Tuesday, January 06, 2009

Being Security Conscious Online

I'm working on my next client newsletter and will be writing about security online. The newsletter isn't actually due out for another 2 weeks so I wanted to share some thoughts here beforehand.

There are a few common mistakes I see many people commonly when it comes to online security. All of these are things that have caused problems for friends, clients and associates.

1.Using the same password at one or more sites

Hacking and phishing scams are nothing new. The recent Twitter issues showed what can happen and how difficult it can be to contain them. If you use the same password across multiple sites and even one of those sites is compromised, you might find yourself in trouble.

Consider this: if someone knows what your email address is, your common password, what user name you may be using at other sites, what industry you work in, maybe even where you work... what else could they potentially get access to?


A. Ideal - create a totally randomized password for each site that you visit that consists of both letters and numbers, preferably with some upper and some lower case letters. Use an entirely different email address for each site that you need log-on credentials with. (If you have your own domain, this can be easily accomplished by using a catch-all POP account.)

B. Next best - use some kind of common format for password creation based on the site you are joining. This will save you from having to remember/record the details for each site. Use an email address specific for each site that you need log-on credentials with. For example, blogger@yourdomain.com.

C. Finally - if you don't want to deal with so many different passwords, at the very least make sure that any crucial passwords are different from others. For example, your email password, financial ones, etc.

2. Password reset information should be known only to you.

Many sites these days allow you to reset a password if you know a bit of information about the user. Sometimes it's as little as knowing your country and birthdate in order to reset a password. Before you join a new site, have a look at what the procedures are for resetting a password. Then make sure whatever information you provide them with is something you can remember but no one else can guess.

3. Be careful what information you reveal in public or even privately.

Several months back a young man I know learned the price of sharing too much. He had met this "incredible" woman through one of the social networking sites. They spent a few hours chatting on IM. She had asked him loads of questions - seemingly random and in an effort to get to know him. A few days later, he finds out that domains he owned had been transferred out, financial accounts compromised, etc. It turns out that by revealing just 3 pieces of information, he gave the person enough information to hack his accounts. Ouch. He could have prevented all of this trouble by using multiple passwords, using different user names at sites and by using security question answers HE could remember but that weren't accurate.

Sunday, January 04, 2009

Microsoft Office On New PC's

Just a quick tip if a new computer is in your future: If you have Office (other than the Home & Student version), make sure to check your new computer for Office before you install it.

This is a mistake I've made twice in less than a year: I blindly installed Office Ultimate 2007 without removing the trial version of Office on the computer. Yes, you can activate Office using your activation key. However when you actually run Office, you'll see a message at the top "Non-Commercial Purposes." Not nice if you've shelled out close to a $1k for software to see.

If this happens to you, what you need to do is uninstall both the Office you installed along with the trial version. If you are unable to remove by using the "Add or Remove Programs" feature in your control panel, Microsoft has instructions here: http://support.microsoft.com/?kbid=928218 on how to uninstall the remnants. Once you've completed the removal, you can install Office from scratch.