Tim Hampton's Blog : Home

This article is one I’m writing in preparation for my next Tim’s Tech Tips (T3) video for work, and it’ll be posted in the Tech section of whlt.com when the video goes up.  As a gift of sorts to everyone, I’m posting the article here first!

Password security is often something that you hear computer talking heads mention ad nauseum, but it’s rarely used correctly if at all.  Here are simple and practical tips and resources for keeping your passwords secure.

I’m often reminded as I’m working with user accounts with all sorts of sites for my job that password security is incredibly important and yet equally incredibly overlooked.  Sure everyone knows not to write down your passwords and stick them on your computer or monitor, but few know why, and even fewer know how to create truly safe passwords and how to retrieve them if they forget it.

Here’s my story:  I use(d) three different passwords for all of my accounts, each one used for a different level of security.  One simple one was for accounts that I really didn’t care if someone could break into, like newspaper sites or social networking sites.  Another was for where I was making credit card transactions or similar sensitive but non-mission critical info.  The final, and most complicated password(but sadly not complicated enough to not be hack-able) was for my online bank accounts and credit card sites.  I made a lot of mistakes in creating my passwords that even someone like myself who deals with computers on a daily basis and knows all the horror stories should avoid.  In the process of researching T3 episode #3 I’ve decided to start putting into practice better password security, and have already switched out some pretty easy-to-crack passwords for much more robust ones.

Following these tips are a full list of the resources I’ve looked at; the tips use the mnemonic “SECURE”:

1. Secure passwords should never be an afterthought.  Just like you would never consider a locking doorknob and deadbolt on your exterior house doors an afterthought, don’t treat making your passwords secure and “uncrack-able” as an afterthought.  Your login information is literally like your front door: if the password(“doorknob”) is weak, then your information(“personal belongings”) are vulnerable.
2. Every account should have a different password.  While every password doesn’t necessarily have to “uber-secure”, every password should be different.  The reason why is because if a hacker is able to access one of your accounts using a simple password the mindset you’re showing him is that you’ve likely protected other accounts with the same password.  One of the biggest mistakes people make is using the same password, even if it’s a very secure password for multiple accounts.  If you use the same password for some or all of your accounts, you might as well just hand the hacker a key to your house.
3. Change your password with some frequency.  The IT policy at your job may physically require you to change your work computer password at certain regular intervals (i.e. 30 or 90 days), but it’s doubtful that you have the same policies with your online logins or your logins at home.  Set a specific and regular time to change all your passwords.  One month is a short enough period of time to remember easily but long enough that you don’t feel like you’re always having to change your passwords.  You can use programs like Microsoft Outlook and many others to remind you when it’s time to change your passwords for all your accounts.  The reason for changing your passwords regularly is that it makes it that much harder for a hacker to discover the correct password within that period of time.
4. Understand social engineering.  There are three ways hackers discover your login information: brute force, dictionary hacks, and social engineering.  The last one, social engineering, is basically when the hacker either physically gets on your computer and grabs your password information(a very good reason to hit “Windows Key + L” whenever you walk away from your password-protected computer to lock it while you’re away), or he will pose as some trustworthy source like your ISP or credit card company.  This is also called “phishing” when it applies to emails or websites that are designed to take your login information illegally.
5. Resist writing down your passwords.  Much like #4, this tip avoids the social engineering process that hackers use to gain your login information.  And before you think you’re clever, saving your password text files with a different extension (i.e. changing a .txt file to .exe in an attempt to disguise the actual file) is NOT a safe way to hide your passwords on your computer.  Hackers are smart people, and they’re going to have programs that are able to dive into the actual data and see that your supposed executable file is really a text file with your password information.  This is similar to using a plastic hide-away rock to hide your spare door key.  Think of these programs as the hacker using a metal detector to find the “rock” that the key is hidden inside.
6. Educate yourself on security.  While you don’t have to become an expert in the field of cryptography(literally, the field of creating code-words, to put it simply) it is important to have a basic knowledge of how passwords and authentication in general works, how hackers think, and what are some of the best security programs.  The end of this article features some resources I’ve found related to passwords themselves, but you can’t definitely use some of the sources on those sites to further your education.  Before you complain about how difficult you think it might be, remember that you know the importance of having a safe home including solid door locks, having a neighbor watch your house while you’re away, and/or having a home security system installed in your house.  Treat your login information with the same degree of caution and concern.

There are good programs that exist that can be used to securely store your login information and/or create secure passwords.  One I use is SignUpShield Passwords.  It is able to store passwords for most of the websites you’ll use.  Some websites are designed in such a way that the program simply isn’t able to save your login information though, but this is very rare.  On top of that, the entire program is protected with a master password.  You can also use it on a U3-enabled flash drive, which you can find out a little more about in T3 episode #1.

For creating secure and random passwords, I use a page at Gibson Research Corp.’s website.  PCTools also has a page that offers free secure passwords.  Obviously they want to try to sell you their software, which I haven’t used so I can’t recommend for or against its quality.  It generates a completely new “pseudo-random” password string every time you load/reload the page, and goes into detail on how the process works.  It explains it in simple layman’s terms and in more technical terms if you’re interested.  There are also some sites that offer free password security level checks, that use certain rules to determine whether your password is really as strong as you think it is.  Here’s one hosted by The University of Chicago and another.

For additional information on creating safe passwords here are some additional links:

• Safe Computing
• Safe Computing: Choosing a Good, Memorable Password
• Password Tips for Privacy
• 5 tips for top-notch password security
• Wikipedia: Random password generator

Whether you celebrate Thanksgiving Day or not, I want to wish each and everyone of you a great Thanksgiving Day, or just a great Thursday off from work.

Be sure to tell someone that you’re thankful for how much they mean to you today.

I just started reading Glenn Beck’s The Christmas Sweater tonight while I was working out and it really dawned on me that we’ve allowed a generation of politicians to take over this country who have no sense of having to really be self-reliant.

But you’ll say “Oh but Tim, of course they know how to be self-reliant!  It’s not like they grew up on food stamps and government checks all their life.“  True, but how many do you think actually earned, with every bit of themselves, the station in life they have today?

Now don’t get me wrong, I fully hope and believe that there are a fair share of politicians at our federal and state levels that busted their butts to get ahead in life and did it against incredible odds.  My contention is with two particular groups of people: Those who worked their butts off and now that they’re doing well want to provide for others using our tax dollars (e.g. the so-called compassionate conservative), and those who were given second and third and fourth chances and went on to do great things and now want to do that very thing with others as if it’ll result in carbon-copy, cookie-cutter replicas of themselves.

In regard to the first group of people: Compassionate conservativism is really just code for “socialist in Republican clothing”.  Because if you take an honest look at the sort of agendas these CC’s propose, they’re at best populist and at worst Marxist with a heavy coating of sugar to make it go down better.  The term actually originated from Doug Wead.  The root philosophy is sound: use proven conservative principles and the free market economy to help the poor.  This however has been muddled by left-leaning Republicans and besmirched an otherwise good political philosophy.

I fundamentally believe that it’s important to help those people who are truly in need and have shown themselves to exhaust all other options up to that point.  If we provide for people’s needs out of a knee-jerk reaction it has the potential to enslave them to an entitlement mentality in the end, especially when done with government dollars.  Unlike ordinary individuals who make decisions, consciously or unconsciously, with a certain moral set regarding helping someone they may know, the government has not and can never really know a person’s situation well enough to come close to knowing when holding assistance back from them is actually more compassionate than providing it.

It’s through trials and hardships that proven character is produced.  It’s that very fact that we’re made uncomfortable by our hardships we go through that spur us on to doing something to get out of the situation.  Basically, it’s like the ordinary human response to pain.  Let me provide an example:
Let’s say when you were a kid your mother told you not to touch the stove top when it’s on because it’s hot.  Of course being the kid you were, you went ahead and touched it and got burned.  This isn’t bad parenting: it’s learning.  Your mother could just as easily have sent you to your room and repeated this process over and over again to shield you from any chance whatsoever to burn yourself on the stove.  Now certainly you didn’t have to touch the stove to learn that your mother was right, but since it wasn’t going to kill you your mother was smart enough not to lock it up (or vicariously by “locking” you up in your room) like she would with household cleaners that could easily kill you.

That is exactly what getting rid of government handouts, in my opinion, would have the potential of doing: acting as de facto good parenting.  Sure there are cases where there is a genuine need after all resources have been exhausted, but I would wager to say that that is a small exception that has been made into a very big rule.  Pain is good if it propels you from the bad situation you’re in into a good, or at least better, situation.  If we continue down this course of providing government handouts for everybody including the big auto manufacturers, banks, and most importantly individuals we hamstring everyone involved by preventing them from learning from their mistakes and/or misfortune and prevent them from really having a psychological reaction to their problem and motivate themselves to be self-reliant before relying on others.

Just got done changing some stuff with the site as I’m moving closer toward breaking some of the more common topics I find myself blogging about into separate blogs on the site.

If you’ve noticed a bunch of my old blog entries appearing again in the RSS feed, that is why.

Happy Veteran’s Day to everyone in the blogosphere!

I’m reminded on Veteran’s Day of just how important our servicemen and servicewomen are to our country, and the fundamental principles of life, liberty, and freedom.  It doesn’t matter what political party you align yourselves with, if any, we all should thank our veterans today.  Sure it’s cliche to say “Freedom isn’t free” but it’s just so true and really only our noble veterans who paid that debt with their own lives know this the most.

I encourage everyone to personally thank a soldier today for their service.  Whether you agree with the wars we are engaged in or not, these people deserve our respect simply because of the sacrifices they make personally, for their families, and for us civilians who don’t have to go to war.  Not to be morose but it has been by the blood of patriots, by and large our soldiers, that our country has been able to flourish over the past 232 years as it has and been able to be the historical pillar of democracy and freedom that we have been and can return to.  Let’s all honor our fallen and living veterans today.

Note: I would’ve sent this whole message out sooner but I was at a meeting for work with some people at the Mississippi Armed Forces Museum for a joint project we’re working on.  I’ll be talking more about it in the near future as the plans get finalized, including the sponsors we are bringing on board.  Take it from me, it’s gonna be awesome!

Check out my newest T3 article at WHLT.com.

Repost of article:

This CNET.com article talks about 7 particular new or improved features coming to Windows 7. Most of them relate to device recognition and, for the most part, this is what Microsoft really needs to focus on with Windows 7: device support.

Windows Vista has been plagued with driver/device support compared to its predecessor Windows XP. This was so much so the case that several developers simply refused to support any driver updates for Vista because of how difficult it was to work with built-in features of Vista such as User Account Control (UAC).

Microsoft is certainly taking the right path on developing Windows 7 if this continues to be the sort of changes we can expect.

Hopefully another feature they’ll include is requiring users to create at least two accounts when they first install or upgrade to Windows 7: a "super-user" administrator type of account and a limited-access, everyday use, regular account. Most people (including myself, sadly) make regular use of their super-user account without realizing they are subjecting themselves to increased security risks by doing so.

Tech tippers love new stuff

Just saw this at GlennBeck.com, a site that I check out from time to time.

I’m thinking I may just add it to my site as well, at least in a smaller form factor if not a page devoted purely to it.