There has been a lot of press lately about websites getting hacked and the user databases getting stolen. Facebook, LinkedIn, Yahoo all come to mind as recent victims. You never know which website will be the one that has weak security and will lose your online identity to hackers. The safer way to deal with this problem is to use a different password for every website.

A lot of you have quit reading at this point, because even though this is an obvious safety measure, this is normally a LOT of work to do. Many people use the same password for all of their online user accounts. This presents a problem, because many websites don't do a good job of saving your password in a secure manner. Once your common password it known, it is a trivial thing for a hacker programmer to try that password across the internet to see what they can unlock with your account. What if the programmer at one of your trusted websites is the hacker? The safest websites actually never even store your passwords in their system. They do some sophisticated math on your computer and send an encrypted hash value to their backend and after adding a bit of other salt (random noise) to the value they change it up a little more before it is stored securely. Later on when you need to access that website, the math is done again on your side, the salt is added on their side, and this encrypted hash value is compared to what they have stored to see if you have access.

So, back to How Do I Easily Protect My Own Online Passwords?

The solution that works for me is found at www.lastpass.com

You create a secure login to LastPass and download the appropriate software to your computer, iPad, iPhone, Android Phone or whatever. This one Master password should really be secure. It will unlock everything else for you. I recommend a pass phrase of 16 or more characters. Steve Gibson from GRC.com says that the most important criteria for a strong password is the length of the password. Most passwords of 14 characters or less exist as precomputed values in hacker's tools because of the old way that Windows protected passwords. By utilizing LONG passwords, the hackers are forced to do brute force attacks, which take much longer. They would rather find someone else's easy password than waste time looking for yours.

Then you use LastPass to generate a new password for each of the websites that you go to. LastPass will store that new (or old) password for you, and as you use LastPass in your normal web browsing, you will slowly build up a list of your password protected websites within the LastPass Vault. Once LastPass knows about a website, it can automatically login for you. So you will start your day logging into LastPass, and the rest of the day you will simply click the bookmarks within LastPass to access all of your secure web content.

LastPass is FREE to use for personal use on your computer. At the very least, everyone should be using this version.

They also have upgrades that you can get to make it even more useful. Their Premium version is only $12 per year and it adds the ability to work on your other devices, iPhone, iPad, Blackberry, Android, Firefox Mobile, Windows Phones, and this list of devices continues to grow.

If you buy the Premium version, (this may also be available in the free version) you can also create secure NOTES. These notes can only be opened by you if you enter your long LastPass password into the Vault another time. For computer techs, this is the place where you would store additional information about your client's networks. This is nice for when you need to get that secure information while you are freezing, standing in the data center, away from your own computer. You can open this secure info on your phone to get that needed piece of info while you are fixing their critical server issue.

Another cool feature that they added recently is that LastPass can now gather up all of your remembered WiFi passwords from the device or computer that you have installed it on. Now you can find that password again the next time you need to join a network.

I have no affiliation with LastPass in any way, other than being a highly satisfied customer. If you research LastPass on the net, you might find some mention of a security breach about a year ago within LastPass. Actually, there is no evidence that stored data was ever compromised. What happened was that LastPass was monitoring their systems, and noticed some unusual activity. They did the Right Thing by notifying all of their customers that there might have been a leak. Then they brought in outside help to audit their systems and shore up their security safeguards. LastPass should NOT being getting any bad press about this event. They have always been concerned about saving data securely. They are constantly being reviewed and audited to ensure the safety of your data. After reviewing the incident and the details, I am confident in the integrity of the company and of their security measures. Steve Gibson the security expert from www.grc.com also has looked through their methodology, and finds no faults.

I have upgraded to LastPass Enterprise, because I can add additional users under the company master account. Also there is a windows based application that can be used to save passwords for Windows applications running on your computer, so that you can create secure passwords for those applications as well.

I have been using LastPass for a number of years now. What password manager do you use? What do you like or dislike about it?

I have seen this error appear on a number of Windows 7 64-bit installs. There are a lot of articles on the net that blame this on a DRM problem with the newest Microsoft Silverlight version 4.0 which you would be running if your system is fully patched. Many articles show a big uninstall, registry clean, reinstall of Silverlight to fix the problem, but there is a MUCH easier fix.

The fix that worked for me with the least pain was to close all browser windows that might have Silverlight loaded and then go to the following folder on your computer:

C:\ProgramData\Microsoft\PlayReady (Windows 7 and Vista machines)

For XP machines, the path to look for is: C:\Documents and Settings\All Users\Application Data\Microsoft\PlayReady

For Mac, the path is HD > Library > Application Support > Microsoft > PlayReady > mspr.hds

You should see a file called MSPR.HDS which is recompiled by the Netflix player when it is launched, if the file is missing.

Simply rename this file. In this case, I renamed it to MSPR1.HDS

Then launch the browser, log in to Netflix, and with any luck your streaming content should work again. This fix may make other content unplayable on your system, but to date I haven't seen any issues.

Thanks to forums.silverlight.net/t/197653.aspx for pointing the way to the quick fix.

(note: Clear has been contacting me via twitter, this may get resolved)

For the last six months, I have been quite happy selling a new wireless internet provider to my clients and customers that have either needed an additional internet connection for redundancy or needed to replace their current provider because of really bad service or connectivity.  It was very nice to be able to save the day for my clients by setting them up with an account with Clear Wireless.  This remarkable little-known company has quietly been providing 4G wireless internet to your neighbors and your smart business competitors. 

A typical installation that I have done is to leave the customer with a better than 6 megabit download connection and typically a one megabit or slightly more upload speed. For two of my business customers, this additional internet connection supplements their primary T1 connections.  The best part of this deal is that they can pay over $400 per month for their T1 connection ( 1.5 megabit up / down) and have a supplemental 6 megabit down / 1 megabit up connection for only $50 per month.  I set them up with a load balancing XTM firewall configuration that can selectively route non critical web surfing traffic over the faster wireless connection and leave the dedicated pipe for important business FTP, Email, Web services, and VOIP traffic that requires a static ip address and rock solid connectivity.  The six megabits is typical.  I have several lucky clients that because of their proximity to the tower and lack of traffic on the Clear backbone are actually getting 12 megabit average download speeds, with bursts up to 14 megabits.

After I tried this for my best business clients and residential customers, and had success multiple times I wanted to be able to show people how good it could be. There was always a certain degree of uncertainty whether this service would work for a client or not. What better way to take the guesswork out of the plan than to purchase my own service through Clear and be able to take my modem right into new customers and clients and be able to show them how fast the connection would be, right on their own property.

Clear offers a service map on their website when you are considering their service.  After you enter your zip code, if any address may have 4G coverage in that area they will show you the service map.  You are then encouraged to enter your complete address where they then determine whether they can service you or not.  I find this map very useful when I am setting up my customers with service, because Clear even shows the location of their radio towers.  With this knowledge I can place the modem on the right side of the building in a window that faces the tower to result in the best connection.  I have done this over 20 times now and have gotten the knack of best placement and how to point the device for best reception.

I purchased a Clear modem for my own use. I needed one of their devices with an ethernet jack because this is the best device to replace someone's failed internet in a pinch. So I got one of the Motorola Clear M modems.  When I got the modem home I set it up and was very pleased to see a solid 4 bars of signal at my house.  I connected my laptop to the modem and got an instant redirected connection to the http://home.clear.com landing page, where they expect you to activate your modem and create your Clear account.

This is where Clear needs some help.  For whatever reason, they show my house in a fringe area, showing some homes 3 doors down in their best 4G coverage, but my address only qualifies for their "mobile" plan.  The fine print on the map says that even though your location may show the best coverage, only an installation can tell for sure how good the service will be.  It makes sense to me that if they don't trust the map entirely and won't guarantee good service, then they should allow that some locations that are in the fringe areas may actually get great connections.  This is what my house is, although it shows as light green, I have the modem turned on and am getting a solid 4 bars out of 5.  My testing of throughput show a better than 4 megabit connection, with the limited access that a non-activated device can measure.

In order to activate my equipment, I had to call customer service.  I spent over an hour on the phone with them while they tried to do a "manual activation" for my modem. They took my credit card info, got my name and address, took my email address, got the MAC ID from my modem and for whatever reason, because their map showed that I shouldn't be able to connect, they weren't able to activate me on that phone call. They created a special trouble ticket for me and asked me to fax a copy of my receipt for the equipment to them so that they would have an administrator do a manual override to create the account and activate the modem.  I left the modem on for them so that they would be able to verify the great connectivity that it had.  I was assured that within 24 hours I would get an email from them with the account info and letting me know that the equipment was activated.

Well, the 24 hours came and went.  No emails, no phone call, and when I connected my laptop to the modem, it took me straight to the http://home.clear.com website, where I was once again asked to create my new account.  The same pointless question and answer took me to the point where I needed some more customer support.  The interesting thing is that there is a link for a live chat session for support, but it won't work if your account isn't activated, because your web access won't allow you to get to the customer support web portal that hosts their chat sessions.

Another phone call. They ask for my Clear account number. I don't have one yet. So they ask for my phone number that I used when I signed up. They can't find the account with that phone number. I offer them the trouble ticket number, which I then give to them. They open their trouble ticket system, and find my name and a short note from their new accounts department.  My account is denied because my service address doesn't qualify for their home service.  Hello?  What?  Did they even read the notes? This is a MANUAL OVERRIDE, which is why it went to the special handling department. I am responsible for bringing in over 20 new Clear customers in the last 6 months and with this modem I was about to go on a campaign to add probably 40 or 50 more per month to their customer base.

I am a TECHNICIAN, I know NETWORKING, I belong to the Chambers of Commerce in 3 cities. I give technical seminars and speeches in the area. I belong to several social networking organizations and service lots of people in the area. I have an internet following and the respect of many satisfied customers.

At this point in time, I can't recommend this service.  Clear has been having financial problems and recently has had in influx of new investment, but if this is what their customer service is like, I am afraid they won't be around for the long term.  When they are saddled with a badly programmed service backend that doesn't allow for administrative overrides to keep their customers happy, I just don't see this service surviving.  In this day and age, exceptional SERVICE is king, and poor customer experiences will break a company.

For this week's blog post, I was going to write about anti-virus programs that small businesses should use, but this Backup topic is of higher priority.

Most people still don't take backing up their files seriously. I recently had a customer come to me with a computer that had a failed hard disk.  You know the story, she had bought an external USB drive and plugged it in to her computer about 7 months ago and ran the backup utility that came with the external drive one time.  This makes her story better than 90 percent of the general computer user population.  The backup utility did NOT back up everything on her computer, and couldn't back up the last 7 month's worth of photos, emails, letters, spreadsheets or anything, because she had not pressed the backup button ever again on the external drive.  Her computer's hard disk was making the "tic tic tic grind grind" sounds that a failed drive likes to make.  She was lucky, I know how to trick most failing drives like this into giving up the data one more time. I was able to recover her files, but it could have been a total disaster for her. She had only the ONE copy of all of her files, and she trusted them to a single hard disk. This shouldn't be news to anybody: HARD DISKS WILL FAIL. It is your responsibility to have additional copies of your data stored in various secured locations.

Because users don't know how to run backups, or check that the backups worked, I really suggest using a backup program that runs automatically in the background, backing up your files to a safe place without you thinking about it.

There is one company that I recommend to use for home machine backup:

Mozy Home Backup is very affordable, FREE for the account that allows up to 2 gigabytes of files, or as little as $4.95 per month for UNLIMITED home backup. I really mean UNLIMITED. On my home computer, I have all of my family's home videos backed up to Mozy. That is over 2 terabytes of video files, all for one low price. Their software is installed on your computer and backs up your files to the Mozy servers over the internet.

The beauty of this is that you can get to your backed-up files from any other internet connected computer. You just need to know your email address and the password that you set when you created your account.  If your home computer were destroyed in a fire, flood, oil slick, or other disaster, you would be able to get your cherished pictures again after you got another computer and restored your files back from Mozy.

This may seem like an advertisement, but as a concerned computer support person, I really wish everyone would back up their files with a program like Mozy. I don't like having to explain to computer owners why they lost everything that was important to them because of a hardware problem or a virus that corrupted all of their files.

Please check out these links for how to buy Mozy for your computer:

2GB Free Online Backup - Mozy

Peace of Mind - Only $4.95/Month! Get Mozy Unlimited Online Backup.

 MozyPro

For the average home user, the antivirus program to run is a confusing choice.  If you believe those pop-up advertisements that attack you as you browse the web, you will unknowingly install a program that will cause more harm to your safe use of your computer than good.  Do NOT install any software that is presented to you as a pop up advertisement in your browser.  This is a sure-fire way to get infected with some nasty virus, spyware or other form of malware.  There is a very prevalent strain now that after warning you that your computer is infected, invites you to download a free scan and fix tool. The initial scan will tell you that you have multiple things wrong with your computer and then ask you to enter your credit card info to pay for a very official looking program.  This is a scam and the software that will be downloaded will eventually take over your computer completely, giving total control to someone else. You have just paid them to ruin your computer for you.

Here is a screenshot of the latest fake product to show up. As you can see, it looks extremely inviting, and can convince even technically savvy users that there is a problem with their computer. The correct action to take when you see something like this is to shut down your browser, and don't click anywhere within the browser window, as this click inside the window may be your invitation to install the software on your computer.

There are lots of excellent antivirus packages available, many available for free.  To keep this blog post a little shorter, I will suggest a couple of free alternatives to help out home computer users.

My current recommendation for those looking for a free alternative, is Microsoft Security Essentials.  This software is available directly from Microsoft here: http://www.microsoft.com/security_essentials , and offers good to excellent protection for Windows XP, Windows Vista or Windows 7 users that have a genuine copy of their operating system.  I like this one because it doesn't slow down your computer during normal use, and the tool catches most viruses immediately or shortly after your computer is attacked. For those that are careful web-surfers and savvy enough to stay away from "bad" sites, this antivirus package is great. Security Essentials virus removal routine often undoes all the damage that any malware has caused.  This product is relatively new, and in the past 6 months I haven't personally experienced any problems with its use.

For those that don't trust Microsoft to protect their computer, AVG Anti-Virus Free Edition 9.0 available here: http://free.avg.com is another popular choice.  In my computer support business, this program on one occasion deleted an essential operating system file, which caused windows to lose networking capability. It was an easy fix, but did require a support visit because the computers could no longer be fixed remotely.

Next week, I will give my recommendations for antivirus programs that require a purchase or a subscription.

Businesses should use products that are more robust than these free alternatives, one of the most valuable features is centralized management, so that you can easily see the health of your servers and workstations.

I would be happy to visit your business to assess your current network, computers and servers to see if my services could help your company save money and increase your computer and system's reliability.