Why you shouldn’t save your passwords

 

As a tech who has been in this industry for 10 years now, I’ve come across a myriad of issues I’ve had to fix, ranging from the simple and mundane to the complex and long-standing. Enjoying the satisfying feeling I get from solving the problem, seeing a big smile come across the face of the customer, followed by a big sigh of relief and elation. I’ve noticed one thing that’s always re-occurring. While this is one of the many things that will keep me in business and guarantee never ending work, it’s also the biggest pitfall I see people not take seriously enough. Both techie’s and user’s alike. 

That is saving your passwords. I know it’s convenient and you have lots of passwords for different things to remember, but please understand the slight inconvenience associated with the extra effort it takes to remember and/or safely store said password, pales in comparison to the fallout that occurs when your account gets hacked and your identity gets stolen as a result of your negligence. 

There are many ways to go about building the habit of properly creating and storing your passwords. including ways to remember them. Even though I always suggest memorizing your password’s I know that’s not always an option for everyone. 

1) You can make your password, from a passphrase, a quote, a line from a song or poem, that only you know. Like a favorite cartoon, movie or food item. Anything that helps you meet most password complexity requirements and makes it harder for anyone who isn’t you, to guess it. 

2) Don’t use the same password across different sites or accounts. From online banking and bill pay, to shopping and social media, the last thing you want to do is have one password unlock your whole internet life, that easily. As I always tell friends and family, if someone decides to hack your account, make them work for it, at least.  

3) Store your password in a safe and easily accessible place for you. This can be in a notebook if you prefer the old school approach, a tablet/iPad or any digital note taking app on your phone that can be accessed from your computer/ tablet or alternate device. I reccommend going the digital route as notebooks can be misplaced, and if you don’t find it, there goes your passwords. The digital option is more reliable, as long as the battery isn’t dead. You can also take a picture of the passwords in your notebook, as a middle ground compromise, as well. 

4) Another way to store your passwords is using software that acts as a vault (such as google password manager or bitwarden, etc.) This is a web browser plug-in that saves and encrypts your password and automatically enters it into the website you visit when prompted. This option is highly utilized however I don’t suggest it, because that option is locked down to your device and if you use an alternate device, that your profile isn’t signed into (on that browser) you have to enter your password manually anyway.

The reason I’m so adamant about safeguading your passwords, is because unfortunately data breaches happen very often and you never know when a hacker is trying to log into your account. Enabling MFA (multi-factor authentication) at the bare minimum, in addition to creating stronger, more unique passwords, are required now. Plus that added step gives you a warning of attempted break-in, in the rare event they actually guess your password. I had such an experience recently with my linked in account.  

I received a alert in my Google e-mail, stating a hacker tried to access my account and they were located in germany. Opening my e-mail it asked me if I was trying to log in and asking me to approve that log-in. Obviously I didn’t approve it, plus given the time difference, i’m sure that prompt expired, long before I saw it. Despite the fact that I was “saved” in that instance, I became paranoid, as I had no idea my data attached to that e-mail had been breached. Up until this point only one other e-mail I was notificed was leaked during a company data breach. So how did they even get that far on this account?

I then did a deep dive with my e-mails and Google: I changed all the passwords to all of my accounts, enabled a third form of MFA, and cleared all the old password data and browser cache’s. I was mortified to discover that not only was there data stored in browser settings that I had previously declined for it to be saved. (such as passwords, payment cards, addresses, etc.) but there was even other people’s e-mails and saved data that I discovered in my cached settings.

I saw two people’s e-mail address/ username and password as well as the websites it belonged to, saved in the cached settings. I won’t reveal here what they are, out of respect for their privacy, however I am still not sure how it got there and why it was there all that time. So if I ever had the gumption to log into those accounts and do “damage” for those two people, I wouldn’t have to do any work. The info I needed was waiting there for me. 

That made me question whether these browsers shared that same cached info with other people who also used the same one. My paranoia went into full effect, and I started scrubbing the data from the other browser’s I’ve used to access other data- sensitive websites. Going down that rabbithole, I checked the websites I frequently access to see if any login data was saved. While I have changed how I log into those websites; while exploring pinterest, I saw pins and sections that sold people’s data. 

Yes, on Pinterest, of all places, had pins that were titled “Do you want free netflix?” If you clicked on that Pin, you were brought to a web page that had a list of peoples e-mail address and passwords that if used, you can see if you can log into a netflix account and enjoy that service on someone else’s dime. Netflix has since changed how it’s services work, by preventing anyone from utilizing an account that is outside of the household of the primary account holder. That decision was possibly made from an economic standpoint, as a means of “making” people to get their own account so they can use the streaming services, inevitably it helped secure the accounts of it’s customers, as regardless if anyone get’s their credentials, they won’t be able to use it without paying for it. As they aren’t located in the account holders’ household. 

Google: Case study in business ethics of their suit and data breach

Google: My gmail email is compromised (found out on capital one credit tracker) but that might not be the fault of google as opposed to where they got my e-mail from 

Pinterest: Has a section that’s “selling” and displaying account login and passwords for everything from Netflix to bank accounts, birth certificates and credit and gift cards. Some of these things are expired but the fact that they’re up there in general is bad enough. 

Solutions: Password manager- shaky, it’s cloud based but if it opens all your stuff is in there. It can scramble passwords but if you have to enter your stuff elsewhere you don’t know it.

Notebook- can get lost, the ink fades, have to remember to look for that book

Tablet- You can save it in a digital planner if you have a tablet or phone that you use for everything- safer- but must be used and battery charged efficiently to use it. (Utility wise)

Regardless of that do these solutions as well: 

-Create passwords based off of events in your life. Things that are near and dear to you, it’s harder for people to guess such minute/ minuscule information, but easy for you to remember

-Change your password syntax regularly. It doesn’t have to be a major change, just capitalize what was once lowercase, change the symbol you used last time and/ or add something to the password that wasn’t there before 

Please for the love of god, don’t save any passwords in your web browsers, not only does it make it easier to access and hack your stuff, but if you ever change the password to that particular website, the old password doesn’t automatically sync, which leads to conflict; thus locking you out of you’re stuff due to the conflicting password mismatch. 

Why you shouldn’t save your passwords

30.3.24

How to stop broadcasting your SSID

 

You get a new wifi router, open up your internet service provider account, and you are excited to have access to your network.  Setting up your wifi network for the first time can be both an exciting and complex experience. Access to a reliable internet service is a game changer, as you are putting yourself in the driver's seat to acquire more opportunities with it.  Whether technically savvy or need step-by-step instructions; to set up your network,  identify your SSID, and set up the password, I want to assist you with how to better protect and gatekeep your access to your wireless network. 

From a security standpoint, you protect that which you value. While wireless connectivity isn't a "tangible" asset, access to it is. As stated before, having reliable access to it opens up a world of opportunities for you and everyone else who get's a hold of it. Securing your SSID, along with other aspects of your home wireless network, is not only necessary but essential to get the most out of your internet service. Below are the steps you need to take and why they're necessary. 

Stop Broadcasting your network SSID-  This means the name of your wireless network, upon set-up, needs to not broadcast and be visible to anyone looking to connect to any available wireless network in a radius of them. In short, they can't hack something that they can't see. The easiest way to do this is to log into your router by navigating to the admin portal IP Address (while connected to your home network) and signing into it with the credentials. 

Change the default admin password- On your router to something more familiar to you. While you're at it, change the name of the SSID too for your network. You want to make it very hard for anyone who is looking for a wireless network to hack to be able to access yours/ Changing the SSID from the default routers name to something more familiar to you stops anyone who is familiar with your router from being able to google and guess the default admin and password to log into that router.    

Set up a guest network- On your router, so when people come over, they have their own network to connect to. It's a win-win as if you're unsure how secure their devices are; they can still have a connection, and you can keep your own network safe. As with your original SSID, don't broadcast it, either.   

Set up your own Vlan- This is a more advanced step as it requires a little more configuration, but this is another layer of security with its added benefits. If you'd like to create your own ad hoc home network with your wireless connection, doing so will increase your ability to secure access to your home network. You can do this by logging into the router and go the advanced tab, click the security tab and then go to the mac filtering section and manually add each devices' mac address. This will keep unauthorized devices out of your network. 

Set up your own VPN- A VPN is a virtual private network that encrypts your connection from a remote location back to your home network. This is important when you are accessing documents and files located on your home network. This is integral in hardening your network against outside attacks from hackers. Before doing so make sure you update your firmware and generate the certificate needed to set it up. 

 

You can get to the VPN settings by clicking the advanced settings, scrolling down to the VPN tab and selecting which VPN option you want to setup.

Make sure you upgrade the firmware: You can do so by clicking the advanced tab, then system tools and then firmware option. In the resulting box, click the option to upgrade the firmware. 

To be the most secure, I advise doing all the above to ensure the best chances of securing your network and all its access points. For more in-depth information on the philosophy behind hardening your network and testing to see if your home network can be hacked, refer to the video here. 

     

How to stop broadcasting your SSID

27.12.22

How to tell if your phone's been Hacked.

 

 Phone hacking is one of the more sophisticated technical ways of acquiring your personal and financial information. It's not much different than hacking into your computer, because smartphones are just that. Portable, mobile computers. With the increased use of smartphones, how easily accessible the internet has become, along with the advent of social media platforms, it's not hard to see how easily personal information can be shared and utilized to impersonate someone to gain access to other accounts, attached to their name.

 

 

 This is why it's imperative that you be more vigilant than ever, when it comes to safeguarding your stuff; including your identity. Most hackers and scammers tend to go for the easiest target first, and then work their way up, from there, in terms of level of difficulty. This happens as a result of what the hacker stands to gain from successfully accessing your financial and personal information. Since this is a never-ending always evolving practice, I have listed below some pointers' that suggest your device might have picked up some malware that aids in transmitting your information, unknowingly, thus making you an easier target. 

 

 

If you notice your phone is running slower than usual- While this can be the result of several things; normally you can pinpoint the exact chain of events that lead to your phone slowing down, overtime. Whether's it's accumulated updates throughout the lifetime of ownership of your device, the amassed data, that's stored on your phone from all of the apps downloaded; or even the regular data that's taking up space such as pictures and other files. In the absence of these factors, your phone slowing down suddenly and tremendously is a good indicator that malware or spyware is on your phone and feeding your info to an external source. That process is what is causing/ contributing to the degraded performance of your phone.  

 

 

Your phone either heats up or overheats quickly- Temperature variables aside, similar to the previous point, if you notice your phone is heating up quickly and you're not overclocking, over utilizing or running a resource intensive application or game on your device, chances are whatever malware/spyware that's on your phone is feeding your information back to the host, externally. This action can contribute to the high temperatures being generated, while seemingly being in normal use by you.  

 

 

You are getting strange pop-ups, multiple unsolicited ads- If you're surfing the interwebs, on your device and notice that the websites you normally visit have more frequent and pervasive ad's and pop-ups, and there is a marked difference between your experience's there. This can indicate that something has downloaded on your phone is running in the background causing this distortion, to how it normally operates.  To test this, I often suggest going to the same website on other devices to see if the changes on your device, appear elsewhere. If so, then the website is to blame, if not, then run a virus scan on your phone immediately.

 

 

Frequently visited websites now look different in your browser-This is a dead giveaway that you have a virus or some form of malware on your device. If you notice that websites you frequently visit all of a sudden look "different", are redirecting to another website or just isn't loading or operating the way it used to before; your device is definitely infected with malware and you need to run a virus scan immediately.

 

 

You notice strange phone numbers, texts and e-mails that you didn't originate- Also includes seeing mysterious apps appear on your phone, where  you have no recollection, of downloading them. Often times, if a person has been hacked, this symptom is what I call the "calm" before the storm. Reason being is because by the time things get to this point, the hacker already has other personal information, from your device, in their possession.

 

 

Aside from running a virus scan immediately I highly suggest you check all of your bank and financial accounts (on another non-infected device) and put a lock on any and everything that may be accessible to anyone who has your username and password or any information, they can use to that end. This is a good time to change passwords and set up multi-factor authentication, including resetting your phone back to a factory reset.

 

 

While I personally advice having your data backed up and syncing elsewhere to a cloud account, I suggest this level of caution, as whatever is feeding your information to a third party; needs to be stopped immediately. While not knowing to what extent the damage that was done; the sooner we mitigate it, the better off you'll be.  

 

 

While this gives you a brief overview of how to avoid being hacked in general, you can still utilize the tips here to better protect yourself behaviorally, no matter what device you use. There are a few anti-virus software options (some are free) that you can employ to help scan for malware, spyware and worms and other viruses' on your desktop and mobile devices in addition to helping to get rid of them. One that I often employ is Avast. McAfee and Norton are also two other choices to pick from. These brand's have options that are available for download on both your laptop, desktop and mobile devices.

 

 

 

While surveying the habits and patterns that often put you at risk, I implore you to make the behavioral changes, as soon as you become aware of them. The quicker you implement what you learn, the faster it sticks and the more beneficial it is to you in the long run. There's always something you can do to protect yourself from being a target and making it harder for hackers to easily glean your personal information. For a shorthand way to keep these reminders accessible to you, please refer to the checklists below that denote if your mobile device has been hacked. 

 

How to tell if your Android is hacked

How to tell if your iPhone is hacked

How to tell if your phone's been Hacked.

26.10.22

How tap-to-pay actually works

 

During my latest exploration trip to D.C. one of the experiences that stuck with me was their smart card and how it works. I had a great time touring the city; click here for more about the trip itself. I stayed in a hotel in Maryland and drove to the Metro parking garage to park my car and took the train into the city. As with any city where I'm taking public transit around to explore the area, I always get their transit card and purchase their equivalent of a day pass. 

 

 

The smartrip card is a transit pass that instead of swiping to get through the turn-style, you have to place it on the RFID/NFC reader in order to open the gates. Since it's a tap-to-pay system, I'll be using this example to illustrate how it works. 

 

 

I was always fascinated and interested in exactly how this system works because no matter how long I've been in the tech field, I still get excited over being able to place a card, badge, phone app onto a device and watching something happen. I'll briefly go into how this particular technology works and how it contributes to the ease and convenience of every day activities. 

 

 

Transit card for D.C. Metro

RFID- Stands for Radio Frequency Identification. This involves two devices that "communicate" with each other using coils (serves as antennae), the magnetic field of those two devices, that conducts the transfer of information wirelessly once within range of that magnetic field; and a small data-filled chip, whose information is transferred as a result of the first two components interacting with each other.

 

 

  

NFC- Stands for Near Field Communication. While this is a type of RFID, the benefit to this is since it only uses HF (high frequency) to transfer data you have to be closer to the magnetic reader to trigger that wireless data transfer. 

 

RFID uses a range of both LF (low frequency) and HF (high frequency) during it's wireless energy transfer any data that is present is also transmitted and carried over. NFC only uses HF to transfer data, and tends to be more secure as there is a limit to the amount of data that's transmitted, (it only has room for a small string of characters). While RFID tends to spit out all of it's data more "carelessly", when within range of the readers' magnetic field. 

 

 

Here's how this all comes together; the smartrip card has a chip in it that has the monetary balance that was paid to purchase the card, as the data on it. That card is then placed directly on the RFID reader, and similar to how an RFID tag and RFID reader interact once both components enter each other's magnetic field; the data on the card is transmitted wirelessly and the turnstyle gates open up, allowing entry.

 

This same process works for phones, digital business cards, apps etc. that also use NFC beaming and even bluetooth technology to transmit data.

 

It's really a cool sight to see, how technology has advanced to the point where you're able to send a document from your phone to one of your friends, by simply tapping the back of your phone to theirs.

 

Or even better yet, use bluetooth to connect to their phone and transfer documents to them from across the room. Prime example of this is Apple's "Airdrop" feature. 

 

 

Transit Card for L.A. Metro

The Smartrip card data is managed by the software used on the machines that you purchase the cards from. That software has a transaction ledger of the balances on the card and "writes" that data to the chip on the card. When the card is used, that data is transmitted to another device which utilized the same software to record the remaining balance of how much is used.This process repeats when the card is refilled.

 

 

While you can find a brief explanation of how RFID and NFC works here, let me know your thoughts below on whether this technology has helped to improve your life or if you feel that's it's not secure enough. Comment below.

How tap-to-pay actually works

28.9.22

Amazon Fresh- The New Age Grocery Store

*As this is an Affiliate Post, if you choose to purchase anything through the links below, I will receive a small comission from that sale, with no extra cost to you. it's not mandatory, but highly appreciated*

 During my trip to D.C. I decided to visit the neighboring state of Virginia while I was nearby. I took the metro from D.C. first to Arlington, VA, visited the famous National Cemetary, and then took the train further in to visit the Pentagon.

 

While exploring, I decided to take a break at a Starbucks, and while on my way there, I walked past an Amazon Fresh Supermarket. Until then, I had no idea that Amazon even had a supermarket. Much less any physical stores. My curiosity got the better of me, and I walked in to investigate. 

 

The first thing I noticed were several turnstiles with a scanner next to them with a sign requesting you to present your QR code for your prime account. Looking around, I saw a few of the employees, walked over, and questioned them about how many locations they had and how this supermarket worked. 

 

They told me that amazon prime members can shop here by scanning their QR code, picking up what they need, adding it to their cart, and scanning the same code to leave the store, sans cashier interaction. I was intrigued and made it my business to try it out for myself when I returned home. 

 

I visited the one in Paramus, NJ, to glean a first hand shopper experience from it. I pulled into the mall's outdoor parking lot and excitedly walked in. I saw several turnstiles with a QR code scanner and one entrance at the end that allowed you to walk in without scanning anything.  

 

 

I grabbed a cart walked in through the bigger gate,  picked up a loaf of french bread, and when I finally pulled up my QR code, walked back to the turnstile and scanned it. I was told by the store associate, in order to use the the store's technology; I had to first put the bread back, then scan the code so the technology can "sense" what I picked up around the store and add it to my account. I did that and continued shopping.  

 

 

While walking through the aisles, I saw an array of products that were priced similarly to what you would see in Shoprite, Target, and Wholefoods. Some items were cheaper, while some were more expensive, and while I picked up some much-needed household items, I looked up and saw the multitude of camera's stacked next to each other, descending from the ceiling, all over the store.

< 

The next hour was spent browsing through each aisle and surveying everything they had in that store. To my surprise, I enjoyed how they had an Amazon package return center at the back of the store. It's where you go to return any item's you've ordered from Amazon.com. It's a nice little added convenience to your shopping experience. 

 

I walked over to that counter to return some shoes and noticed a section that had a computer for you to sign into with a "palm-reader" next to it. I was met with intrigue and suspicion over this item, because while an avid tech enthusiast, I do have my reservations about how far I'm willing to go with Biometric devices.  This same device was also available at the exits so you can scan your palms or your QR code to leave the store.

 

Overall my experience was a pleasant one. The ease of shopping, how easily the items were found and they had sturdy reusable bags at the end caps of the aisle, with two different types of shopping carts. One was a regular cart and the other was a computerized cart that scans all of your items as you put it into your cart and adds that item to your account.  

 

Despite the novelty of being able to walk in and out of the store without using cash or stopping by a cashier, this location had cashiers available to help with your purchases if needed. If you decide to shop there and glean your own experience, here's what to watch out for: 

• 
  

•  Don't pick up anything you don't plan on buying because if you don't want it, you might get charged for it. The sensors are triggered on what you pick up, but not always on what you put back.
•  

 

• Easy to over shop. Some items are really cheap while others are more expensive than target and shoprite. I guess it balances out. 
•  

 

• You can't return just any amazon ordered package as it depends on if amazon shipped it from their warehouse or if it came from outside their delivery jurisdiction. As was the case with my shoes. I was so annoyed that I had to make another stop to the UPS store to drop it off. 
•  

 

• When you finish shopping and leave the store you are sent a receipt to your e-mail detailing your purchases, the cost and total number of each item. You have three hours to make adjustments, dispute costs, make refund request for items you've picked up/ returned and the total amount of items overall.

 

•  
• Amazon Fresh and Amazon Go are two different stores. One is a supermarket grocery store similar to stop and shop and wholefoods, while the other is similar to a 7-11 store. Check out the differences here: Amazon Go/Fresh

 

 

 

Have you had a chance yet to visit these stores? If so, leave a comment below and let me know your experience. If you'd like to see for yourself what the hype is all about, click here for a free trial of Amazon Prime and take a look.

Amazon Fresh- The New Age Grocery Store

21.9.22

How To Create Clickable Photos

 

 

When I first started my blogging journey, I dived head first into the world of web design in the form of my own blog website layout. I didn't make any of the website themes, as I purchased them from an online marketplace; however, I did get pretty familiar with the HTML coding once I started editing the layout and colors to my liking.

 

My background in tech made me all the more willing to "get my hands dirty" and learn something new. While my zeal for this new endeavor, sustained me; it also carried me through all of the long nights, setbacks, roadblocks, and delays. 

 

It wasn't all hard times, though, as I've had more joy and triumphs every time I figured out how to resolve a tech issue on my own and received more inspiration to edit and make my website better and more visually interactive.

 

I must say I am pleased with the final result, as every account opened, software used, and new ideas explored were all used in tandem with each other. Nothing went to waste, and everything fit together. The software I used for one of the sections on my website is mentioned below.

 

If you ever find yourself wanting to create a website of your own and would like to make any of your pictures "clickable" to another link, consider using this website.

 

 

While there are other websites out there that do a similar job to this one, I liked this one because not only was the website easy to use and the sign-up process for a free account was quick and seamless; but they have a brief tutorial video readily available to show you what to do.

 

The fact that they have a live chat agent; that proactively pings you to offer assistance, and responds immediately upon your interaction with it, was also a nice touch. 

 

I utilized this website to attach the image of my checklists to the printable PDF document needed to utilize it physically. It was very easy to fill out the information required for the generated links, and it safely redirected you to a working copy of my checklist.

 

You can also use this website to make image cards that lead to any URL you'd like, including your own company's website, social media page, or any hosted document you'd like to share. For the latter, make sure you change the sharing permissions of the document before linking it, so everyone who wants to access it can do so easily.

 

Whether you're ready to design a website or blog of your own, or just working on a presentation and want to give your slides a little extra flair by having the images on it, lead elsewhere when clicked, give this website a try and make your projects that much better.

 

How To Create Clickable Photos

21.7.22