TECH TALK: One account to rule them all

ERIC’S TECH TALK

by Eric W. Austin
Computer Technical Advisor

This week, in our continuing series on finding anonymity online, we’re going to address one of the most important ways to ensure your life online is a safe, secure and happy one.

Passwords.

Remember when the most you had to remember was your ATM pin? Those days are gone, and now pretty much every website wants you to log in with a username and password. If you are like many people, you might use the same combination for multiple sites (except for those sites where somebody already took my username! Arrgghhh!).

You also probably know just how insecure this practice is – hack that one password and a hacker will have access to all your other accounts!

So, it’s utterly important to use unique passwords for every site you visit — or at the least any site that has sensitive or important personal information about you, such as online banking, or places you use a credit card and with your address like Amazon or Target.com.

Before we go any further, let’s review what makes a good password. Stay away from using personal information for your password, like a birthday or pet’s name, even though it would be easier to remember. Try to use numbers as well as letters and include a special character or two (@!#$% etc…). Make it at least eight characters long, the longer the better. According to Google, using numbers and special characters makes an eight character password 30,000 times more difficult to guess than one of lowercase letters alone!

But how do you remember all these passwords? There are a number of ways to go about this, and they each have their own pluses and minuses. Many people (including myself) use a password manager, which usually is an extension for your browser that automatically saves passwords for you.

There are a number of good ones available. Personally, I use LastPass, which is available for all platforms. My only quibble with it is that it is only free for the desktop version. The app for IOS or Android will cost you.

But any similar password manager will do. Just ensure it’s a company that has been in business for a while (you don’t want them going belly-up and taking all your passwords with them). And read through their policy FAQ to make sure they take security seriously. The benefit of a password manager is that many will also generate passwords for you, and being random, they are highly secure.

Of course, no one can remember dozens of completely random passwords, so if you lose access to your password manager you often lose access to your passwords as well.

If you don’t want to use a password manager service, you’ll likely have to write them down somewhere. I recommend that you don’t keep a password file online for obvious reasons, and if you use Word or Excel to store passwords locally, secure the file with a password so that it is encrypted and cannot be digitally scanned if you get hit with a virus.

Also, don’t name the file “passwords.doc”!

Surprisingly, the most secure way to store your passwords may be the old-fashioned way: with paper and pen. Keep a notebook next to your computer and write each one down. Just don’t leave your notebook somewhere carelessly like an airport or restaurant!

Assuming you’ve decided on the best way to st
ore your passwords, and you do not want them to be randomly generated for you, how does one come up with so many secure, unique passwords?

While completely random passwords are the most secure, second best is a password that at least appears random. This is a tip a friend of mine suggested years ago and I have used it ever since.
Create a password “formula” that will look random to anyone else, and allows you to make it unique by tweaking only a single element of your formula. Let me show you what I mean.

For example: Let’s say my password for Amazon.com is “P48:bates!@AM” (without the quotes). It’s obviously not a completely random password, but because none of the elements directly relate to me it’s very difficult to guess. My formula for this password is simple: favorite bible verse [Philippians 4:8] + name of favorite movie villain [Norman Bates] + “!” + “@” + first two letters of the website name capitalized [AM].

Using this formula my password for Target.com would be “P48:bates!@TA”. Although the password looks complex, it’s made up of parts I can easily remember. This way we achieve a complex, unique password that is made up of numbers, symbols and lower and upper case letters, but is still easily generated and easily recalled.

Is it as secure as a completely randomized password? No. Is it better than using the same password on every site? Absolutely! How ever you define your password formula, use elements that are unique but unrelated to you and never — never ever — use any personal information like your name and address or birthday as part of that formula.

As a final piece of advice, and tying back to my headline, let me emphasize that not all accounts are created equal. If you have a Google or Microsoft account which ties all your other accounts together (the one where a password support request from other websites will be sent), give special care to the password you use for that account, and change it at lease every six months.

I hope this has been helpful, and please tune in next time when I’ll dig deeper into VPNs, proxies and firewalls, oh my!

Have a question or idea for a column? Eric W. Austin is a marketing and technical specialist and can be reached by email at ericwaustin@gmail.com.

TECH TALK: Who are you again? How to be anonymous online, Part 1

ERIC’S TECH TALK

by Eric Austin
Computer Technical Advisor

Part 1

Much of the convenience we get from the Internet comes from the fact that it stores so much about us online. This is both a positive and a negative. Sure, it’s nice to be able to order more laundry detergent without leaving the house, or to check on our bank balance without going to the bank. But the price for that convenience is personal exposure.

And that’s what it really comes down to: personal exposure versus convenience. There is no secret formula that will provide you with the latter without sacrificing the former. Any precautions you take online are guaranteed to impact what makes the web so convenient in the first place.

And as with most things in life, the answer to this conundrum is different depending on the person and the situation. How much exposure can you tolerate? Which is more important to you: personal privacy or convenience?

Because truly, the only way to be completely anonymous online is not to go online at all.

But knowledge is power. And knowing the risks, as well as how to protect yourself from them, is as essential to having a successful life online as anywhere else.

In this, and subsequent articles, I’ll discuss a few ways that you can limit your exposure while still getting the most from the benefits of online convenience.

Know your online behavior: Some online activities are riskier than others. Be aware of your level of risk before engaging in anything online, and limit your exposure based on the risk level of what you are doing.

How do you know which activities are risky and which aren’t? Easy. Just ask yourself: “Do I want everyone in the world to know what I’m doing right now?”

If the answer is “No”, then it’s risky.

http:// vs. https:// Every web address begins with “http,” which stands for “Hyper Text Transfer Protocol”. This is the data protocol that dictates how information is transferred across the web. The “s” in https stands for “secure” and means that the data is encrypted before being transferred. This is not such a big deal in 2017, as almost all websites now use the “secure” hyper text protocol for nearly everything. However, it’s worth noting that you should never transfer personal information across a non-secure “http” link.

Private Browsing: One of the easiest tools in your belt for staying anonymous online is “private browsing.” This is a feature in most modern browsers that automatically changes your settings to prevent your browser from saving information about your activities, including: which pages you visit, a record of your searches, cookies, passwords and cached content (like images), among other things. This is called “Incognito” in Google Chrome (Ctrl+Shift+N), and “Private Browsing” in Microsoft Internet Explorer (Ctrl+Shift+P) and Apple Safari (CMD+Shift+N).

While this option won’t safeguard any information you are sending over the Internet, it will prevent you from leaving any trace of your activities on the computer you’re using, which can be used by other websites and advertisers to track you. And you should always activate this feature when using a public PC.

Do Not Track option: The Do Not Track (DNT) option is a fairly recent addition to the settings in your browser which alerts websites and advertisers not to track you. While its effectiveness is entirely dependent on whether the website or advertiser chooses to pay attention to this flag, I still recommend you keep this set to “No” in your browser settings.

Well, this is the end of my column and I’ve barely scratched the surface of this topic. We haven’t talked about Proxies/VPNs, Firewalls, passwords and password managers, virus and malware protection and avoidance, alternative browsers and search engines, or ad blockers! Phew! Tune in next time for part two.

Have a question or idea for a column? Email me at ericwaustin@gmail.com, subject line “Tech Talk!”

TECH TALK: Tracking your every move

by Eric Austin
Technical Advisor

Remember that story about Hanzel and Gretel leaving breadcrumbs behind them so as not to get lost in the woods? Well, this week’s topic is kinda like that — if Hanzel and Gretel were actually everyone who used the web; the breadcrumbs are your credit card information, browsing and purchase history; and the wicked witch is actually hackers hell bent on screwing up your credit history.

So, basically the same.

The truth is that we leave breadcrumbs behind us wherever we go on the web. Sometimes those breadcrumbs are for our benefit and cause us no harm, but, unfortunately, often they’re left behind to benefit others.

In this article I’d like to briefly go over the different ways we can be tracked on the Internet.

Cookies. I’m sure you have heard of “cookies.” You may have seen a notification pop up on one of the websites you visit informing you that it uses cookies. But what are they?

Basically, cookies are small text files that websites create on your local hard drive which store bits of information about you. This information can be very basic, such as whether you have ever visited that site before, or as complex as what products are in your shopping cart, your login details, which ads you have clicked on and many other things.

There are three types of cookies. First-party cookies are ones which are left by the website you are currently visiting. This is the most common type of cookie, and generally is harmless and adds to your browsing experience.

Third-party cookies are left by advertisers running ads on the site you are visiting. For the most part, these cookies are also harmless. But since you have no control over who might be leaving them, they have a greater possibility of being malicious, so it is usually better to turn them off in your browser’s preferences. The only thing you’ll be missing out on is ads tuned to your buying preferences.

A final type of cookie is called a Flash Cookie because they are exclusive to websites that use Adobe Flash. Also called Local Share Objects (LSOs) or “supercookies,” since they cannot be gotten rid of by the most common efforts to delete browsing data, such as clearing your browser cache or deleting cookies. To remove these nefarious little devils, you’ll need to go to Adobe’s website and change your settings there.

For a long time, cookies were the lone way websites and advertisers had of tracking their visitors, but they had one major weakness: since the data resides on a user’s local machine, that user can delete them at will — and then all that carefully collected data was gone! Advertisers didn’t like this.

So websites and advertisers have recently found a way around this problem with a method called Device Fingerprinting. This allows websites to uniquely identify your device through a myriad of hardware and software characteristics. Rather than relying on local stored data to identify you, this fingerprint information is stored on the advertiser’s web servers instead. The advantage for advertisers is that, once your device has been fingerprinted, that information can only be removed by the company who created it. This method is almost impossible to subvert since it doesn’t rely on any locally stored data.

If you are curious just how your unique device fingerprint is created and what it’s based on, you can visit the site https://panopticlick.eff.org/, and click the “Test Me” button.

Mobile devices shouldn’t be left out either. Device fingerprinting has evolved to include phones and tablets, as well as printers, game consoles, smart TVs and just about anything that connects to the Internet.

Further, your mobile device has its own identifier specifically for advertisers — Apple iOS’s Identifiers for Advertisers (“IDFA”) and Google Android’s Advertising ID.

Just be comforted in knowing that, on the Internet, you are never alone. Big Brother is always watching!

Feeling a little uncomfortable after reading this week’s column? Then you’ll definitely want to tune in to the next one where I’ll be talking about how to be anonymous on the web.

Have an opinion or question about this column? Stop by the website and leave a comment! Want me to cover something in a future column? Drop me an email at ericwaustin@gmail.com. Until next time my fellow Mainiacs, happy computing!

TECH TALK: “I know who you are and where you live…” – The Internet

by Eric Austin
Computer Technical Advisor

In my first column, I wrote about the perils and pitfalls of shopping on the web. Over these next few weeks, I’d like to delve deeper into some of the new issues that face us now that we live in an online world.

Let’s face it. The internet is here to stay and it has been transformative. Things can’t go back to the way they were because they have been changed forever. For some of us, this is a bit scary. For others, not so much.

Part of the problem is that the internet has evolved faster than we have had a chance to adjust. To illustrate just how drastic this divide in generations is, let me give an example from my own life.

I have two sisters, one older, one younger. There is 14 years difference between them.

My older sister has a Facebook account, but you won’t find any pictures of her children there. Her main concern is that, unlike a physical photo, a photo on the web can be easily copied and shared without her being aware. This is a valid concern, and likely understandable to many of the parents reading this.

Now, in contrast, my younger sister recently had her first child, and his entire life is chronicled on her Facebook page. She and her husband share a huge amount of their lives online, and even used it to find a nanny. They harbor none of the fears of my older sibling.

So while online privacy will continue to be an important issue into the future, the discussion is going to change as the next generation, accustomed to life online, finds the open nature of the internet to be no more risky than walking through a busy mall. In fact, according to a recent report in U.S. News, online privacy barely registers on the risk radar of millennials.

Beyond individual privacy, the internet opens up interesting new ethical questions as well. My brother-in-law, who works for a company in New Hampshire, mentioned how he researches new job applicants on social media. “If they’re drunk and throwing up on the rug in every picture on their Facebook page,” he told me, “I might think twice about hiring them.”

Is it fair for a prospective employer to evaluate an applicant’s private life as part of the criteria for a job? Or is this a good thing, giving employers another tool for finding the right person for a job?

Over the next few weeks I’ll be looking at a number of these issues, what we can do about it, what we can’t, and why, in many cases, it’s not going to matter.

For my next column, I’ll explore how we are tracked on the web, what information we leave behind, and how that information is used to manipulate us. That’s right. Get ready, because I’m gonna scare the livin’ $@%& outta ya!

Have a tech question or idea you’d like to see covered in a future column? Email me at ericwaustin@gmail.com! Until next time, happy computing.

TECH TALK: Saving your old photos for the next generation

by Eric Austin
Computer Technical Advisor

Phew! Christmas and New Year’s are finally over. If you’re like me, you probably took a lot of pictures. Hopefully, you’ve joined the 21st century and graduated to a digital camera. But what about all those pictures from previous years before the advent of digital technology?

HP Envy 4520 Wireless All-in-One Photo Printer. Available from Amazon for $69

HP Envy 4520 Wireless All-in-One Photo Printer. Available from Amazon for $69

When my father passed away earlier this year, we dug out all our old albums looking for pictures for his memorial service. It’s not something we do often, and we realized that a great number of the pictures – especially those from albums handed down from my grandparents – had begun to seriously degrade. (Hint: Use dental floss to get your pictures off those “sticky” album pages without damaging them!)

We realized that if we wanted to save them for the next generation, we would have to do something to preserve them. I suspect that a few of you, dear readers, may be in the same position. So what can one do? What are the options and how much does it cost?

The only real option is to transfer them from a physical medium which degrades, to a digital version which will never degrade. For photos, this is easy. Just use a decent scanner, and scan your photos into your computer to create a digital copy. Don’t have a scanner? You can buy one fairly inexpensively, and there are even some designed specifically for scanning photos. But I would recommend instead a decent all-in-one inkjet printer, which includes a scanner, copier, and printer in the same unit. You can pick one of these up for under $100, and you can use it as a printer, copier and to scan your photos. (Hint: To save time, scan multiple photos on a single page and then use a simple graphics program like MS Paint to separate them into individual photos after the fact!)

But what about other forms of physical media like old 8mm films, slides and 35mm film negatives? For that, you’ll need a more specialized device. These are smaller devices that handle movie and photo negatives, or slides, and convert them into digital photos. Amazon.com has a number of these devices ranging in price from $49 to $149, or more for higher resolution scanners.

Wolverine F2D Mighty 20MP 7-in-1 Film to Digital Converter available from Amazon for $149

Wolverine F2D Mighty 20MP 7-in-1 Film to Digital Converter available from Amazon for $149

Don’t want two de­vices? If you don’t mind spending a bit more, you can pick up a specialty scanner that handles photos as well as film negatives and slides. Epson makes one that is listed on Amazon for $209. Unfortunately, I wasn’t able to find an all-in-one printer that could also handle negatives and slides.

If you don’t want to mess with it yourself, there are a number of companies that do the work of scanning and converting your photos to a digital format for you. They’re not cheap, with prices ranging from $0.22 to $1.19 per image, but if you have a lot of old photos to preserve, and don’t want to mess with it yourself, this might be your best option. As a bonus, these services often apply color-correction or other enhancements for you, and if you are not familiar with such tools, that can be a lifesaver.

Do you have a lot of photos, but you’re not very computer savvy and you don’t want to pay for an expensive conversion service? That’s why God created grandchildren!

Have a comment on this column? Visit the story on our website, townline.org, to leave your thoughts or ask a question! Have an idea for a future column? Send me an email at ericwaustin@gmail.com with the subject “Tech Talk”!

Eric W. Austin lives in China. He is a marketing and technical consultant, and designer of the townline.org website.

TECH TALK: How safe is online shopping?

by Eric W. Austin
Computer Technical Advisor

My mother is paranoid. The idea of using her credit card to shop online fills her with dread. And she has good reason. A few months ago, she got a call from her credit card company asking whether she had recently used her card to purchase two round trips to Miami?!

She had not!

She was a victim of credit card fraud. In fact, 31.8 million Americans had a similar experience in 2014 – that’s three times the number in 2013. Very likely, this has already happened to you or someone you know.

Is it safe to shop online?

First, the bad news. Credit card fraud has become epidemic in the internet age. But it’s not just about hacking – it’s also about distribution: trading and selling stolen credit card information has become easier than ever.

So, how does your credit card get stolen in the first place?

Skimming is when a device is attached to a credit card reader like an ATM, gas pump, or merchant card reader which scans and stores card numbers as it is used. The thief then detaches the skimmer and downloads the credit card info.

Phishing happens anytime someone is able to trick someone into giving them personal information that they have no right to. They may do this by calling you and pretending to be a collection agency seeking a payment, or your electric company verifying your address. Or by building websites that look like your bank or favorite internet store.

SpyWare/Malware: This is software that is inadvertently downloaded and then attempts to siphon personal information from your computer and send that information back to a criminal who then sells your information, along with thousands of others on the internet black market.

Data Breaches/Hacking: You may have heard of the recent Yahoo data breach where over one billion accounts were hacked (if you have a yahoo account, and haven’t changed your password – do that RIGHT NOW!). What about Ebay, The Home Depot, JP Morgan Chase, Michael’s, Staples, Domino’s Pizza, Sony Pictures Entertainment, or Target? Yep, all these companies have been hacked!

Scary? Almost makes you want to do all your holiday shopping at Hussey’s Hardware this year, huh? But it’s not all bad. And there are some things you can do to minimize your risk.

Credit card companies are well aware of this problem, and most major banks have policies in place to protect you. Often, they will call you when they see a charge that is out of character for you. Check with the bank that issued your card to make sure you are protected and are aware of the procedures in case fraud occurs.

Keeping a close eye on your account is also important so you can spot fraudulent charges and report them immediately. You can set up fraud alerts with most card companies and the three major credit bureaus.

Install anti-virus and malware protection software on your home computer, and run a scan before you do any shopping. Two good free anti-virus programs are Malwarebytes and AVG Anti-Virus.

Never use public WiFi or a public computer to do shopping. Also avoid checking your email on a public connection if you use that email for finance or shopping. Secure your WiFi at your home with a password and encryption. Activate Windows Firewall or install a third party option to further protect yourself.

Upgrade your credit cards to the new EVM chip versions. These new type of credit cards have chips which change the information being passed each time it is used, and thus prevents skimming. Countries that have adopted EVM, such as the UK, have seen a drop in counterfeit fraud by as much as 70 percent. The United States’ slow adoption is one reason this is so prevalent here.

Never give out your personal information to anyone without verifying their identity. This includes phone calls, emails, or letters asking you to provide personal or financial data. Get a phone number and call them back to ensure it’s an authentic representative of that company.

And what if it does happen? Relax. Credit card companies are so used to this by now that in most cases all that is required is a phone call and the charge is immediately taken off your account. Disappointingly, you’ll probably never know how your information was stolen. They will tell you an investigation is being undertaken, but the fraud is so prevalent that I think most companies simply consider it a cost of doing business.

How about purchasing on sites like Amazon? Amazon is one of the safest places to shop, storing all credit card information on servers not connected to the internet. While not all sites go to the extent Amazon does, generally shopping with reputable merchants online is as safe as purchasing in a traditional brick-and-mortar store. Smaller online merchants typically use third-party services to process payments, so check out that service before committing to a purchase.

I hope that you have noticed that the lion’s share of fraud that happens is not the direct result of online shopping. Much of it occurs locally on your computer (malware & viruses), at a physical location where you use your card (skimming), by someone convincing you to give away information (phishing), or by hacking the companies that store your information. All of these things can happen to you even if you never buy anything off the web!

So, be smart, take precautions, but relax and enjoy the convenience of online shopping.

Have a tech question for me? Maybe I’ll answer it in my next column! Write me at ericwaustin@gmail.com subject line “Tech Talk” or use the contact form on the website.