So… This just happened.

FAIL! (via PleatedJeans)

I tried to post this on Facebook, but for some ridiculous reason, Facebook can’t display animated gifs. C’mon, man. GeoCities had that figured out in 1994… 20 years ago!

It’s been years since I posted about secure passwords. If you’re a “new viewer,” please go read it! In fact, even if you’ve read it before, go read it again! YES! NOW!! (Don’t worry. I’ll wait.)

The one thing I would add to that article today is this:

7 – Make your passwords as long as allowed.

Password guessing tools are getting smarter and faster all the time. Too many websites don’t defend against “brute force” attacks (where a hacker can guess thousands of passwords a minute and only has to be right once).

Now, keep in mind, that first post was from 2010. One of the articles referenced was from 2008. The other one doesn’t even exist any more. So, surely by now, things have improved, right? People have finally learned how to secure their web identity, right?!

Well, as it turns out, no. Not at all.

Just this week, it came out that some two million passwords were recently stolen, including some from Facebook, Twitter, and Google (GMail and G+). So, change your passwords today! Seriously!! (I just did.)

What’s worse is what we learned from the stolen data. Passwords are just as stupid and weak now as they were five years ago! Of the two million passwords stolen, over 15,000 of them were “123456”… ARE YOU KIDDING ME?! The article goes on to compare password strength from the new data to password data from 2006 and it shows that passwords are getting worse, not better.

Back in 2006 the top ten most common passwords comprised only 0.9% of the total count. Today, in 2013, they add up to 2.4%.

I know this blog is usually funny and far from serious and that is my goal. But in all seriousness, please be smart about your passwords. The internet is a truly awesome tool. But if not used correctly, intelligently, and carefully, it can ruin your finances, your relationships, and, even your health and well-being.

[Wow. That got way to serious for a minute there.]

And remember to incorporate either “fart” or “poop” in your passwords at all times.

[There. That’s better.]

I get a lot of spam. I mean a lot! But it’s not so bad because I know how to handle it. My personal advice for anyone who connects to the interwebs ever is to create a spam email account. I use HotMail. HotMail has a feature that sends all emails to a junk folder unless I know and have allowed the sender. Then, whenever a website (even a website I trust) asks for my email address, I use darkmanwork@hotmail.com. See?! I’m so confident that I’ll put my email address right here in the blog post!! Because I know if a spammer gets hold of it, they can do me no harm. Their scams and junk mail will end up harmlessly sitting in my junk folder. Because I do, on rare occasion get valid emails to that address, every couple of days, I scan through the junk folder. Some phishing emails I report to the owners of the site being phished (like when a get a fake email from PayPal or eBay). But most of it just gets deleted.

I get a lot of these Nigerian style scams. I scan through a few of them to chuckle at the grammar. But this one was so bad, it was too good to just toss in the trash. I present “Urgent!”

I suppose me posting a link on my blog to an article about internet addiction is a bit like one drunk hobo passing a half empty bottle of hootch to another drunk hobo. But it is an interesting read.

So… ‘ere ya go, buddy. *hic* Drink up. (Clicky clicky.)

Don’t you love new software?! Don’t you love all the great new features?! Don’t you love when the developers come up with some change that no one really wanted or had any reason to care about until they changed it and made life all the more difficult for you?!?! Yaaaay!!

Ok, so if you’ve been on the interwebs for any amount of time, you’ve see that odd little thing in front of the web address: “http://” This is what we in the bidnis call the “protocol.” 99% of the time, you’ll either see http or https (which means it’s using a SSL secured connection).

Firefox 7, just for grins and giggles, hides the protocol in the address bar. So, you don’t see “https://mybank.com/login”. You just see “mybank.com/login”. Gah! er… I mean… Yaaaay!

But why, you might ask, do I care what protocol is being used?

Well, I would say in a patronizing tone, you might need to see for certain that your connection is secure (https) before you put your username and password into your bank’s website (else someone would be able to intercept your request and steal your login) or put your credit card number on a web form (or someone might steal your number), or maybe your employer blocks http://facebook.com, but you’ve discovered that they don’t block https://facebook.com. There are many reasons why you might want to see and change the protocol.

In my line of work (I’m a web developer), the protocol is very important. I need to be sure that certain pages of the site I maintain are secure and that others aren’t. (https is slower, so only use it if you need it!) So I really really need to be able to see the protocol.

Thankfully, Google had the answer for me. (Google knows everything.) There is a config setting in Firefox to stop it from trimming the URL. Thanks Google! And thank you, Firefox 7 developer who thought this would be a neat feature, for wasting an hour of my life.

While it seems, for now, we’re no longer in danger of the U.S. dollar losing its status as the global reserve currency (thanks to those socialist nutjobs in Greece), we’re not out of the woods yet. That’s because English (or more generally, the Latin alphabet) is no longer the king of the hill for the internet. That’s right, we no longer own the internet!

ICANN, the governing body that doles out domain names, has begun issuing domains using the Arabic alphabet! Yep. I’m serious.

Now, I’ve got no problem with folks having domains in their own language using their own alphabet. But just you wait. I predict it will be less than a month before some clown finds some characters in a foreign alphabet that look like smiley faces or flowers or music notes and gets a domain name like “www.♠Cool♥Online♦Poker♣.com”.

And I’m pretty sure that’s one of the signs of the Apocalypse.

I absolutely love funny, well done, just-for-the-web advertising (a.k.a. viral ads). There is a whole series on YouTube for the Toyota Sienna minivan. If you’ve got some time, check out the whole series here. If you don’t, allow me to share a few of my favorites.

The Swagger Wagon

Bonding Time – I don’t know why but this one makes me think of RandyPants.

Mommy’s Rest – If you snore (like me), this one will hit home for sure.

Now, ask yourself. Does viral advertising work? Well, what are the chances that I would be pimping a minivan on my blog if it weren’t for these awesome videos? Two words: Ze-Ro.

This is a remix of a Russian singer popular in the 70’s. In the original, he real does sing a whole song with no discernible words. But I think you’ll agree this version is much more entertaining.

If your like me (God help you.) you’ve got accounts on dozens of websites. Your bank, credit cards, eBay, PayPal, Facebook, Twitter, your blog, and any number of forums or hobby sites. Each one has a login and password. How in the world do we keep track of it all?

For most folks, the solution is simple. Simply stupid, that is. They use horribly insecure passwords. A colleague just sent me a link to the Top 20 Most Common Passwords which in turn links to the Top 500 Worst Passwords (Parental Advisory!! Some people have potty-passwords!) Way too many people use names, common words, or easy to guess combinations, like “121212” or “qwerty.” These people are easy marks for hackers. Don’t be an easy mark!!

The advise I’m about to give you is not unique. I claim no mystical knowledge. You can find it on any number of web sites, but I do think it’s worth sharing.

First off, I strongly recommend that you create what I like to call a spam email account. Use hotmail, yahoo, etc. to create a free email account that you’ll only use for signing up on websites. That way, you’ll have a place to get the inevitable confirmation email, but you won’t be risking your personal email address to spammers.

Now, for passwords:

1 – Don’t use words or names.
2 – Don’t use common non-words. (ex. “qwerty” or “asdf” [Keyboard patterns] or “NCC1701” [Registration number of the Enterprise on Star Trek. Don’t laugh, it’s #139 on the 500 worst passwords list!])
3 – Don’t use common personal information like birth or anniversary dates or phone numbers.
4 – Don’t use only numbers.

“Well, good grief,” you might be saying. “What am I going to use?!” In a word, acronyms! Do you have a favorite song, movie quote, or Bible verse? Here’s an example:

Twinkle twinkle little star, how I wonder what you are.

Now as an acronym password, that becomes “ttlshiwwya”.

5 – Add special characters and use both upper and lower case letters.

For our example above, we could use “*” instead of “star” in our acronym. We could also use “R” instead of “are.” We could replace the lower case “l” with a number “1”. And we could capitalize the first word of each phrase. Now we’ve got “Tt1*HiwwyR”. That’s a pretty good password… except that I just published it on the internet, so now it’s junk. Don’t use it!

Now for one more rule that I have not heard anywhere else, so I am claiming as my own.

6 – Come up with a system that incorporates something unique about the website in question.

Remember I said we’ve got dozens of sites for which we own passwords. It does no good to have a rock solid password that you use everywhere. What happens if, say, Facebook gets hacked and someone steals your rock solid password? The hacker is not going to make any money off of hacked Facebook accounts. Where he butters his bread is taking those passwords and trying them out on eBay, PayPal and major financial websites. If you’re Facebook password is the same as your bank, you’re in big trouble. Likewise, you may want to create multiple spam email accounts or login names that are related to the website. This will decrease the chances of someone cross hacking your accounts.

Come up with an easy to remember keyword for each site.

Bank website -> Money
eBay -> Junk
Stamp collectors forum -> Lick
Online T-shirt store -> Threads

You could even use the name of the site (not as secure, but easier to remember). Now, obviously, you’re not going to use these keywords as your password, but you can use them as part of your password.

Let’s say we take “Tt1*” from the example above. We’ll call that our password root. Now we need a password for our bank, “1st Secure Bank of Awesomeness” whose website is “www.1stsecurebank.com”. Take the last three letters of the website: “ank” (Not “com”… duh.) and inject that into your password root. We could just tack it on the end (“Tt1*ank”), but that might be too easy. How about we interweave the two. So “Tt1*” and “ank” become “Tatn1k*”. Now, you need a password for your stamp collecting forum, “WeLoveStamps.com”. Using the same method, we get “Tmtp1s*”. Get it? Now you’ve got a unique password for every website you visit that is nigh impossible to guess.

But what’s this?! You’re bank wants you to answer some simple questions to help identify you in case you forget your password! What’s your mother’s maiden name. What was the name of your childhood pet. Where did you go to school. These are easy questions! No problem, right? WRONG!

Remember a while back when Sarah Palin’s email was hacked. Guess how the hacker got in. “What school did you go to?” Umm. “Wasilla High School?” Bingo! I promise your bank won’t reject you for inventing a fake answer to these questions. In fact, I would recommend that you give the answer to a different question.

Q) Where did you go to school?
A) 1992
Q) What year did you graduate?
A) Amarillo High School
Q) What was the name of your childhood pet?
A) Sarah Parker
Q) What is the name of your closest childhood friend?
A) Freckles the Fish

The trick here is to remember what answer goes with what. If you don’t think you can pull that off, you might be better off just making something up. Be sure it’s something you’ll remember.

Q) Where did you go to school?
A) Gotham High School
Q) What year did you graduate?
A) 1939
Q) What was the name of your childhood pet?
A) Batty
Q) What is the name of your closest childhood friend?
A) Alfred

Did you catch that? Batman? Eh? Nudge nudge? Pretty smart, eh?

Now, I fully expect you to spend the next two hours going to every website you’ve ever been to and changing your passwords and your security questions. You’ve got work to do, buddy! You’d better get crackin’!!