Genuine Curiosity

Author Dwayne Melancon is always on the lookout for new things to learn. An ecclectic collection of postings on personal productivity, travel, good books, gadgets, leadership & management, and many other things.

 

Do's and Don'ts for Password Creation

In today’s world of online shopping, online banking, cloud data management and Internet-based teleconferencing, protecting yourself is more important than ever. The recent batch of stories relaying the horrors of celebrities and corporations being hacked and sensitive data being exposed only serves to highlight the necessity of having good security. The first place to start is with your own passwords.

People assume that if something has a password, it is protected. This is not always the case. Many hackers are adept at guessing passwords, giving them total access to all of your personal information.

How can you make your password more secure? There are several techniques you can employ, all of which will increase the strength of your passwords and help keep you and your information safe and secure. Here are a few do’s and don’ts.

Do's

Do go long. The longer the better. While you don’t want to go crazy because long passwords can be impossible to remember, make sure yours is longer than nine characters. Can't be bothered to come up with your own unique passwords for every site you belong to? Check out Norton's free password generator where you can specify length and contents at the click of your mouse.

Do mix it up. Have a combination of lower case letters, capital letters, numbers and symbols, preferably at least two of each. And don’t put them in a predictable order (in other words, don’t start your password with a capital letter).

Do use an anagram. Create your password using an anagram or sentence. “W!t2gMp&#b4uX” may look impossible to remember until you realize it stands for “Wait! try to guess MY password and numbers before u FAIL.”

Do take precautions. Remember that even the best password is not foolproof. For added protection, take advantage of services like LifeLock. It'll keep track (and alert you) of any suspicious activity on your accounts and will help you get your life back on track if identity theft happens to you.

Do use a password manager. Keep your passwords in a password vault (such as 1Password, LastPass, or a similar product). These products allow you to create random, complex passwords for each web site and stores all of them in a secure manner. 

Do change it regularly. If you've had the same password for more than a year, it is probably time to change it. I recommend a minimum of once per year - more often for critical sites. For example, I know someone who changes their online banking passwords at every time change (the same time he changes batteries in his smoke detectors). That is a good habit.

Use two-factor authentication, if it is available. More and more sites are offering two-factor authentication in which you not only enter a password, but you have to enter an additional verification code that changes all the time. The most common method these days is to send a text message to your mobile phone with a code that must be entered to complete the login process. Many banks and payment processors (such as PayPal) offer this as an option - it is easy and adds a lot of security to your account, and is highly recommended. 

Don'ts

Don’t use common passwords or familiar patterns. Using common passwords that are easy to remember might sound like a good idea, but they are often the first ones tried by hackers. Don’t use things like “iloveyou” and “password1." Check out the 25 worst passwords and read as a cautionary tale.

Hackers are also adept at using familiar patterns to guess passwords. Putting a capital letter at the beginning, numbers at the end or finishing with an exclamation point are all very common and predictable.

Don’t use your names or numbers. Avoid using common names or people in your life as part of your password. Also avoid things like the street you live on or the company you work for. All of these can be found out by doing a little digging.

Same goes for any numbers that can be associated with you or someone close to you. Birthdays, anniversaries, addresses, social security numbers, etc., all of these are easily discovered by potential hackers.

Don’t overlap. Using the same password for multiple devices or multiple websites can put you in danger. It may be a pain to remember all of them, but if a hacker is able to deduce one of your passwords, it is the first thing he will try on the rest of your security locations.  See the "Do" about password managers for ways to make this easier. 

Apologies for site issues and kudos to Hover.com

609_3799499.JPG

Some of you have sent me emails, messages, etc. over the past few days regarding this site being offline. I apologize for that, but have good news: everything is back to normal now.

Yes, GenuineCuriosity.com was down for about a week due to a snafu at my domain registrar. All should be fine now, and you'll see some posts showing up here soon (I have a backlog).

Kudos to Hover

Part of the solution to my issue drove me to change domain providers. I have heard a lot of good things about Hover in the past so I decided to give them a try. Actually, I've been an email customer of theirs for a long time - I bought a vanity email from a company called NetIdentity in the mid-90's and Hover acquired them at some point. I've been very happy with the email service, but just never had a compelling reason to move my domains there until I had this outage.

One of the things I liked about Hover was that I was able to just hand the problem to them using their "Valet Transfer" service. I gave them access to my old provider's account and they went through all of the steps to unlock and transfer my domains to Hover, as well as configuring my settings on Hover to restore service.

This was amazingly easy, and I highly recommend using the valet service. They charged my $9.95 per domain to do this work, but also extended each of my 7 domains by a year.

On top of that, some of the services I used to pay extra for at my old provider (rhymes with GoDaddy) are now included in Hover's service (such as domain privacy, protection from unauthorized transfers, etc.

If you're looking for a great domain provider, I can recommend Hover without reservation. And no, I don't get any compensation from them - I just think they are a good company to work with.

Sharper Minds Through Video Games?

I play a lot of video games during my travels - it is a great release to unwind in my hotel room, and I find it very relaxing (yes).  I flit from one to another quite often, but my current favorites are Borderlands 2, Diablo III, and Call of Duty: Black Ops.  I also tend to apply lessons I learn from video games into how I view the world; for example, I have given multiple talks about what information security can learn from video games - such as this brief talk the RSA Security Conference earlier this year).  

With that in mind, I wanted to make sure I wasn't deluding myself - to find out if there really is something to this "learning from video games" thing I preach about all the time.

According to the Entertainment Software Rating Board, 59 percent of Americans regularly play video games, with the industry earning more than $10.5 billion in revenue annually. The survey also showed 44 percent of respondents play video games on their smartphones and 33 percent play on wireless devices. The rise in popularity of gaming has also led to the rise of studies investigating the potential negative effects they have. The Ohio State University found an increase in violent video game playing resulted in a spike in aggression.  

For what it's worth, I can definitely tell the difference between video games and reality and I think this resultant increase in aggression might be true of any competitive activity, such as organized sports.  Of course, that is just my theory...  

Since I know I benefit from playing video games and I don't feel they are harming me, I was curious about the "other end of the spectrum" when it comes to the impact of video games.  As it turns out, more researchers are looking into how video games can benefit us and report surprising results. Boosting memory, delaying cognitive decline and increasing multitasking ability and confidence are just some of the ways we can benefit from regularly playing video games.

Boost your memory

Recent studies from the Georgia Institute of Technology show gaming won't necessarily improve reasoning and problem solving, but can help boost your memory. Working Memory Capacity (WMC), is our ability to recall information relatively quickly even while distracted. The study showed that gaming can help strengthen our memory skills, along with our ability to work on a variety of tasks or switch between them quickly.

That makes sense, since practice with just about anything - including retention of data - tends to improve your abilities in that area.

Prevent cognitive decline

Playing games and using the computer may help prevent cognitive decline and preserve brain function. Staying mentally and physically active — whether by socializing, exercising or playing games — could also delay the onset of Alzheimer’s. Game resources like iWin carry a variety of puzzle games and mind teasers that could help strengthen memory, improve hand-eye coordination and encourage problem solving on convenient mobile devices or tablets.

I used to play Brain Age on my Nintendo DS to help in this area, and I know people who swear by Sudoku and other puzzles as a way to keep their memories and minds sharp.  I say you enjoy it and it doesn't cause any harm, why not?

Improve Multitasking

Researchers at UC San Francisco discovered video games, especially 3-D varieties, can actually improve overall cognitive performance in older, healthy adults. Senior citizens who played the games for 12 hours over the course of a month showed an improvement in working memory and sustained attention. Their ability to multi-task also improved as they became more skilled at switching focus during their gaming activities.

Of course, we can't truly "multi-task," but the better we can context switch and get back on our mental feet when switching from one task to another, the better.  I've noticed that my eyes take longer to adjust from close vision to far vision as I get older, and I suspect that resistance to switching from one context to another is a challenge from a mental perspective.

Build Confidence

Scientists at the University of Essex explored if people's self-esteem improves while gaming because it gives them the chance to experiment with characteristics they envision their ideal self possessing. The Researchers discovered gamers enjoyed gaming the most when there was little overlap between their actual and ideal self. Participants reported feeling better about themselves after playing with the personality traits they wanted, such as being outgoing.

I definitely agree with this.  Even though it is an artificial world, I find that taking risks in video games makes it easier for me to take risks in the real world - it can help you feel less anxious in the face of the uncertain.

Improve your vision

While some say excessive video gaming can hinder your eyesight, some new studies show the opposite to be true. Researchers at the University of Rochester discovered action video gamers who play a few hours a day over a month improved their vision by 20 percent. This improvement came from being able to pick out letters from a clutter of images. Gamers played for about 30 hours and saw a significant increase in their vision's spatial resolution.

Again, this feels right to me.  Not only do video games improve my reaction time, they force me to expand my attention to take in more things - this is true from a visual point of view, but also from an overall situational awareness perspective.  I need to keep tabs on where I am, how I'm doing versus my objectives, how the others in my party are faring, pay attention to new threats and opportunities, etc.

The bottom line

OK, so maybe I'm guilty of contrived rationalization, but in my book, the data says playing video games is good for me.  Enough said - I'm sticking with it!

[Updated] SpiShutter hands-on - a great webcam privacy solution for MacBooks

A while back, I shared how you can use cellophane tape to keep people from spying on you with your webcam.

For the past month or so, I've been using an alternative called the SpiShutter which I really like so I wanted to share it with you.  Here is a brief video walk-through showing how it works:

I have the black version of the SpiShutter, but they come in a couple of other colors, as well. 

By the way - the privacy screen I mention is the 3M Gold Privacy Filter for MacBook Pro Retina computers - they are available for most other computers, as well.  That's meant for a different kind of privacy - namely, to combat shoulder surfers and neighboring travelers - and I swear by them. [Updated - corrected broken link]

Don't be a victim in the eBay data breach

If you're an eBay user like me, you'll have seen the news about their recent data breach in which users' names, email addresses, physical addresses, phone numbers, date of birth, and encrypted passwords were taken.  As part of my day job, I have been involved in sharing information about this incident, and thought I would share some of my thoughts here.

From the information publicly shared by eBay, it appears that the data breach involved securely encrypted passwords, which makes it more difficult to gain access to users’ eBay accounts en masse, as it will require brute force decryption (i.e. high-speed guessing) to determine the specific characters in an individual's password.  If you use a simple and/or a short password, the chances of them guessing your password quickly are much higher and if you re-use that simple password on other sites, your risk goes up greatly.  Remember, once the attackers have your email address and at least one of your simple passwords at that point, they can start trying that combination on other sites to see if they can get lucky.

The fact that user email addresses, physical addresses, and dates of birth were taken in the breach is more concerning.  Criminals could use your personal information to masquerade as eBay customers on other sites, or perhaps use knowledge of that data to ‘social engineer’ their way into users’ other accounts on other services.  Unlike the passwords themselves, the other user-specific information was not encrypted and therefore could be easily reused by attackers.

eBay will ask you to reset your password - do it, even though it appears they will make this optional.  Furthermore, use a complex password - I suggest that you use a product like 1Password or LastPass to help you manage passwords online (I use 1Password, personally). These products can help you create a strong password by suggesting and saving a highly complex password.  Of course, you should also make certain you are not using your eBay password on any other sites.

Many eBay users also have their accounts connected to PayPal for payments (PayPal is owned by eBay, but their statements indicate that PayPal was in no way involved in the data breach).  For additional security, I recommend you make use of PayPal’s optional feature which uses 2-factor authentication to verify the users’ identity prior to making a payment (you can find more information on PayPal's site).  Given that PayPal is linked directly to your bank accounts, this is a best practice even if there had not been a data breach at eBay - I have been using this multi-factor approach for a couple of years and it adds an extra step in the buying process, but provides a great deal more security.

Finally, eBay users have long been a popular target for phishing emails, and users must be especially wary during incidents like this.  To be safe, do not click on links in emails about eBay security or password changes; instead, type the eBay URL directly into your browsers and log into the site that way to prevent disclosing your credentials to spoofed, malicious copies of the eBay site.