is KeePass - www.keepass.com - that won first place (46%) in a recent comparison of 5 password vault programs. It's also free, and is available for Windows, Linux and Mac operating systems. It is included in the PortableApps package that I'll tell you about in our next issue. One program that's been around a while is RoboForm - www.roboform.com - that has a free trial period, but when the deadline comes around it limits you to 10 entries. The full version costs $30.

A new free password vault program is Lastpass - www.lastpass.com - that puts a new twist on things: it recognizes when a website requires a password, automatically fills it in, and encrypts your new passwords both on your computer and on their server. This is really slick, especially if you're not using your own computer! But if something sounds too good to be true, it probably is: would you trust placing your list of passwords - supposedly so highly encrypted that they're not crackable - on a free website? And what happens when they decide to start charging you $100 per year for their service? Or when this free service goes away... at the same time your hard disk crashes?

A similar problem can arise if you use an encrypted master password in the Firefox browser. This browser can remember the password for each website you visit that requires one, and if you choose you can set up a master password that it encrypts along with all of your passwords it keeps track of. When you go to one of these sites, Firefox asks you to enter the master password, and then it fills in the password for that site. That's really nice, but when I tried to find where that encrypted password file was located so that I could back it up, I couldn't find it anywhere in the Firefox folders. It must be saved somewhere deep-down in the guts of my computer, probably in the Windows system registry. What happens when your hard disk crashes, or when you're not using your own computer? If that was the only place you were keeping your passwords, you're locked out of your own identity.

So the third and final lesson in this thrilling adventure of the first issue of CN.Net-News is this: if you can't back up your encrypted password file, you have potentially lost it already. Get yourself a password vault program that creates an encrypted password file you can back up and take with you, and then use it.

There you have it - our first issue of "CN.Net-News"! Feel free to forward our CN.Net-News to a few friends (but don't spam!).

Here's our new website - we now have a professional-looking domain name - www.CompuNerds.Net - and our own custom email address - [email protected].

Of course, there are lots of "freebie" places on the web where you can create your website, such as weebly.com, homestead.com, viviti.com or bluevoda.com... not to mention all the blogging websites like Facebook and Blogger on the Internet ...but these places 1) create "cookie-cutter" sites that have a strangely similar look and feel - deja-vu all over again, 2) they place your website name as a sub-domain under theirs - not very professional-looking, and 3) they lock you into their hosting service and/or their proprietary website software - they "own you." You can't just pick up your website and move to another hosting service. And if they shut down, your website goes "poof" - it vanishes.

So if you'd like to have your own custom website and unique email address that you control, you can either contact us to help you design it and bring it online, or you can click below on "website hosting and email". We can also teach you how to attract visitors to your new website - what good is a store front if nobody comes through the front doors? And we pledge to use standard, off-the-shelf or open source software so that you're not "locked in" to us.

Yours truly,

Bob the CompuNerd

<><
Visit our website: CompuNerds.Net
Quality website hosting and email