Easy Ways To Create Tough Passwords

Last week Twitter discovered a breach in their system that could have allowed someone to download the passwords of every user of their platform. They send out a message recommending that everyone change their passwords as a just in case measure, while indicating that they didn’t think anyone else had discovered the issue.


geralt @ Pixabay

There was a lot of grumbling about it; not the breach itself but in the need to create new passwords. I understand it; I hate changing passwords all the time myself. However, I don’t think my issue is the same as the issue of many others.
Continue reading

Digiprove sealCopyright secured by Digiprove © 2018 Mitch Mitchell

Why Are We So Lazy With Our Passwords

By now, almost everyone should have heard about the hacking of the adult cheating site Ashley Madison. Because the hackers decided to release all the information online (actually, I have no idea where they released it because I didn’t care), it’s caused a lot of grief and scandal and a few suicides; come on now, really?

Linux password file
Creative Commons License Christiaan Colen via Compfight

As stupid as it is to join a site like that in today’s world, especially once we hear of all the website and corporations that have been hacked, what seems to be even more stupid are the most common passwords used on the site. Those passwords are: 123456, 12345, password, DEFAULT, 123456789. According to Gizmodo, the only bad password not listed in the top 25 of 2014 was ‘DEFAULT’. The password ‘123456789’ was in 6th place on their list; the other two in the top 5 were ‘qwerty‘ and ‘12345678‘.

Good grief; no wonder so many people seem to get hacked so easily. I mean, I know right now it’s very difficult to stop people who really want to get into your accounts but why make it too easy for them?

Now, I’m not going to act like I’m totally perfect; at least not in the beginning. I never used any of the passwords listed above (thank goodness I wasn’t quite that dumb), but I wasn’t above having very short passwords initially, as well as common names of things that might have been easy to figure out. Then again, back in the day there weren’t as many people hacking into accounts and there weren’t as many sites so we could get away with it.

What made me start changing up my passwords was having my business email account hacked. I never thought about it all that much until I was getting bombarded with email… from myself! lol I’d set up the email account in 2002 and given it a fairly easy password. However, I’d also started using a script on my site that I found online which turned out not to be all that secure.

Thus, I knew a lot of emails were going out in my name, which was painful enough, even after I removed the script. For a few years everything dwindled down and I thought I had it all fixed… until it started up again, this time way more intense than before. It took my hosting company to finally contact me and tell me they believed my account had been hacked for me to realize how stupid I was and to change up all my passwords, making them tougher & harder to break.

On one level that’s perfect; on another… well, I’m betting many of you know the other side. We create tough passwords but if we have a lot of things to get into it makes them difficult to remember. As I sit here right now I know that I only know the username and password for 3 of my 5 blogs, and for maybe 3 or 4 other websites I participate with in some way; that’s it. I’ll admit that I have a file on my computer that has all that information, and for many others I use Keeper, which is on my smartphone and mainly keeps passwords for wifi spots in restaurants I visit often.

We all need to either create very strong passwords or change our passwords at least every 90 days. Some IT authorities believe we should change them every 30 days, and many of you who work in corporate know that’s what you end up having to do.

However, even this might not be enough to keep you from having a bit of grief. I know this because last night I went to GoDaddy to update my subscription for this blog and, even though I’d changed my password a few months ago, I was blocked because apparently there’s someone out there trying to get into my account… probably not me personally but using software trying to get into multiple accounts. Luckily GoDaddy shuts it down after so many attempts, but it seems that changing my password does no good because you can’t change your account number without canceling your account and starting again; nope, I’m not doing that.

Since we can’t attain perfection across the board I warn you to do something to protect your interests. For me, I’d gone with harder passwords so I don’t have to constantly change them. When it comes to your blog, many of you might have missed my post about Limit Login Attempts since I wrote it in 2009, or my post on the Top 10 WordPress Plugin Recommendations I wrote here in May, which includes the one above and a couple others that will help you protect your blog.

Be smart with your passwords and usernames; protect yourself.
 

Digiprove sealCopyright secured by Digiprove © 2015 Mitch Mitchell

A Big Danger With Free Themes

I’m someone who has always said that there’s nothing wrong with using free themes for your blog because I don’t believe there’s any inherent SEO benefit to using paid themes. Some claim that they’ve seen their income go skyhigh once they switched, but the overwhelming majority of people don’t make a single dime more than they did using a free theme.

free 'sweet' hugs
Creative Commons License Jesslee Cuizon via Compfight

Overall, there’s no major difference between using free or paid except for three things.

One, if you use a free theme at some point you should think about changing up some things here and there so that it truly becomes yours. You’re going to want to do as much as you can to help yourself stand out and become unique if it’s connected with your business model.

Two, because you don’t always know who created the free theme, you might end up having to deal with issues of copyright and images, such as when I wrote this post about images and Getty Images and one of my clients.

Three… totally different matter. Last week a couple of my blogs were hacked, and if you follow that link you’ll find out what I did about it in case you ever go through it yourself. I have lots of protections on my blogs that I thought would take care of such things, and for the most part they worked. But it seems there’s a potential back door, and that’s what I’m warning you about.

Most people don’t ever take a look into the coding that makes up themes; I have. Back in the day I’d learned pretty quickly that often in the footer of some themes there’s some hidden code that links back to a website of the creator, and it’s not always a good thing.

For the first year or so of this blog my top search keywords had to do with credit cards, and I had no idea why because I’d never covered the topic on this blog. Then I learned about the code & footers and I took a look through the Appearance/Editor feature of the blog dashboard, only to discover that I couldn’t see anything in there. What I had to do was download it to my computer, open it up in my HTML program, and run some cool program at the time that revealed the link. Of course I removed it, even though the “license” said you could use the theme if you didn’t make any changes to the footer (oops), and I’ve never had that issue again.

However, what I’d also done back in the day for this blog and my main business blog is download a bunch of themes to test out, selected one, and then moved on with life. On the business blog I changed its theme 3 times before settling on the one it’s got now, but I never changed the theme on this blog once I selected it, though I have modified what it looks like.

The main thing I didn’t do, that ended up causing me major problems and something I’m going to warn you about? I never deleted any of those other themes that I wasn’t ever going to use. I never even thought about it because I never had a reason to look at the Appearance/Themes area ever again. On two of my other blogs I used the same theme I now use on my business blog, as it’s easy to modify and change up, and I modified the theme on my local blog before I ever uploaded it, so no worries there.

The hackers were able to exploit something in one theme on both my business blog and this one; that’s all it took to bring down all my blogs and all my websites, since they’re all on the same server. They didn’t get into anything; I’m not even sure if they were going to try. Lucky for me my hosting company, 1&1, caught the intrusion on their own and locked down all my sites, giving me time to fix things later the next day.

I’m betting that anyone with a blog more than 3 years old has something on it that they’ve forgotten about for years and not even tried to update. This is why there’s always someone warning you about making sure you update your blog software and your plugins, and of course recommending that you backup your blogs whenever possible.

In conclusion, as with anything that’s free you take your chances with free themes, though the same can be said for some paid themes. Your best bet is to go with newer free themes as they’ll have fewer files that can be exploited, and once you select a theme kill all the others you tested and try to make sure there’s nothing hidden in the footer except maybe a link directly to the person who created it. In that regard I don’t mind giving credit where credit is due, as long as there wasn’t anything sneaky in there.
 

Digiprove sealCopyright secured by Digiprove © 2013 Mitch Mitchell

I’m A Spammer! Well, Not Quite…

Before I get into this post, I’d like to mention that I was interviewed for the first time about my finance site, which was pretty cool. I also wrote one of my rare guest posts for Sonia of Logallot titled 7 Certainties Of Blogging That Prevent Boredom. Check those out if you’ve got the stomach for it. 🙂

Last September I wrote a white paper and put it up on my business website for potential clients to download. I decided I wanted to capture email addresses so I could follow up on some of the people who downloaded it. That turned out to be one of the biggest mistakes of my life, and I’m still paying for it. And I should have known better.

Dean Studios (Des Moines, IA) Advert,  Early 1960s
Creative Commons License Joe Wolf via Compfight

It worked pretty well initially, as more than 50 people downloaded it. Then suddenly I started to get a lot of returned email, only I hadn’t sent these emails out. It seemed that my business email address had been scrapped because of the script I used and was now sending spam email blasts out with my email address, though not from my IP; thank goodness!

Not only that, but these scammers have hacked into multiple people’s email accounts, though I haven’t been able to figure out which ones, because every email that comes back my way has a different person’s name on it, and every once in awhile when someone responds to it I can tell that they know the person by name.

I should have known better because this type of thing happened to me back in 2007 as well. At that time I created my newsletter page with a script so that people could give me their email address along with a message and also tell me which newsletter they wanted, as I was writing two at the time. Within months the same thing started happening, though not at the volume and length of time this one is. All I did then was remove the script and it stopped within a few weeks. This time around it’s been almost 8 months; help!

Actually, the official term is spoofing, and it seems there’s little I can do about it except hope it slows down at some point. One blessing is that, unlike years ago, my email address hasn’t been put on a blacklist. That’s because these days IP addresses are logged instead of email addresses, and none of them are coming from my IP.

Most of the time I delete the messages, but every once in awhile I download one and try to track down the IP address, though I know that’s fruitless. And I will download any emails where someone thinks they’re responding to their friend and tell them what’s going on, hoping that they’ll contact their friend and that they didn’t click on the link in the email.

What are the lessons to learn here? Check this out:

1. Find ways to verify any scripts you put on your websites. Maybe instead of just scraping your email address someone will figure out a way to get into your website or blog and hack it; it’s been done often.

2. Make sure that if you’ve got an email address on a site like AOL, Hotmail, Gmail, Yahoo, etc, that your password is strong. Don’t make it easy for scammers to find your stuff; use caps, numbers, symbols if allowed, and try to make your password at least more than 10 characters; I only have one that short.

3. If you ever receive an email from someone you know but there’s no signature file at the bottom of it, don’t open that bad boy. And if most emails you get from your friends don’t have signature files to begin with (shame on them), just look at the email and see if it resembles what you’d normally get from your friends. Some folks are just so trusting…

4. Make sure you have a good antivirus program running just in case you have a lapse of mental faith and decide to click on a link without thinking. Good software will prevent the virus or malware you just invited onto your computer from getting there.

So, feel sorry for me while taking precautions of your own; protect yourself, because there’s a lot of nefarious people out there.
 

Digiprove sealCopyright secured by Digiprove © 2013 Mitch Mitchell

Videos, Videos, Videos…

I’ve been experimenting with my videos again. For the last 7 days in a row I’ve put up a video on my main channel, and I also put up one new video on my business channel. I want to talk about this and of course share my channel and one of the videos with you.

lamarr
Lamarr Wilson

A couple of posts ago I talked about the concept of being fascinating while trying to gain more influence. Just before that Brian Hawkins of Hot Blog Tips, one of my Google Hangout buddies, introduced me to a guy named Lamarr Wilson on YouTube. I checked out the video, loved it, started watching a bunch more, then subscribed.

I’ve done this type of thing before, subscribed to a channel I found and watched a bunch of videos, but somehow this guy made a strange impact on me. On one of his videos he talked about taking a challenge and posting a new video 5 days in a row. Then later he extended it, and now he’s got nearly 600 videos on the channel. He also has some good video editing equipment, something I don’t have, and probably a way better camera than I have, but I digress.

Video is the wave of the future and in actuality it’s the best way to get people’s attention now. Who knew who Psy was before Gangham Style last year, which reached a billion views I believe? Look at his latest, which has reached 200 million in a couple of weeks. This type of thing proves that there’s always a possibility of reaching a wider audience if you not only make videos but can find a way to be fascinating while doing so.

However, it probably takes some practice, possibly some editing. I can’t do anything about the editing, but I can do something about the practicing. So I’ve been making videos that don’t necessarily have to coincide with this blog. I’ve done the same with my business video channel, making videos that have to do with business issues but not necessarily tying them all in with blog posts. I can always go back and embed those videos into something later on if they’re pertinent, but for now the idea is to try to create more videos, practice my craft, and build up the portfolio.

The first video in the series was tied into my post titled Using Tragedies To Promote Agendas and it became the first of my videos to ever get 100 viewers; woo-hoo! Every subsequent video… well, not so much. The videos, just like blog posts, take promotion, and I’ve been slow to get there.

That’s one reason for this particular post. I want to promote those other videos by posting one here, then hoping you’ll be encouraged to check out my channel, the link for which is over there to the right, and see what else I might be offering that you might want to check out. Truth be told the last bunch are way different than some of my older videos in that I’m trying to show a bit more personality instead of ranting all the time; don’t get used to the lack of rants though. 🙂

Anyway, the video I’m sharing talks about making videos; talk about timely! I created this video last week and didn’t know I was going to write about it later on; see how this all works? Now, if I’ll only stop yelling at the beginning of each video we’ll be on our way. Oh yeah, a teaching point, one I have to keep reminding myself of. It seems that those people who subscribe to the blog via email don’t ever see the videos, and without a link they don’t have anything they can click on to go see the video. So, what I’m going to try to remember to do is pop the link underneath the video so those folks can partake in the fun; something you should think of as well.

Here we go; enjoy, and comment below.

http://youtu.be/mWkTDI7WgPs


 

Digiprove sealCopyright secured by Digiprove © 2013 Mitch Mitchell