The Heartbleed Password Dilema
OK, the fallout from the ‘heartbleed’ bug is worse than I thought. The problem is with how we, as humans, don’t manage a ton of passwords well. It isn’t so much that we are lazy, but to avoid clutter in our mind, we re-use passwords across the internet to log-in to different websites.
But with the heartbleed vulnerability, the problem becomes worse because of our conservation of brain cells and the repeated username and password combination becomes yet another vulnerability.
You see, most people don’t come-up with a unique username and password for each site they have become a member of. Most people reuse the same username over and over so that they can be identified as themselves by friends and acquaintances across networks. Now, that would still be OK if the password used was unique for each and every website that user logged into using that username. But because we are trying to make things simpler we usually only use a small index of passwords from which we draw our passwords, so that we don’t have to remember so many, because we know what it feels like to be locked-out.
It all has to do with username and password pairs.
So if a user logs in as “Gibraltor5” with a password of “1Ydd/R247” on a forum website that is compromised, the problem then becomes that the username and password pair are entered into a database and some malicious hacker will eventually try to use that username & password pair at other places, such as Yahoo, Twitter, Gmail, Facebook, Chase, CapitalOne, Amex, etc…
So eventually, someone will make a program that will actually try to login to all sorts of websites using “Gibraltor5” as the username and “1Ydd/R247” as the password, possibly even on a global scale. Once more, they may not stop at one attempt. They might wait a year or so and try again, just to check if the user had protected his accounts, but then gone back to his lazy ways.
So from now on, you have to create a unique password for every single site that you have ever accessed.
Even though Google may say that your Gmail and Google+ accounts are safe, they aren’t if you have ever used the same username and password combination ever before or afterwards on any site. You can’t be sure that any certain site was or wasn’t compromised. The username and password pair could have come from a site you don’t even remember joining. So if you have a tendency, like most humans, to use the same password over and over, you have to stop that right now, go back to all the sites that you have ever been a member of, and change your password to something unique.
Now, if you are like me, you have lots of places that you frequent. That means you will require so many passwords you won’t know how to keep them all straight without writing them down. But if you write them on plain paper, or in a little black book of passwords like I used to do, you open yourself to having them ripped off and hacked that way, by your very own hand.
The best way to do it then, is use a password program that will keep all your passwords safe and handy. Since I don’t always have my PC with me, but I try to always have my phone on me, I have to recommend Kuff’s Password Safe for the Android. It allows you to generate unique jibberish style passwords on the fly, comes with 128 or 256 bit encryption to protect your entire catalog of passwords, categorize them, and more. The one thing is that you must remember the password you will use to access the application, because there is no back door and without that one password, you will not be able to access the application again. The good news is that you only have one password to remember, again.
Now, to top that off, you can also get another version for Windows, so that you can update and access your password data across platforms, as well as backup your data to remote servers such as Dropbox, SkyDrive & Google Drive, or to your local Windows machine.
Kuffs Password Safe on Google Play:
https://play.google.com/store/apps/details?id=uk.co.kuffs.free.passwordsafe
The developer’s website for Kuffs Password Safe (Android & Windows):
http://www.kuffs.co.uk/
If you do not have an Android smartphone and/or tablet, and you do not expect to upgrade to a smartphone, or if you prefer a Macintosh supported version, you will have to shop around. But this little utility, a password safe, to secure all of your username and password pairs and other private information, encrypt the data to protect it from malicious hacker idiots, is now an important and vital component in the life of anyone who has or had an online lifestyle (meaning anyone who ever has done anything online).
Theme Upgrade Crap
The theme for this blog, Andreas04, was upgraded to “Able”. I personally think that Able is crap and is the absolute kind of theme I am trying to avoid, one that lacks creativity of any sort.
To that end I have been strained trying to find a new theme. Which also keeps me from posting anything new, because I arrive at my dashboard and am presented with a problem indicating that my theme won’t work well, or might not even be around, for much longer. hence I go look for themes and get lost in a sespool of muck & mire.
Customize your FireFox browser experience with a Persona!
These days we all like to customize our stuff so that it reflects our own personality. New industries have sprung out of the desire for custom vinyl car, phone and laptop wraps. And of course we can do the same thing with our FireFox browser now, using Personas, which act like little FireFox browser themes.
We all have to think about how we want to promote our businesses online. SEO doesn’t work unless there is some sort of promotion program in place. The more creative ideas always seem to win out over just submitting your website to the directories.
People who make good videos tend to get lots of viewers. I keep wanting to make my own tutorials but the screen recording and presentation software has always been out of my budget (let me know if you have something free/share-ware that works).
But I finally decided to take a look at how I can get my work out there. Because I have so many domains, I have been making lots of logos for my minisites & blogs. But I have always been trying to find a way to share my graphic design skills.
I had been so busy that I hadn’t noticed it. But every time FireFox updated to a new version it was always inviting me to try out the new personas. To tell you the truth, I don’t like a lot going on in my browser. I don’t want it to clash with other websites or be too busy. I’ve even stopped using the Google Toolbar because it refused to share the same line with any other toolbar and pushed the content down and closed my visible window on the cyberworld.
But as a graphic designer my curiosity has finally gotten the better of me and I was quite amazed what I found there. Many were just plain awesome because they invoke loyalty to a brand such as the Vikings, the Twins or the Yankees… I even have a couple Superman themes for FireFox, now.
But later I made a few of my own. The first few have finally been approved at:
http://www.getpersonas.com/en-US/gallery/Designer/SymbioticDesign
Some of these are actually quite busy for a texture pattern, but I’m learning and they still seem to work well for some people with less going on than I have. Some could actually be modified further if someone wanted to. And I usually added credit for my business or a website in somewhere (usually on the bottom footer image) with a blatant plug for my website.
I’m still experimenting with stuff and a whole bunch of others are pending, but it’s just a good idea I thought I might share. It might go somewhere, it might not, but the idea of having a technically sophisticated user (I think most FireFox users are well up on things) that might see my creativity and check out my websites (I am promoting quite a few of them in different patterns), sounded like a good idea and a real win-win if my graphic eye is attracting them to my services.
Thought you might like the idea.
I know there are some “Personas” that I made that maybe I shouldn’t have uploaded, but everyone likes something different and as indicated, I have just started toying around with this. I think I have a few better ones that I expect to be approved soon and I am even going to be tapping other parts of my hard drive (some of my folders seem to be growing spiderwebs but have images I know would work well).
Here are some examples of FireFox Personas that I thought worked well:
Brushed Recessed Metal
Space Craft Panels Persona
Knurled Persona
Alien Ribs
Blue Angels 1 through 6
Wavy Grill
It’s easy enough to use another designer’s Persona or with very little work you can make your own. Although it is free, it helps get the word out about your sites and stuff, if you decide to try to make your own to promote yourself or your business.
I’m sure there are other such avenues, if you do something similar, post it here (or in a new thread).
As another designer pointed out, we do have to be careful about what images we use. I made all my designs, or used photography that I had taken. Be sure that you have the rights to use anything that you might come up with in your own Personas. If it’s Copyright at all, make sure it’s your Copyright! 😉
Sick & Tired of Facebook SPAM
I am really starting to get tired of all the spam… “So-and-so” posted “something” on your wall, but when you look at it, you are sent to an application that is supposed to quiz you and has nothing to do with anyone, writing on my wall, a photo of me that someone commented on, a picture of me within a photo, a nquestion about me, or anything. Spam is what made me walk away from Yahoo, they did not take my privacy seriously. Google has, and although I don’t like their monopolistic corporate greed attitude, I am still there because they are seemingly serious about protecting my account.
This is the same reason that people left MySpace and strolled over to Facebook. We were sick of all the spam. But if Facebook is just going to become another damn haven for spammers, you can count me out.
Facebook, get your head out of your butt right now. Or I will be gone.
Do You Need Like-Minded People to Follow on Twitter?
Are you looking for some like minded people to follow on Twitter? If so, you may have been following people that your friends have been following, trusting their judgment. But this has not worked out well for me. Often it works very well, but there are the few trouble makers with a crappy mouth that I do not like my son to see. Since TweetDeck is updating at regular intervals automatically, this is a big problem.
But recently Twitter has introduced “lists”. Lists allow you to categorize other twitterers (or “tweople”) into lists. In my case, I have categorized a whole mess of people into quite a few lists. This should allow some of you who are designers to follow other designers, and etc.
A list of my current lists, with links to them, follows:
Hopefully that’s a good place to start, anyway. I actually spent quite a bit of time building those lists. I hope you can enjoy a few of them.
These lists are meant to allow others an easy means to follow other like-minded professionals, but you don’t have to actually follow each member, individually. From what I understand, Twitter allows you to follow each individual list, making it much easier to add everyone listed there.
However, remember that you don’t have to follow anyone in order to put them in your own list, either. That is, I started a list of designers and added all the known/recognized graphic and web designers to it. But I didn’t actually follow the guys who’s Twitter posts (“tweets”) weren’t in English. I still want them in my list in case I need someone who speaks Polish better than I (or some other language), so that I have easy access to them should I need to contract a freelancer on a project.
I do suggest that you follow like-minded people, though. For instance, if you don’t know anything about domain names, and don’t especially want to, don’t go through the list of Domainers. You’ll only get a bunch of info you don’t really want to know, such as domain name news, domain names offered for sale, or maybe something like how to use Google AdSense to monetize your website. Professional websites don’t show Google AdWords advertisements, after all.
Happy Tweeting!