Monday, April 29, 2013

Recovering access to accounts

What should you do when your account has been hijacked? And what should you do after you recover it?

Before regaining control

Check your computer for viruses. On Windows, you can install and run Microsoft Security Essentials for free. Malware is a common way for people to lose access to their accounts, but it’s not the only way.

Make sure your computer is configured to install updates automatically. Having an up-to-date system makes it harder for people to access your computer.

Regaining control

Instructions are available for:


After regaining control

Read my post about securing your online accounts. Use unique passwords everywhere, make them difficult to guess (even for a computer with a dictionary, knowledge of you, and lots of time), and use multifactor authentication where possible.

Securing your online accounts

Web sites get hacked, email addresses and clues to the passwords (or worse, the actual passwords) are stolen, and some accounts are hijacked. Multifactor authentication makes it much harder for someone to hijack your account by requiring multiple bits of information such as “things you know” (such as passwords) and “things you have” (like a mobile phone). I recommend enabling it wherever you can.

Losing control of accounts: Inconvenient to extremely painful

There have been multiple public accounts of people losing access to their accounts through hijacking. I’ve also known people personally who have had personal email accounts hijacked. Each time it’s at best inconvenient, at worst, an extremely painful lesson in security and backing up.

If you’re lucky, all that happens is the attacker sends some spam from your account. However, all too often, the attacker will delete contacts, old emails, and even attempt to get into other online accounts through password recovery systems. They’ll change account recovery information to make it harder for you yourself to regain control. Sometimes they’ll change other settings in your account to make it easier for them to get back in.

If you enable multifactor authentication, which also goes by names like “two-step verification”, everywhere you can, you make it significantly harder for an attacker to take over your account. It’s a great way to secure your accounts.

Setting up multifactor authentication for multiple services

Install an authenticator app on your smartphone

If you have iOS, Android, or Blackberry, you can install Google Authenticator. If you have Windows Phone 7, you can install Authenticator. If you have another type of phone, you can have many of the services discussed below text you codes.

Facebook, Google, and Microsoft

Facebook, Google (including Gmail), and Microsoft (Hotmail, Outlook.com, Xbox LIVE, etc.) are relatively convenient to set up. PCWorld has an excellent article with step-by-step instructions for setting up multifactor authentication with each.

I recommend following the article’s instructions for setting up Facebook to use an authenticating app other than the Facebook app itself; I find it more convenient to generate codes in as few places as possible. You’ll find those instructions in the paragraph that begins, “Simply start the Code Generator setup process …”

Dropbox

Follow the Dropbox instructions. The section called “Use a mobile app” contains instructions specific to several authenticator apps.

LastPass

Follow the LastPass instructions for Google Authenticator. The instructions are specific to Google Authenticator, but you may have success trying another kind of authenticator app.

They also have a variety of other options for multifactor authentication. Be careful with that link – pressing any key tends to change what’s displayed, and you may have to refresh the page.

Apple

Follow Apple’s instructions. They send the code to your device using SMS.

Yahoo!

Follow Yahoo’s instructions. They send the code to your device using SMS.

Problems with multifactor authentication

One problem with multifactor authentication is that whenever you attempt to log in from a new device, you’ll likely have to enter in the extra code. That can be somewhat tedious, especially when you need to log into a number of apps at once (such as when you are setting up a new phone).

Another problem is with apps that use an account on one of the services but doesn’t support multifactor authentication. For example, if you want to configure the iOS Mail and Calendar apps to access Gmail and Google Calendar, you’ll have to create an application-specific password. These get around the multifactor authentication hurdle by automatically generating passwords you type in once and never remember. If one of these is stolen, your account could still be somewhat compromised, but services make it difficult or impossible to access various portions of your account with these types of passwords. You can revoke these application-specific passwords at any time.

Related note: Handling many passwords

The vast majority of sites do not offer multifactor authentication, and the sheer number of passwords you may need to remember can be staggering. However, this is no excuse for reusing passwords on multiple sites. It’s only a matter of time before it creates a major headache for you.

If you use, say, “MyPassword123!” (a terrible password that can be easily guessed using modern password-cracking software) on Site1, Site2, and Site3, all it takes is for one of those sites to be hacked, and you could be in trouble. Your accounts on all three sites could be compromised.

If you need to come up with a password that must have a number in it, don’t just append a number at the end. The same goes for symbols – lots of people just add a number and punctuation to the end of their password and call it a day. (I’m guilty of this myself. At a previous job, I simply incremented the number at the end of my password when I was required to change it. Shameful.)

You can come up with new ways of devising passwords. Using concatenated words, abbreviations of uncommon phrases, intentionally misspelling things, etc. can all be used to increase the effectiveness of your passwords.

Consider using something like LastPass (with Google Authenticator enabled, of course). Such services can store your passwords for you in an encrypted form they themselves can’t access.

Edit 2013/04/29: Updating your account recovery information

Web sites have a variety of options for recovering access to an account. Be sure to update this information for at least the most important sites (email, social, banking, etc.) so if you ever have issues, you can get access to your accounts back.

Monday, July 9, 2012

Google+ posts

I’ve been doing my public posting on Google+. If you’re interested in such posts, feel free to circle me:

https://plus.google.com/115131627544091438591/posts

If you prefer to read via RSS, you can use the following feed:

http://feeds.feedburner.com/BradTown-GooglePlusPublicPosts

Tuesday, June 8, 2010

Promises, promises: getting the kids to trust me

I’ve been trying something for the past few months. Under some circumstances, when things seem appropriate, I will tell the girls “I promise”. I’m pretty careful about when I say this, and so far I haven’t been wrong (though I still owe Katrina a trip to a swimming pool).

I decided I want the word “promise” to mean something special. It’d be easy to treat it like most others do, but I thought a little extra investment could pay off big, and not just in the long run.

One example is from when they were watching a movie. It may have been The Princess Bride, which incidentally is not too bad for kids their age. Anyway, Katrina tends to get very worried about what’s going to happen to the characters. Really worried. Like, she’ll leave the room to calm down. At one point, I told her, “Katrina, I promise the princess will be okay.” I try to lightly emphasize “promise”.

Another example is when we had to leave a birthday party at a swimming pool early. This devastated Katrina because she was really having a great time. I told her, “I promise I will take you to another pool.” It’s been postponed, sure, but I didn’t specify a time, and we’ve talked about where we’ll go and who will go with us so she knows it will happen soon.

I’ve only used the word “promise” a handful of times. I want to be sure that whatever I promise will actually come to pass. That way, in the future, when there’s something they really need to know and trust, Dada saying “I promise” will be money in the bank.

Thursday, May 27, 2010

OS X keyboard layout for Windows

Do you like the Mac OS X keyboard layout, with its convenient mappings for things like true apostrophes and quotes (“example” and ‘example’), diacritics (for things like é and ü) and the cent sign (¢)? Do you wish you had something similar for Windows? One where you can use the same or similar keystrokes to get the same characters?

You are in luck.

I created a keyboard layout using the excellent Microsoft Keyboard Layout Creator that duplicates (and in some cases extends) the normal OS X US keyboard layout. You can download its installer here. (This is an executable, and the keyboard layout itself is in a DLL. If you don’t trust me or the link—and really, who should?—don’t click it.) I’ve been using the keyboard myself for quite some time and decided to share it.

Normally the keyboard behaves like the standard US keyboard. However, when you use Alt+Ctrl or the right Alt by itself, also known as AltGr, you get the enhanced behavior.

With AltGr (click the images to embiggen):


The keys with gray backgrounds are “dead” keys. These are used in conjunction with other keys to get the desired behavior. For example, AltGr+E allows you to add accents to a number of letters to get á, é, etc.

With AltGr and Shift:


I also provide some extra characters (these are subject to change in future versions):


Not every font has the glyphs necessary for displaying the characters this keyboard layout can create, but many do. Enjoy!

Thursday, April 8, 2010

Restarting my weight loss plan

When I got married, I weighed just over 180 pounds. By 2007, I’d gained around 45 pounds, and I decided it was time to correct things.

I called it the “Quit Eatin’ So Goddamn Much” diet. It wasn’t just smaller portions, though. I realized that I needed to eat much less of what wasn’t helping me at all, such as cheese. One book that helped me understand the importance of this was Eat To Live (Amazon Associates link), though I didn’t necessarily go as far as the book recommends.

Things were great. I got back down to the low 180’s and I stayed there. Over the next couple of years I gained a small amount back, but I felt is was acceptable.

About a year ago, I feel off the wagon. I’ve been eating too much too often, and I’ve known it. I’ve only gained around ten pounds or so, but those ten pounds appear to be quite important.

I’ve decided to start losing weight again. It hasn’t been easy getting started—I’ve been trying to get started for several months now. However, I’ve actually made it to Day 4, so I’m feeling pretty good about it so far.

Monday, April 5, 2010

The iPad’s most significant flaw

I have yet to see an iPad in person. (I almost went with a friend on Saturday morning to pick one up, but he decided a purchase like that can wait.) However, unless it gets as hot as my wife’s MacBook Pro with its dead fan, I’m pretty sure I already know its most significant flaw.

It needs a computer.

Some might argue that “needs” is too strong a word, but I don’t think so. It needs a computer just like computers need backups. Without a computer, you can’t back up the stuff on your iPad, and without a backup, you could be in trouble. You also can’t install OS updates without a computer, and who knows what great features are coming?

Some might not even think this is a flaw. If you think of an iPad as a big iPod touch, you might be right about that. However, Steve Jobs says the iPad is in a new category between laptops and smartphones where devices need to be better at things like photos and music, and without a backup strategy, you risk losing all your pictures and songs, and that is certainly not better.

Maybe you don’t think this is a big deal because you already have a computer. Sure, I’ll buy that. It probably isn’t a big deal for you. But what about the people who don’t want to bother with a computer? What about those that just want to do a few things but don’t want to learn about antivirus software or what cable goes where?

For example, take my mother-in-law. She’s a wonderful woman who doesn’t want to mess around with computers. There are things she’d like to use—email, the web, digital pictures, Facebook—and the iPad would be perfect for that. However, I can’t in good conscience tell her to ditch the computer and DSL in favor of an 3G iPad with a data plan and an overpriced dongle for her camera. Not until she could rest assured that if the iPad were lost, stolen, or destroyed, she’d still have everything.

Apple, please hear me out. Eliminate or modify activation so the iPad works out of the box. Add the ability to update the OS over the air. Most importantly, add a version of OS X’s Time Machine. Eliminate the need for a computer and you will win.