Online use these days requires so many passwords… Why do we need so many of them!? Simply put, your password is your online identity. The better the password, the less likely someone will have access to your personal information. You see it on the news, or in online articles; passwords are compromised each and every day, leaving a wealth of your own information to be accessed and abused. Today, we’re going to take a look at methods we can use to minimize these occurrences and keep your online identity safe and sound while you browse and shop.
Keeping a notebook at home with all of your passwords can be very handy. Now, you will need to keep it updated, but the time and organization is well worth it. There are also programs out there such as LastPass, in which you enter all of your passwords into a stored database, and only have to remember one. The best part about LastPass is that it’s completely free. There is also a paid version which allows you to sync your passwords to mobile devices for a whopping $12 per year! You may be cautious of having your passwords saved by a program, however, their servers are far more secure than any of our personal machines. Either way, having a list of your passwords will benefit you as we move forward–you will likely be required to make many more passwords in the future!
This one is pretty obvious! People want your passwords for a variety of reasons; maybe they want your email password in order to send out spam, or your Amazon password to retrieve personal information. Regardless of the reason, most passwords are far too simple. To put it into perspective, the modern computer that a potential hacker would use will ‘crack’ any password with 8 characters or less within 6-8 hours. Or, if you have a wireless network, a person could technically ‘listen’ to any information passed if in range of your wireless router.
Whether for email, shopping, banking, or even your WiFi network, you want your password to be a minimum of 8 characters. The strongest passwords will also have numbers, symbols (such as !, #, *), and both upper or lower case characters. You want to make the characters random, as well, for the best results. Here is a good example of a strong password: 1rAtRpfop*AawaFd
This may seem very random and difficult to remember; however, it’s called a passphrase. Taking a phrase–in this case, the first letter of every word in the children’s rhyme Ring Around the Rosie–and making a password out of the first letter of each word. I’ve added a number at the beginning, four capital letters, and an asterisk at the break after ‘posies’. You can do this for anything: family member initials, favorite shows, or even quotes.
Another thing to remember is that a 20 character password with words is far more secure than an 8 character randomized password. For example, you may use 4 words separated by punctuation or symbols if it’s easier to remember. An example would be: horse.battery!clock*cow
Avoid your name, any portion of the email address, and especially the word ‘password’ in your password (for obvious reasons!). For your convenience, I’ll link a tool below that you can use to test the strength of any password.
Microsoft has some great tips for passwords, listed here:
Also, a wonderful tool to test your new, current, or potential passwords:
A link to the LastPass software:
Technical Support Supervisor
Mother Lode Internet
Identity Theft? Fishing? Or is it Phishing?
Yes, we hear about it frequently: hackers and fake online services asking for the Username and Password to your bank account (or credit card account). Well, it continues. Here at MLI we constantly warn and hear about customers receiving very official looking emails (with all of the right logos and graphics) saying that their account needs attention or there has been a security breach or change to their account information then asking you to “click here to Login” . In fact, even the “big guys” are getting scammed. The link below goes to an article about how Experian, one of the three main credit bureaus, actually got persuaded by a hacker posing as a private investigator to give access to sensitive identity information to a fictitious online ID Theft service. What is “phishy” here is that it appears that Experian may have been paid through online transfers from Singapore for this.
Just recently at MLI, we came across a very official email with the subject: “Important Banking Alert from Chase”. The email said that someone was added to the account for access and to please click “here” to verify or deny the change. The graphics were perfect and very tempting to respond to, but the email address didn’t jive. It was claiming to represent Chase Bank but the domain was “mollyandbrandon.com”. What? That’s not Chase! So, DON’T EVER respond to an email inquiry for your Username or Password for anything; be suspicious and look at the domain name or the email address (if they’re not the same as the content, or you don’t recognize them as a business or person you regularly deal with, then DELETE IT!).
Article on Experian identity theft:
Ben Hulet CEO Mother Lode Internet, LLC ]]>
You may have received an email stating that we (your internet provider) have made some changes or updates to our email server and that we need to collect some information from you–name, username, password, and maybe some personal info. These are ‘Phishing’ scams; aptly named because they are figuratively ‘dropping a line’ into your email to see if you’ll bite. Some have you reply to the message with your information, and some have you click on a link where you type it in. Here are some examples:
“From: “Goldrush Webmail” <email@example.com>
To: (Recipient List Suppressed)
Sent: Tue, 06 Nov 2012 08:59:30 +1200
Subject: Dear GOLDRUSH.COM Account Owner
This is to urgently bring to your notice that due to a recent server migration, your email address was affected as it was hosted on our outdated and discontinued servers.You are advised to manually migrate your email account to our latest servers to prevent loss of email messages.This process will only take a minute to complete and it is highly recommended you do so now.
To fix this problem, kindly do the following
1. visit www.servermail12 .net
2. Input your code which is: server203
3. Login with your email and password
Kindly follow the above steps and be sure to enter your email password correctly to enable the problem fix successfully.
Failure to complete the above process within the shortest possible time will result in both inbound and outbound failures on your email.This will prevent you from sending or receiving email messages.
Thanks for your understanding.
Webmail Admin Team“
“From: “Goldrush Support!” <firstname.lastname@example.org>
Sent: Thursday, May 24, 2012 12:20 PM
Subject: Account Update!
> Dear account owner,
> We are currently upgrading your Goldrush accounts with the following
> new and advanced features to help you enjoy your emails even better:
> Spam Protection,
> Unlimited storage
> Offline access with POP
> Unlimited New Filters/junk protection
> Live Customer Care
> Unlimited Mail Forwarding
> New Address Guard /Disposable addressees.
> Unlimited Web2sms
> All users must Click on the link below for confirmation and upgrade.
> https://docs. google.com/spreadsheet/viewform?formkey=<removed for security>
> Note: Account owner who refused to upgrade will lead to deleting of
> account permanently from our data base.
> Submitting this, your account will be upgraded with all new features
> within 24 hours.
> Inconveniences Regretted
> Goldrush Webmail“
Notice that the email was sent from an address which is NOT associated with our company. In all likelihood, it was sent from a user who fell for this tactic and gave up their username and password. Also, nearly all of these spoof emails have spelling and/or grammar mistakes that are easily noticeable, such as “Account owner who refused to upgrade will lead to deleting of account“, “to enable the problem fix sucessfully” or they’ll use out-0f-place wording like “Inconveniences Regretted” and “This is to urgently bring to your notice“. Not all of us are high-and-mighty around these parts!
The absolute best defense against these Phishing scams is common sense. Why would the company that created your email address, username, and password, need it? The answer is simple: We don’t. We already have your email information. Consider the consequences, as well. Would we really just delete your email address because you didn’t reply? Of course, not. There would be some serious lawsuits out there, since many businesses use our system for their everyday messaging.
Also, it is important to remember that any time we release a mass email to our customers we’ll include our name and contact information–phone number, address, email address–to let you know that it’s valid. This information isn’t included in the false messages, above, for a reason!
If you do have questions, or are unsure about a message, don’t hesitate to give us a call!
Technical Support Team
Mother Lode Internet
DO NOT continue this call–these people are fraudulent! It is not likely that Microsoft will EVER call you, unsolicited. Most of these scams are run out of India, although, on a Caller ID system you’ll see a local telephone number. Sometimes, they sound pretty convincing–however, they’re only after either your money or your personal information. Some of them, instead of removing the malware they claim is corrupting your system, install malware of their own to collect information.
The absolute best defense against these types of fraud is your awareness and common sense. Keep in mind that big companies do not normally call you, completely out of the blue, to give you free service.
If you receive a call of this nature, and you suspect that something isn’t quite right–your instincts are telling you something. First, ask yourself a few questions: “Why someone would want my personal information?” “What they could do with it?” Try doing this before trusting someone over the phone with your credit card or personal information. If the answer is ‘I don’t know’, you should reconsider giving it to them.
Technical Support Team
Mother Lode Internet
Here is a link to his post on the Level One website:
20 Things You Should be Doing to Keep Yourself Safer Online
Jameson T. Hightower
Technical Support Team
Mother Lode Internet
Dear user of the mlode.com mailing service!
We are informing you that because of the security upgrade of the mailing service your mailbox (email@example.com) settings were changed. In order to apply the new set of settings click on the following link:
Best regards, mlode.com Technical Support.
i work in a private detective agency. my name is not important now.
I’m warning you that i’m going to watch you and monitor your telephone line.
Do you want to know who paid for shadowing you? Expect my next e-mail.
P.S. I know, you don’t believe me. But i think that the record of your yesterday’s telephone conversation will assure you that everything is real. The record is in archive. The password is 123qwe"
The attachment name is call234.rar. Please do not open it, this contains some sort of MP3 file that includes a virus. More information to come when it is available.