Practical Computer Advice
from Martin Kadansky
Volume 1 Issue 5 November 2007
In This Issue
Using the same password for everything is ok, right?
I Recommend...
There are so many ways someone else might be able to find out one of your passwords that it no longer makes sense to use the same password for every online account. Here is my advice on ways to pick different passwords and still have the ability to remember them.
Using the same password for everything is ok, right?

If this could happen to me...
A few months ago I received an email telling me that someone had purchased an item I had for sale on eBay. Since I had only ever bought things on eBay I should have known that this wasn't legitimate, but I was in an affable mood so I clicked the link in the email, landed on the web site, and tried to sign in. Only after I got an "error" did I realize that I wasn't on the real www.ebay.com site, but a forgery--I had been fooled by a "phishing" email into revealing my eBay name and password to a thief! I quickly went to the real ebay.com, signed into my account, and immediately changed my "standard" password to a completely new one. I was lucky the thief hadn't gotten there first. This motivated me to change other important accounts to use new passwords to prevent this thief from accessing them as well.

The problem
Security and convenience are almost always at odds with each other, especially when it comes to passwords. Like me, most people I talk to have a single password they are fond of, and over the years they've used it for all of their accounts, including email, online banking, credit cards, online shopping, etc. Thus if someone manages to steal one of your passwords, in theory they now have the ability to break into all of your accounts. Don't let a thief who might crack your seldom-used account at Hotels.com turn around and break into your retirement account at Fidelity!

What can I do about it?
Change your passwords. They should be different, both from your favorite old password and from each other. Don't use something obvious that someone else with personal information about you might guess.

Also, it's time to make an organized list of all of your accounts and passwords. See last month's issue for advice on doing this. (Go to http://www.kadansky.com/files/newsletter.html and click on "Passwords, passwords, passwords! How can I keep track of them all?") Be sure to update your password chart with any changes you make.

Which accounts are the most important?
Start with your email accounts, and then any bank, credit card, retirement, or other financial accounts. Your email might not seem very important at first, but consider this: One of the first things a thief might do after getting access to, say, your online bank account is to change its password. Many systems confirm this by sending you an email. A clever thief might therefore also break into your email account so they can intercept this confirmation and delete it before you see it.

What's a good way to come up with a new, memorable password?
Having trouble making up new passwords? Here's a fun technique: Come up with a phrase or sentence related to each account that's easy for you to remember but difficult for others to guess, and then take the first letter of each word, add a few digits on the end (or, specifically pick a sentence that includes some numbers), and use that as the password.

For example, if you have an account where you buy music (like amazon.com) and you like 70s country/pop music, then turn "Don't It Make My Brown Eyes Blue was Crystal Gayle's big hit in the 70s" into "dimmbebwcgbhit70s", a very good password that no one is likely to guess, and put this on your password chart. Passwords are case-sensitive, so for extra security capitalize it properly: "DIMMBEBwCGbhit70s". For an online banking account, the sentence "I've used Bank of America since 82, but they're not as friendly as Citizens" makes "IuBoAs82btnafaC".

How do I actually change a password?
The most common ways to change an account's password are:
  • Go to the web site for that account, log in, and look for a "change my password" or "my account" link.
  • Call the company and have them do it for you over the phone, or tell you where to change it yourself on their web site.
Remember that your email software (or web browser, if you use webmail) is probably configured to remember your email password, but it won't know that you've changed it. So, right after you change your email password you'll need to update your email software with the new password. Feel free to contact me if you need help doing this in your particular email program.

How can someone steal my password?
There are many potential ways for a thief to steal your account name and its corresponding password:
  • Given some personal information about you (your birthday, children's names, Mother's maiden name, etc.), they can sometimes just guess your password.
  • You can be tricked into installing viruses, spyware, or "keystroke-logging" software onto your own computer, which can observe you entering your name and password and then send it to the thief over the internet.
  • A "phishing" email message can trick you into visiting a phony website run by a thief where you're misled into entering your name and password.
  • If you use your own laptop in a public place where an open wireless internet connection is offered and you access any of your accounts, a nearby high-tech thief may exploit a lack of security in your laptop.
  • If you use a publicly-supplied computer in, say, a cyber-cafe or public library, a high-tech thief may already have installed software on it to capture your account information.
  • A low-tech thief may simply look over your shoulder as you type in your name and password. They don't even have to be in the room, they could be outside the cafe's window with a video camera looking in.
Where to go from here
  • At a minimum, consider changing your most important passwords (email, banking, financial) so they are more secure and not the same as each other. For extra security, change them at least once a year, and right away if a trusted employee or business partner has left.
  • Keep track of your accounts and passwords, and keep this list in a safe place.
  • If you do frequent public wireless internet connections, don't access your bank or retirement accounts.
If you know someone else who might find this helpful, please feel free to forward it to them.
If you have any comments about this article, send me a reply!
If you have a topic that you'd like me to write about, I'd love to hear about it!
I Recommend...

In this section of my newsletter I will sometimes recommend trusted colleagues and other times I'll suggest useful products and software. Today's recommendation is:

Netgear XE102: Powerline Ethernet Adapter (Bridge)

Its name may not be exciting, but this little silver box (about the size of a big bar of soap) is a very useful computer product. If you want to share your high-speed internet connection among multiple computers but you're having trouble getting a wireless internet setup to work (most likely due to distance or interference), or if you're simply leery of the security risks inherent in going wireless, this product can be a very good "wired" alternative.

Before products like this were available, if you wanted to connect a computer to a high-speed internet connection using an Ethernet (or CAT5) cable, the computer had to be plugged directly into the modem or router, which meant that either it had to be in the same room (so the Ethernet cable could reach) or you had to run Ethernet cabling through the walls of your house, which can be an expensive project.

But with the XE102 (or similar products from other vendors), it's easy:
  • You plug one XE102 into a power outlet near your modem or router and connect its Ethernet cable. This, in essence, "pushes the internet" into your power wiring, effectively turning every A/C outlet in your house into a potential internet connection.
  • Then, you plug another XE102 into a power outlet near your computer (located anywhere else in your house) and connect its Ethernet cable to the computer. This, in essence, "pulls the internet" out of the power wiring and feeds it into your computer.
Now, assuming your house is properly wired, your computer is connected to the internet without running any extra wires, and without any of the problems associated with wireless connections! For each additional computer you'll need another XE102.

I've solved wireless issues for a number of clients by switching them to a "wired" connection in this way. The current list price for one XE102 is about $50; I often find them on eBay for a lot less. Remember that you'll need at least two. For even faster performance, consider the XE103.

For more information, visit http://www.netgear.com and look under Products for their Powerline Ethernet Adapters, or ask me!
How to contact me:
email: martin@kadansky.com
phone: (617) 484-6657
web: http://www.kadansky.com

On a regular basis I write about real issues faced by typical computer users. To subscribe to this newsletter, please send an email to martin@kadansky.com and I'll add you to the list, or visit http://www.kadansky.com/newsletter

Did you miss a previous issue? You can find it in my newsletter archive: http://www.kadansky.com/newsletter

Your privacy is important to me. I do not share my newsletter mailing list with anyone else, nor do I rent it out.

Copyright (C) 2007 Kadansky Consulting, Inc. All rights reserved.

I love helping people learn how to use their computers better! Like a "computer driving instructor," I work 1-on-1 with small business owners and individuals to help them find a more productive and successful relationship with their computers and other high-tech gadgets.

Return to the previous page

Subscribe to this free newsletter

Go to the Newsletter Archive

 

 

To the Top


All original content copyright © 2002 - 2008 Martin Kadansky

Site designed and developed by and copyright © 2002 - 2007 ozbarron