Welcome to the Fast-Air Tech Talk newsletter. The Tech Talk newsletter is a free service for all Fast-Air customers. Please feel encouraged to suggest newsletter topics.
For security reasons a lot done with a computer or on the web needs to be protected in one form or another. Passwords are a standard user method of providing part of that security. One of the challenges of the modern computer age is managing passwords.
Some people choose a method that is easy to manage but is a security nightmare — using only one password for every place they need to use a password. In this day and age of prolific data mining, security exploits, and malware, this choice is a recipe for disaster. Bad people need only discover one password and they then have access to every other account.
At the other end of the spectrum is the method urged by security experts — a separate password for every account.
An important distinction to understand is when needing to use email addresses as part of an online identity.
Online accounts often require an email address as part of the registration. Such online accounts include but are not limited to:
- Discussion forums.
- Social media accounts.
- Banking accounts.
- Online stores and merchants.
- Utility companies.
- Media entertainment portals such as Netflix, Hulu, or Youtube.
- Gaming accounts.
With such online accounts, do not use the email account password as the password for the new online account. Use a new password. The important point to understand is the email account and the online account are two separate identities.
Bottom line? Never use the same password. Anywhere.
An obvious response to this basic security strategy is how to manage all of these passwords. For many people there are too many passwords to remember. There are two options recommended by security experts.
- Use a computer-based password manager.
- Use a piece of paper.
There are two types of computer-based password managers: 1) online managers and 2) local. Each type has advantages and disadvantages.
Computer-based password managers require users to remember only one password. That one password is the controlling password to the password manager itself. All other passwords are generated by the password manager and are lengthy and complicated.
When users log in to an online account, the password manager prompts the user for the user’s password. Upon correctly typing that password, the password manager then uses the internally generated password to log into the online account. The two passwords are unique and not the same. Users never need to remember the online account password.
An obvious caveat with a password manager is never forgetting the password manager password. Forgetting that password means being unable to use the password manager to access all online accounts.
Online managers are convenient for people who access online accounts from multiple devices. Local managers work only on the specific computer in which the manager is installed. For home users who have only one computer and many passwords to remember, a local password manager is sufficient. A good local password manager is KeePass.
Online managers store all information online. While all of that information is supposed to be encrypted, there is no way to confirm that feature. There also is no guarantee of how the online provider implements security. Recently there was a security breach with the online LastPass password manager providers. While no user data was revealed to be compromised, the simple fact that the provider was hacked is discomforting. Nonetheless, online managers are the better approach for people on the go who need to access online accounts from multiple devices and locations.
The non technical method of using paper is actually a safe method for most people. Just treat that paper like a valuable document. Do not leave the paper where other people can see or copy. Home users seldom need to worry about heavy security with a piece of paper. Keep the paper in a drawer near the computer.
“Paper” includes a computer file such as a spreadsheet. Do not name the file something obvious, such as “passwords.txt.” A good idea is to password-protect any such document should the computer or device get compromised. A lot of malware these days are designed to search all user files specifically for such information.
One note about Microsoft login accounts. Many people who buy computers with Windows 8, 8.1, or 10 often are tricked into creating a Microsoft account to log into their computers. A Microsoft account is not needed. A traditional local login account is sufficient. An online Microsoft account is needed only to access various online Microsoft services. Even when accessing those services, a Microsoft account is not needed to log into your own computer.
Yet even when using a Microsoft account, the same security principles apply: use a different password. For Fast-Air customers that means do not use your Fast-Air email account password as your password for your Microsoft account.
All Fast-Air customers who are using their Fast-Air email account password as the same password for any online account are asked and urged to change their passwords. Either change the email account password or change the passwords of any affected online accounts.
Technical trivia: The first IBM PC is sold on August 1981, containing two floppy drives. The IBM XT was first sold in March 1983 and came with an internal hard drive. The IBM AT is first sold in August 1984. Interestingly, the IBM 5100 was introduced commercially in September 1975 and was a portable, weighing about 55 pounds.
Next issue: Managing Online Advertising.
Before youtube existed, the idea of sharing videos was still a new idea. This short video is one of the earliest viral videos of the world wide web.
- Free Gift Phishing Scams (Notice 2020-001) - January 15, 2020
- Tech Support Phone Scam (Notice 2019-001) - March 14, 2019
- VPNFilter Router Malware (Notice 2018-007) - May 30, 2018