Tips for Strong Passwords

A website called Code Assembly has tips for web developers on how to require strong passwords and implement a password meter. In addition to this useful article, they provide some advice for creating your own password:

“One small tip that I use when I choose my passwords is that I choose a normal phrase that I easily remember and then I replace all “i” with “1″ all “g” with “6″ all “r” with “5″ all “a” with “@”, in this way I don’t forget my passwords and they are safer against brute force attacks.”

Schneier on Security has additional tips for creating strong passwords.

Whatever you do, don’t use the same password on multiple sites and take extra care to create strong passwords for your financial accounts!

Protect Your Laptop On Public Wireless HotSpots – New Browser Even Checks Downloads

I am very excited about ZoneAlarm ForceField which is a plugin to your existing IE browser which claims it makes it completely safe to use your laptop wherever you are, on whatever connection, no matter what you’re doing online.

It’s only in beta and already it’s won several awards. Here is why you should take a look at ForceField if you continually worry – like I do – that whatever security software you’re currently using isn’t enough:

” ZoneAlarm ForceField is the first virtualized, on-demand browser security solution to enable consumers to bank and shop online, or surf dangerous areas of the Internet with impunity. Built from the ground-up specifically to fight the emerging classes of Web threats, ZoneAlarm ForceField enables users to venture into the unknown without fear or limitation. ForceField also erases all personal information after a Web browsing session to prevent that information from being left behind. Employing a state-of-the-art virtualization engine and additional active security layers, ZoneAlarm ForceField provides distinctive and comprehensive protection against a breadth of attacks including browser exploits, drive-by downloads, phishing attacks, plus keyloggers and spyware already on the PC. Light, fast and easy to use, ZoneAlarm ForceField doesn’t interfere with users’ Web routines and can be deployed instantly without going through a manual installation process. “

It takes just a minute to install and will give you lots of peace of mind!

Deconstructing a Spam Message With Alarming Personal Information

Today I received a spam message that contained:

1) my full name
2) my mobile carrier’s name
3) the knowledge that I’d recently activated new service
4) a mention of a city where I’ve had a little mail sent (to a relative) but where I don’t actually live

And the spam also included the alleged IP address where I had “signed up” to receive that mail. I went to the IP address which had a home page and nothing else. While Yahoo Domain Keys verified the domain that had sent the spam,

It’s a combination of thrill and worry when you receive a mysterious message that appears to be a scam.

• Did my cell phone company have a data breach?
• Was I using a computer infected with spyware which tried to piece some information together?
• Could someone at the phone company be involved with a scam? If so how did they know of that other city?
• Did I log into my cell phone account while at an Internet cafe, in said town, with an insecure connection that may have been compromised?
• Did I fill out a survey at some point recently?

My computer is sluggish with all the anti-virus and anti-spyware software running on it. With constant scans I hate to think that something got through.

In any case hopefully this was a one-time “issue.” My credit is frozen and I’ll keep the fraud alerts set up.

What else can you do?

Facebook Opening Profiles to Search Engines – Protect Your Identity

Soon Facebook will allow search engines to crawl its member profiles, making a wealth of previously limited information available to the general public.

Today they make it possible to edit what they call your Limited Profile. My choice is to limit everything except my name and main photo.

Unless you want long lost friends to find you through Google, be very careful about what you allow people outside of your Facebook network (meaning anyone on Google) to learn about you. It could be a hotbed for people who have gotten ahold of your Social Security Number to know way too much about you for fraudulent purposes.

Whether or not you’re an active Facebook user, if you ever entered any contact information about you make sure to log in to Facebook right away to limit what the search engines can index.

Wow My First IRS Phishing Email Ever ! Here’s what to do.

It was with trepidation that I clicked the Internal Revenue Service email with a subject line Important Notice. Normally I’d think twice about the IRS emailing me rather than sending a letter. However the mail came to my business address, and I didn’t want to miss an important message. (These scammers have got the psychology down.)

Luckily I had images turned off in my Yahoo! mail as it was quite obvious upon clicking that this was a scam email.

How you can tell it’s a scam:

1. While I didn’t view this image it seemed suspect that the IRS would have an image of any kind.

2. $93.20? That amount seemed pretty random. Oh, I hadn’t filed taxes yet either. Make sure to really think about what they’re telling you no matter how much you want a refund. “Fiscal activity”?

3. Red flag red flag! Any time an email tells you to “click here” move your mouse over the link to see where it links to (which appears in the bottom of your browser). In this case it was NOT irs.gov (surprise surprise). There have been known scams where it could show irs.gov but not actually go to the valid site. So as the IRS mentions on their site, always directly go to www.irs.gov.

4. The IRS would likely have information to contact them by phone and other legalese, not just ending with “Regards” as though they were your friend. Know what I mean?

If you get an email from the IRS:

The IRS describes recent history of phishing emails purporting to be from the IRS with good instructions of what to do.

INGDirect: Banking security to be admired

Account security is getting better all the time. Today I saw a truly impressive example:

When my friend accessed an INGDirect.com account from a new computer, he was challenged by a couple of “secret questions.” If you don’t know the answers, they ask you 4 pieces of information before allowing you to sign into the account.

Then there is a visual keypad where you click the numbers to enter your pin, instead of typing it in, to thwart any keylogging software.

All online banking should be so secure.