Secure Passwords?

I recently had someone leave a key under their front door mat for me because their keypad was malfing (was so could “sit on” grandson after school). They returned, we visited, left. Got a phone call: “Where’s the key?” Well, I had not left it EXACTLY where instructed, but since THEIR keychain was on the bookcase where I’d been told to leave the key, I simply put the key on it.

Hiding in plain sight can work, but there’s “hiding in plain sight” and its idiot cousin, “Take me; I’m yours.” Don’t be the idiot cousin.

Writing down passwords can have the benefit of having them available when needed (and forgotten, but unless that list is under physical lock-and-key security, it’s “Take me; I’m yours.” Better: a secure password service, perhaps.

Better still: use passwords you can remember. No, not your dog’s name or your wedding anniversary date. (Oh, wait. That’s not somethining you’ve forgotten before, is it? *heh*) or ANYTHING ELSE derived from personal information about you. No, while easily remembered (except for the anniversary thingy), those kinds of things are available to others and so make easily “crackable” passwords. No, select a pass phrase that is memorable – title of a fav book, an aphorism, a line from a poem or song, etc., and construct your pass word using that in a way that is sensible and memorable for you.

For example, I took the “punch line” as I “misremembered” it! – from a Smothers Brothers parody of a song that was popular back in their heyday and constructed a password from that. VERY memorable for me, but since it’s from a parody of a song that’s not in the “Top Five Million” nowadays, and the line I used is NOT as it was performed in the parody, the password I constructed (an easy one) only used the first letters of each word (as “misremembered”), a “Massive Cracking Array” could take a couple of days to crack it, so not seriously secure. But then, as I said, an easy password. . . on a “Junk Mail” account designated as a SPAM catcher.so. . . *heh*

It Never Fails

Amid my gaggle of computing devices, I have a couple of Win10 computers, and I use them fairly regularly (right now, for example). One thing that annoys and amuses me in almost equal measure is the behavior of Windows Defender in labeling software of which I approve as “potentially unwanted software” and modifications I make to system elements (like the hosts file) as “dangerous,” when all those programs and mods do is limit Me$$y$oft’s privacy intrusions, tracking, etc.

I do go ahead and rescan those “dangerous” (to Me$$y$oft’s nefarious intentions) applications labeled as “PUPs” with trusted third party antimalware even though I scanned them with multiple trusted third party antimalware applications before I installed them, and invariably the third party software calls ’em good (because the only “malicious” behavior they have is limiting bad behavior by Me$$y$oft, of course).

So, far, the rule is invariable: safe, effective blocking of Me$$y$oft spyware is gonna be labeled as malware by Me$$y$oft. Of course.

Better Than One Note?

Well, for me it is. YMMV, of course, but ANY time I can get a third party app that works as well or, preferably, better than a Me$$y$oft app, I snap it right up.

Zim Desktop Wiki. I installed it as a portable on a flash drive. Handy for me. Available in flavors for various OSes. Also handy.

Just More Typical Me$$y$oft Woes

ACK. I hate Win10, sometimes. Usually it is. . . juuuust usable. But, when an installation needs repair, quite often I have found that a wipe/complete reinstall is needed. Refresh option? “Automagical” Me$$y$oft “repair”? Sucks dead bunnies through a straw. *meh* _Sometimes_ works. And yeh, there are other options, but usually they SDBTAS as well (Oh, you’ve made a .wim and expect to recover from that? You are so cute. . . ). If there is no usable THIRD PARTY full system backup, things get sticky. WinPE and a refresh/repair installation sometimes works. But sometimes, a fresh hard drive and full reinstallation of OS and all apps is just the only way to go. . . Resurrecting data files not found in a recent backup isn’t all that hard (especially if they’ve been mirrored to a NAS as well), but seriously, Me$$y$oft, why is Win10 so fragile and why do the built-in “repair” tools SDBTAS? Oh, right. Because you can do it and still expect users to continue to lap up the sludge. . .

If I did not need Windows for ONE app, I’d be gone on all my personal comps. (ONE app that WINE does not work well to use under ‘nix OSes *sigh*)

(Yeh, I resurrected a lil lappy a couple months ago w/a HD replacement/clone op, but this is different sitch.)

Tap-and-Pay Apps?

How Hackers Can “Tap” Your Bank Accounts

Yeh, nope. Tap-and-pay may be convenient, but I have never been persuaded that it is safe, and so have never enabled it. I’m far safer carrying cash (because muggers? *heh* No, for many reasons).

Condition Yellow should apply at all times to data/device security, not just physical security.
_____________________________

For online purchases–another area of banking insecurity–I rely on several different tactics, including the careful use of a debit card tied to an account at my local bank that is designated for such use. . . a bank where my next door neighbor is head teller, and I know all the other folks in the bank as well. They look out for any anomalies very well.

SpyWear™

“Smart” clothing?

How dumb do people have to be to call SpyWear™ “Smart Clothes”? Sure, it doesn’t HAVE to be that way, but unless folks make sure their data is kept locally, more than just air-gapped from the web, their private info. . . isn’t. I do use a fitness tracking device that coordinates with an old phone that is disconnected from _any_ network (including my local network). I can evaluate the data collected, so I get the benefits w/o “sharing” my data.

BTW, yeh, all the apps I have on that old phone do gripe at me, wanting network access, when they fail to phone home. I just smile and enjoy those gripes. (And yeh, I don’t just rely on disconnecting it from my network. I have it blocked at my router. 🙂 )

Jólabókaflóðið!

As part of my own lil Jólabókaflóðið (“Christmas book flood”), I started an ebook that was supposedly 800+ pp in length. Opened it. Every line is double-spaced. Double that between paragraphs. Does NOT improve the reading experience, just fakes up a 400pp book into a supposed 800+pp. *smh* That doesn’t even count the times I caught the writer padding the word count in the first few pages. Setting aside. Not even written all that well.

Moving on. . .

Is YOUR Online Data Secure?

No. In fact, this site is not “secure” in any real sense, and some PII about me can be gleaned via various means from this site. So? NO PII online is secure. There is no such thing as personal data security online. There is only the possibility of LESS insecurity. While one can improve one’s data security, absolute security is a chimera. Knowing this is the first step to better security practices, IMO, which includes whatever controls one can put on what data one allows online to begin with.

For example, while I use a password manager for low-value sites (sites where little PII accrues, for various reasons*), I use enhanced memory techniques and memorable pass phrases derived from hobbies not noted online or in emails or other such communications) for sites with more sensitive (or accurate *heh*) PII. (And yes, I know I won’t be around forever, so such passphrases are also secured on an encrypted flash drive and stored in a safe which only two people have access to besides me. Maybe it’s just me, though. . . ) That, plus two-factor authentication, are good things to do, but do not, of course, assure any real security, because once data is online, means of compromising the site storing it proliferate beyond one’s control.

And yes, I take a lot of other steps, and STILL my data is not secure. Never will be. Neither will yours be secure, because once it’s online anywhere, it’s really beyond your control. All one can do is–hopefully–limit access as much as possible.
_______________________________________________

*There are a lot of diverse sites on the web that interest me that also require registration I view as intrusive and unnecessary, so I obfuscate and often outright lie in registering, as well as offering throwaway email addresses (also registered with obfuscated data). *shrugs* I’m not a good mark for con artists, either. 😉 For most such places, I also invoke a foreign IP address via one of several different VPNs. TOR helps, as well.

Wee, Teen-eintsy Comp-Geeky Thingy

Nice. Just booted a lil EePC running “Puppy Slacko” for the first time in over a year. Sweet lil baby lappy with a lean Linux distro. When it was running its preinstalled Win7 OS (still available, but who cares?) it was a bit of a (baby) slug. Not posting this from it, because I’ve not swapped out its wireless card, and the one that came installed is. . . still a slug. Need to get that done, eh?

Just a Wee Comp-Semi-Geeky Thingy

So, cheap lil Windows-based “email and internet cruiser” notebook. NOT specced like my desktop, but OK for casual stuff. Almost a disposable computer. Almost. Lil hybrid hard drive went flaky. Still sorta worked most of the time, but not really. So. repaired the system, pulled the drive, installed it in an external case. New drive (NOT a hybrid, this time): same deal: external case. Plugged both into desktop and used Macrium Reflect (recommended for Windows users who like good, inexpensive software) to clone the freshly-repaired drive to the new drive.

Installed new drive in lil “almost disposable” notebook, and. . . all is well.