sarcastic answer stupid question

Exercise In Futility

Ok, here’s the thing. The world is full of stupid questions, eye-rollingly stupid questions. If people had an easily accessible brain in their head, perhaps the stupid questions wouldn’t flow like bourbon on Christmas Day. My entire life has been in search of the perfect balance of sarcasm that gets my point across but doesn’t insult the person it’s being fired against. I think I finally achieved that, just yesterday, during my daily lunchtime coffee run.

The conversation shifted to passwords and the amount of them we all are forced to remember. Being the computer geek that I am, I used this as an opportunity to plug LastPass, the superawesome password manager that has simplified my life in many ways. There’s a learning curve to it, a shift in thinking that fundamentally forces you to hit the orange reset button (old school computer reference) or the learning curve will run you over. For most that understand that you need passwords, and they’re not going away, learning to use a password manager isn’t too difficult. I had thought, sort of smugly, that my words had translated into yet another word-of-mouth sale of LastPass. Boy was I wrong.

Me: Once you get everything into LastPass, the only password you need to remember is the master DB password.
Them: Do you store that password in LastPass too?

 

Me: No. (red flag) The master password unlocks your encrypted password DB so you can get to the rest of your stored accounts.
Them: I have to remember another (rolled eyes) password?

 

Me: Uh, yeah, but it’s the last password you’ll ever need to remember.
Them: Cool, I can make it my standard password.

 

Me: Probably not a good idea, this is the one password that unlocks every other password you have stored. I’d suggest that you make it 20 character or longer.

 

Them: How will I ever remember THAT?

 

Me: Make it a passphrase with each word capitalized. An example could be “MyDogsNameIsRoverAndHeIsAGoldenRetriever1234”
Them: Does it really have to be THAT long? What about “masterpassword” with the s’s $’s and the o as a zero?

 

Me: Yes, it does, but you should just stick to your address book of usernames and passwords.
Them: How did you know that?

 

Me: (blank stare) Experience…..

The need for usernames and passwords, even with multi-factor and 2-factor authentication verification in place, isn’t going away anytime soon. Bio-metrics like fingerprints are still relatively new and not completely secure. Facial recognition has its problems too. We’re still a long way off from ditching passwords is what I’m saying here. Take some personal responsibility for your information because no one else will. My personal information was leaked in the Equifax breach, so was my wife’s, but I was not the least bit worried about my accounts. The password I use to secure my LastPass account is so long, I actually had to shorten it when I first set it up. The earlier password I used to use, a paltry 15 characters long, averaged about 275 years to crack with current software and technology. Yeah, not worried about my security.

A saying I remind people of all the time that holds true today as much as it did 20+ years ago:

It’s not IF, but WHEN you get compromised.

Words to live by in a world that is hell-bent on getting as much data on you as possible.

Three Things Thursday – 03/02/2017

three-things-thursday-winter-image-nerd-in-the-brain

Inspired by Nerd in the Brain

BRING THE HAPPY!

I can’t believe it’s already March!!  As I’m a life long technology geek, I thought I would highlight three services/applications that I use to help keep my stuff from falling into the hands of the NSA, lol.  Yes, the fact that my data is hard to get makes me happy.

DISCLAIMER:  I am not compensated in any way from any of these products.

LastPass

big-lastpass-e2e05cb13e7dee6d66f85c84d4a288e5

I’ve been using, and paying for, LastPass for a few years now.  I pay for it now as I have multiple devices that I need to access passwords from and a paid subscription is required to do that.  The best part of using a cloud based, encrypted password manager is that I only have to remember one really hard and complex password (master DB password).  I let the application auto-generate random complex passwords for most of the sites and systems I access on a regular basis.  These guys have slowly improved their system and platform so that it’s great on any device.  I highly recommend if you’re pulling your hair out trying to remember all your passwords.

Boxcryptor

boxcryptor-logo

This is a new service for me as I got tired of manually encrypting my files on my laptop before uploading them to my cloud storage.  Boxcryptor allows me to assign entire folder structures or just select folders (sensitive stuff) locally and then the encrypted version is then synced with my cloud storage.  It has proven quite effective as not even my wife, whom I share my online storage with, can get into the files that I’ve set to auto-encrypt based on the folder.  I’m still evaluating the product, but have not run into any problems yet.

ProtonMail

protonmail

Need to send encrypted emails?  Want to have your emails inaccessible to even the provider?  This service does both.  I was amazingly impressed with them but wasn’t convinced they didn’t have access until I forgot my decryption password.  They informed me that I would have to reset my database and lose all the stored email.  I now use this account exclusively for very private or sensitive information such as taxes and insurance stuff.  I’m not sure at this time if its open to everyone or still on a waiting list.  They’re based in Switzerland.

 TTT Weekly Music Choice

rockondaughter3 by Sweet Cyanide

It’s not a matter of if, but when (Part II)

As promised, here is the second part of the post the other day. A disclaimer, these are only services and resources I’ve used in the past and found useful or appropriate for the situation at that time. I’ve noted the ones that I’m using currently and why I’m still using them despite more well known products or resources being available. The majority of what I’ve found in my experience is that online protection and security is more behavior (knowing what not to do or recognizing signs its bad stuff) rather than finding the right application to rely upon. What I’m using currently is an extension to my own experience and knowledge that helps when its not clear if I’m going down a road to something malicious.

Online Safety Resources

These are sites that I’ve come back to time and time again as resources to help people. Everyone has to realize that it’s their responsibility to keep themselves safe online because no one else is going to do it for you (unless you’re a child with proactive parents). The wife and I have consistently kept a lot of technology away from our daughter on purpose because we knew she wasn’t ready to 1) listen to our advice and 2) properly police herself online. A recent foray into YouTube that got her into some real-life videos with questionable content is a perfect example. She didn’t know enough to say “I shouldn’t be watching these” and close the application. The computer is now only allowed in open family space, no more in the bedroom with a closed door!

YouthSpark Hub (sponsored by Microsoft)

StaySafeOnline.org (sponsored by National Cyber Security Alliance)

Get Safe Online

Protection (Anti-Virus / Anti-Malware / Web Filtering)

Out of all the things that you can choose to passively keep yourself safe out there, these are the three that I highly recommend. They’re a good balance between protection and minimal resource impact on the machines you’re running them on. I’ll address each individually to make things easier.

Microsoft Internet Safety & Security Center

This is a combination service that includes Microsoft Security Center and Windows Defender that come bundled with Windows 8.x and Windows 10. It’s automatically enabled by default and if you don’t know that they’re there, you’re already protected to a certain extent. I like this application because it literally sits in the background and only reminds you its there when something bad is about to happen or your actions are going to trigger something bad. It would well despite some of the bad press online, however its free and capable at protecting the “macro” stuff.

Microsoft Family Safety

Probably one of the best services I’ve seen from Microsoft, this lets you create an account for your child with a password they select, yet let you watch/see/block anything you want. An amazingly easy interface, you create the Microsoft account while logged in with your account and authorize their account on only the devices you want them to be able to log onto. You have the ability to restrict their total time, the time frames they’re allowed to log on, as well as see everything they download/install/browse online. If a site shows up you don’t want them getting on, a quick click of “Block” next to the site will remove their ability to get to it via any browser. You can also block installations of certain applications (like Firefox or Chrome) forcing them to use IE or Edge so you can keep track of their online behavior. Instructions are easy and they take you through every step.

Sophos Home (anti-virus/anti-malware/web filtering)

I highly recommend this service due to the ease of use and quick setup. You create an account, then install the Sophos Home agent on every computer you want to protect (up to 10 for free). Each computer shows up individually by machine name (I change them to be specific, e.g., “DaughtersLaptop”) and lets you review their online activity. This is an added blocking defense for any site that they got to that Family Safety didn’t block for some reason. In addition to the web filtering, this is also an added anti-malware tool and has an extensive database of web sites that have been reported as having a bad reputation in regards to malware or virus activity. Simple installation and small footprint (less than 50MB of memory used when running), this passively watches in the background.

Passwords

I can’t stress enough how important it is to have strong, complex, and long passwords. A password using capital/lowercase letters, numbers, and special characters that is 8 characters long, can be cracked in about 6-8 hours @ 1,000 attempts/minute. The same type of password at 15 characters will take 2-3 years @ 1,000 attempts/minute. Once you add in non-standard characters, it could take decades to crack. It’s not a matter of making your password uncrackable (that’s impossible) but more a matter of making it so long to get it cracked that they move on to the poor guy that has decided to use “12345678”, “p@ssword1”, or “qwerty1234” as their password for their banking site. And please, don’t be a smart-ass and make it “passwordWITH1number”….. that’s just stupid.

I personally use LastPass and definitely utilize the password generator built into it for everything now. I can access my password database on all my devices including my mobile. The database is encrypted even in the cloud to the point where LastPass is unable to decrypt it should I happen to forget my master keycode. They also just released an authenticator application (numbers that sequence every 60 seconds) to allow for dual-factor authentication on sites that allow it. WordPress supports it 🙂

LastPass – Password Manager

Creating a strong password

How to Create a Strong Password (and Remember It)

How to Create a Super Strong Password (Infographic)

Well, there you have it, a lot of information to digest and absorb. It’s worth the read in my opinion as it holds true: “It’s not a matter of if, but when” you get hacked / you get a virus / you get malware / you get phished / etc. Stay safe out there!