How to Bolster LastPass

LastPass Logo 2As most LastPass users have learned, on June 15, 2015, LastPass posted a notice on its website saying, “our team discovered and blocked suspicious activity on our network.” The company goes on to say that it found no evidence that any encrypted user vault data was taken. But it does recommend that users change their passwords and use multifactor authentication. Also, if anyone is dumb enough to use their LastPass master password as a password on other accounts, they should change their password immediately.

For anyone not familiar with LastPass, this is a password manager program that stores all of your passwords in a secure vault on the Internet. The vault is protected by a password known only to you.

Is LastPass still secure? I can only go by what security experts say. And my favorite expert, Steve Gibson, says he still trusts it. That is good enough for me.

But, that said, I did change my password and set up multifactor authentication.

Multifactor authentication simply means that you use two or more techniques to prove that you are really you. Usually this involves a password and a cellphone. I set up LastPass to use the Google Authenticator app on my iPhone. Now when I access my LastPass vault from a new computer, I need to enter my master password and then enter a code that appears in the Authenticator app on my phone. A little more inconvenient, yes, but my password vault is very valuable to me, and I want to protect it as much as possible.

Changing the password on LastPass is straightforward, but adding multifactor authentication was a bit tricky. In the near future I will provide a guide on how to do this.

There was a time not long ago when a password manager was simply a convenience. Now, when people have several dozen passwords to keep track of, and each must be long, random, and different, a password manager has become a necessity. If you are feeling a bit uneasy about LastPass, be sure to use one of the other highly rated password managers: 1Password or Dashlane.

— Rich Malloy

Posted in Do It Right | Leave a comment

LastPass: Good Passwords Made Easy

Originally posted Jun 17, 2013. Updated Jun 29, 2015.

Security experts recommend long, random passwords — and a different one for each Web site — and don’t write them down anywhere.

Yeah, right.LastPassLogo

But, there is a fairly easy way of doing exactly what they say.

As David Pogue once pointed out, the only realistic way of keeping handling secure passwords is to use one of the password management programs available now. They are relatively easy to use and inexpensive if not free.

Pogue recommended a program called Dashlane, which admittedly has a number of nice features. And it’s free. But, if I’m going to be putting all my secure passwords into one basket as it were, I want to be very sure about the people who built the basket. I particularly want to know where those people live. But when I go to the Dashlane Web site, there is not even a hint about what country it is based in, let alone the mailing address.

Veteran computer expert Steve Gibson recommends another password manager called LastPass, which is from a company by the same name in Fairfax, VA. Gibson originally reviewed the software extensively on his Security Now podcast in 2010. In 2011, he reiterated his support for the program. One of Gibson’s favorite acronyms for computer security is TNO, for “trust no one.” But I trust Steve.

Like Dashlane and many other password managers, LastPass is free on Windows and Mac computers. Following the “freemium” business model, there is also a Premium version that costs all of $12 a year and provides the ability to run LastPass on your mobile devices.

LastPass works by encrypting your vault of passwords using a master password on your computer and then storing this encrypted vault on its server. LastPass does not know your master password and cannot recover your passwords if you forget it. When it is fully set up, all you need to do is click on a secure Web site from any of your browsers on any of your computers, and LastPass ushers you right in. The program will even create secure random passwords for you, as long and as difficult as you would like.

In my tests, the program does have a few rough edges, especially regarding setup. I had to install it three times on my Windows PC to get it work with my two favorite browsers. I had a similar experience on my Mac. On most Web sites, the program worked immediately, but a few required some extra care – such as a few minutes reading the user manual. On my iPhone and iPad, the program uses its own browser – apparently it cannot attach to the Safari Web browser.

These rough edges are mostly temporary. Once you get the program set up, you can breeze into even your most secure Web site. It is well worth the price – either price – and the time needed to set it up. With LastPass you get both security and convenience – a very rare combination. And it this insecure world, it is not only convenient but also essential.

SECURITY NOTE

On June 15, 2015, LastPass posted a notice on its website saying, “our team discovered and blocked suspicious activity on our network. In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed. The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.”

The company said that certain LastPass users would be advised to change their master password. I did not receive such a suggestion, but I took the opportunity to change my password anyway.

The bottom line is: Is LastPass still dependable? Security expert Steve Gibson still thinks so. And so do I.

— Rich Malloy

Posted in Easy Does It | Leave a comment

Passwords Don’t Make Sense …

… Well, at least the good ones shouldn’t.

What that means is, if you have a password that is easy to remember, it is probably no good. If your password is a simple word, or a combination of words, or maybe even has a number or two, you and your data are skating on thin ice.

Hackers are cobbling together super-powerful PCs from parts such as old video-game consoles. What do they use them for? Play games? Predict the weather? No. They are used to guess people’s passwords, at the rate of gazillions a day. And they are getting faster and better every day.

Actually, in a sense they already probably know your password. Thanks to companies with lax security, millions of in-use passwords have been stolen and are freely available on the Internet. Many of our favorite passwords are no doubt in this collection. If your password is your child’s name followed by the year she was born, they probably already have that. If you cleverly switch the “e” with the number “3”, they probably have that as well. We are seeing, as security expert Steve Gibson termed it, “The Death of Clever.”

The best passwords are long strings of completely random characters, upper case, lower case, numerals, and symbols. And, we should have a different password for each of our accounts. But who can handle that? Well, there is a nice way of doing that, which I will mention in my next post. But right now, I’ll describe a handy way of creating pseudo-random passwords that are memorable.

Take one of your handy books or poems. Look at the second line (the first may be too obvious). Take the first letter of each word. Capitalize the letters for nouns, like the Germans do. Include punctuation marks. After the punctuation, include a numeral (say, the length of the word preceding the the punctuation). Stop when you have 12 characters.

So, for example, here is the second line from Shakespeare’s Sonnet 116:

Love is not love Which alters when it alteration finds, Or bends with the remover to remove:

The password might be:

LinLWawiAf,5

Now, don’t use this technique exactly as I described it. Customize it in your own way. Just be sure to remember how you did it.

 

 

Posted in Do It Right, Must See | Comments Off on Passwords Don’t Make Sense …

Rejoice! Windows 8 Is Fixed

At last! Microsoft’s Windows 8 has become a decent and capable operating system. Most of its initial problems–most notably the missing Start button–have finally been fixed.

But … not by Microsoft.

Another company – Stardock – has come out with two indispensable add-ons for Windows 8 that should soothe the transition pains for most users who have found themselves saddled with the new operating system. What’s more, the programs are each only $5.

The first and more important of these add-ons is called Start8. It restores the Windows 7 Start button and Start menu so nicely you might wonder why Microsoft had not done this to begin with.  Even better, the OS now boots to the familiar Desktop rather than the somewhat jarring Metro–er–Modern screen.

Speaking of that, the second add-on, ModernMix, tames the new Modern apps. Instead of hijacking the entire screen, the Modern apps now behave just like the other programs inside resizable windows.

As I write this, reports are circulating with hints that Microsoft will restore the Start button to Windows 8 relatively soon. But will the new version include the Start Menu as well? And what about the Modern apps? Can a company as large as Microsoft do such a massive 180-degree turn? We’ll see.

Posted in Do It Right, Power Tips | Comments Off on Rejoice! Windows 8 Is Fixed

What the Plus!

A Great Combination:

Guy Kawasaki, from his website

Guy Kawasaki, from his website

A) Guy Kawasaki, at right: a bottomless source of practical, no-nonsense business advice for the computer industry for well on three decades.

B) Andrew Warner: the best interviewer of entrepreneurs, and one of the best podcast interviewers period.

C) Google Plus! (do I need to describe this?)

If you haven’t seen or heard Kawasaki – or you haven’t seen or heard any of Warner’s interviews – their latest collaboration is a must. Warner has a delicate way of asking surprisingy intrusive questions, and Kawasaki shares a wealth of information about the tech world, but the main theme is his love of Google+. He makes some good points. After listening, you might feel compelled to download Kawasaki’s cleverly titled ebook What the Plus! Google+ for the Rest of Us (all of $2.99) and polish up your Google+ page. At least, I sure do.

Go to: http://mixergy.com/guy-kawasaki-what-the-plus-interview/

Posted in Must See | Comments Off on What the Plus!

Windows 8: Where Do We Start…

What Was Microsoft Thinking?

Whenever a new version of Windows appears, I usually get a number of people asking me whether they should upgrade to it.

Not this time. Either everyone is getting very well informed about operating systems, or they have already switched to the Mac. Or maybe with the proliferation of smart phones, they just don’t care anymore.

After looking at the new Windows 8, I am wondering if Microsoft cares anymore. This new operating system is actually two operating systems strangely joined together like Siamese twins. There is a touch-oriented tile-based operating system that was once referred to as “Metro,” and there is what looks like an updated version of the classic Windows 7 desktop. I use the word “classic” loosely, as this new desktop lacks such classic features as a Start button. The Metro portion might work well on a tablet PC such as the new Microsoft Surface, but users would still have to wade through the classic portion, which is better suited to mouse users. And classic desktop users would have to wander through the Metro portion almost on a daily basis.

I could go on, but the shortcomings of Windows 8 have been well documented elsewhere. (See David Pogue in the NY Times.) My advice right now to stick with Windows 7.

A few years ago, buyers of new PCs would often downgrade from Windows Vista to the older Windows XP. We might be seeing a new era of downgrading.

Or maybe people will just buy an Apple.

– Rich Malloy

Posted in Do It Right, Power Tips | Tagged , | Comments Off on Windows 8: Where Do We Start…

3 Ways to Fix Mail-Merge Number Formatting in Word 2010

When 93.90 turns into 93.900000000000006, there are no less than three ways to put things right.

The Mail-Merge feature of Microsoft Word is one of my favorite parts of the program. It is extremely powerful for creating labels and customized letters, emails, or reports. Once you learn how to use it, you can save countless hours of work. Unfortunately, the task of learning to master all of its idiosyncrasies can give you countless headaches.

One of the perennial annoyances of Mail-Merge is its inability to format numbers from an Excel spreadsheet correctly. For example, a sales result in Excel appears as 93.90 but in Word it suddenly becomes 93.900000000000006!

Fortunately, there is a way to fix this. In fact, there are three ways. We can A) modify the spreadsheet by using the TEXT() function, B) modify the Mail-Merge document by adding “numeric switches”, or C) simply modify the way the two files connect to each other by using a DDE link. Although this last approach is little known, for many users it is certainly the best.

For a detailed description of all three of these techniques, click the following free document:

How to Fix Number Formatting in Mail Merge.

– Rich Malloy

Posted in Do It Right, Easy Does It, Power Tips | Leave a comment

LinkedIn: “Leaked and Cracked”

Change Your LinkedIn Password Immediately

As you may have heard by now, hackers broke into the computers used by LinkedIn and obtained coded versions of over 6 million passwords (see the article in the New York Times). The coded versions of the passwords have been posted on one or more hacker Web sites. The passwords themselves are not posted, but hackers can use programs to “crack” or determine the actual password from its coded form.

Security experts advise LinkedIn users to change their password for the site immediately. Also, if you use that same password for other sites, you should change your password there as well.

Was Your Password Leaked?

In case you are wondering whether your password was among the 6 million, a few Web sites have been set up to check on this. For example, the password-management software company LastPass has set up a site where people can type in their LinkedIn password to see if it was leaked (click here). Note: Be sure to change you password before doing this, and then check the old password.

When I typed in my old LinkedIn password, I found that it had been “leaked and cracked.”

That’s what I like about LinkedIn: It often makes me feel like I are part of a special group.

– RM

Posted in Power Tips | Comments Off on LinkedIn: “Leaked and Cracked”

Apple’s Airport Express Enters “Hall of Fame”

The amazing but diminutive Apple Airport Express becomes the first product in our new Hall of Fame. This small but stylish wireless networking device can perform no less than 5 different functions. It is also very easy to install and looks real nice as well. These units work so well together, we sometimes set up a network of two or three units in the same house.

Give us a call or click here to find out how the Airport Express can help you create or improve your own WiFi network.

Posted in Power Tips | Comments Off on Apple’s Airport Express Enters “Hall of Fame”

Excel 2010 Shortcuts

Microsoft Excel 2010 Shortcut Key Combinations

Microsoft Excel 2010 Hotkeys

Did you know that you can skip to the different worksheets in an Excel workbook by pressing the Ctrl+PgDn keys?

As with most Windows programs from Microsoft, there are a number of shortcut key combinations available in Excel. We compiled a list of the most useful “hotkeys.” Unlike most other lists, we have organized the list, not by the names of the keys, but by the function they perform. Thus, it will be easier to find the exact key combination you need.

Click here for a 1-page printable list: Microsoft Excel Keyboard Shortcuts

If, however, you prefer your hot keys in the standard sort order (Ctrl+A, Ctrl+B, etc.), you can go to Microsoft’s official list or the much more comprehensive list compiled at shortcutworld.com, which breaks down the key combinations into functional groups.

By the way, if many of these commands seem strange to you, give us a call so that we can get you up to speed on this very important program.

And now, it’s time to Alt+FC.

Posted in Power Tips | Tagged , , | Comments Off on Excel 2010 Shortcuts