RSS
 

Archive for the ‘Databases’ Category

USE A PASSWORD VAULT!

05 Jun 2016

Over the years, I’ve done a lot of technical consulting for individuals and lots of small businesses. The one thing that is almost universal with all of those people is – they don’t use a password vault. But they REALLY need to use one.

Why? Because, if someone gets access to their computer, or steals their computer, or hacks it, those people can either lose all of their passwords, or worse, someone can login to many website and do malicious things. (Ya know, log into your bank, transfer money, send dirty or scam emails to hundreds of thousands of people, lock you out of your bill pay, etc.)

So – the best solution I’ve come across (and I LIVE WITH EVERY DAY) is LastPass. Right now – GO CREATE A LASTPASS ACCOUNT! – www.bit.ly/LastPassVault

Create a LastPass accont! - DaveTavres.com

Seriously. Right now. Go do it. Get started.

Even the basic free account will do more for your online security than you currently have with that Word or Excel file, or that book in the desk with all the family’s passwords in it.

Once you’re comfortable signing into the site and adding your accounts, you can move on to the really useful features like auto-login and shared folders.

What is auto-login? You install the Chrome or Firefox extension to your web browser, and when you go to a website that is listed in your LastPass Vault, LastPass can do an auto-login, or can let you choose the username and password to login to that site with. Not only is this a huge time saver, it’s far more secure than typing it out each time, or pulling up that file or book to find the password (when I’m standing at your desk and see the file or the book, now *I* know where to find ALL your passwords. If I’m not a good person, I effectively have access to ALL of your websites!)

Now you might ask, ‘What are shared folders?’ Good question!

If you upgrade for $12 A YEAR, you can have a single folder that is shared with your spouse, partner, friend, family, etc., and everyone can use that one folder for the commonly shared sites. The upgrade also lets you install the app on your mobile device to auto-login there too!

There are few things that I insist people do with their technology. This is one of those things. If you’re still using papers, sticky notes, books and a ‘clear-text’ file on your computer for passwords, it’s just a matter of time before someone steals your logins.

Create a LastPass accont! - DaveTavres.com

 

One-click unsubscribe

04 Nov 2014

Unsubscribe - DaveTavres.comOver the years email spam has gotten better and worse. ‘Better’, in that the “Unsubscribe” link that is required by the CAN-SPAM Act of 2003 has made it much easier to stop unwanted email. ‘Worse’, in that more companies/groups around the world can now get your email so much easier than before, so you actually get more junk email than ever before.

Another ‘better’ comes in the form of that wonderful “Spam” (or ‘Junk’) button in Gmail and other web-based email systems. When enough people click that button on the same email, the email service companies can easily flag that email address, or even the text of the message, to help find and filter those messages in the future. In some cases it also stops other junk mail from the same address from hitting your inbox at all.

Something many (legitimate) companies have implemented since 2003 is the “One-click unsubscribe” link in their marketing emails. I’ve put this to great use for a number of years now. While it isn’t always true ‘one-click’, sometimes it’s just two clicks – once to click the link in the email and a second click to confirm that you want to stop getting those emails. Here’s the rub though. When a legit company makes you re-type the email address to remove yourself.

Hertz junk mail - DaveTavres.comThis is bad.

The majority of companies do ‘one-click’ well. It’s easy to be removed, quick and painless. I honestly don’t mind automatically getting signed up for spam when I order from a company, as long as that magic link is there. But when I have to re-type my email address, that’s when I click the good ‘ol SPAM button. While it’s not a legal requirement to do one-click, getting flagged as spam should be a lesson to the company that they need to make it easy to remove myself.

Being flagged as spam is a BIG hassle for a legit company. I’ve worked on marketing email projects from the development side and can confirm that companies do not want to be flagged as spam. The more times your company is flagged as sending spam, the less likely your emails will get delivered in the future. And the companies get notified about every single message that gets flagged as spam. It’s for this reason that I mark emails as spam when they aren’t smart enough to auto-fill my email address in the ‘one-click’ process.

So, if you’re a company who sends out emails to thousands of users at a time, be sure to do it the right way – because users don’t care about what you want, they care about how easy it is to stop getting junk email.

 

How to stop Smartphone theft…

23 Jun 2014

iPhoneBrick[1]A recent article on CNET titled “Android, Windows Phone to add kill switch to thwart theft” missed the point on how to actually stop Smartphone theft. The article talks about Google, Microsoft and Apple adding a ‘kill switch’ to phones to "…remove all data and information in the event their devices were stolen." That’s great, but it doesn’t actually stop theft.

As an Android user, the ability to remotely find, lock and wipe my phone gives me great confidence that my data is safe(r) than if there were no ‘kill switch’. But cancelling my mobile provider account and wiping my device doesn’t stop thieves, muggers and miscreants from getting a five-finger-discount on an new Nexus 5, Apple iPhone 5s or Samsung Galaxy S5 – it just assures the crooks that they’ll be able to activate ‘their’ new phone without any old data on it.Android Device Manager - DaveTavres.com

Having worked in the mobile phone activation world (many years ago), I know that the devices are controlled by one simple thing – the ESN/MEID (Electronic Serial Number.) Whenever a phone sends or receives a call (or data), the towers use the ESN to identify THAT device on the network so it can route calls and data to you.

When credit cards get stolen, it’s often not the actual card, but the number itself. So most of the time, the consumer has no idea their account has been compromised. And, the thieves know that they have a very short amount of time to use stolen credit cards before they are turned off. The physical device being stolen is the issue.

If I can steal a phone and just wipe it and have a ‘new’ phone, there’s no deterrent.

Solution

Features like Google’s Android Device Manager are FANTASTIC features, but do little to stop the theft. The real solution is at the carrier level. A simple ‘black list’ of stolen devices that the carriers are required by law to check anytime someone wants to activate a device, would stop the vast majority of device theft. If it’s on the list, the carrier isn’t allowed to activate it.

For SIM-based phones, when carriers do regular auditing of the devices on their network, if a device from the black list is being used, they must notify the mobile account user immediately that the device their using was stolen and will be disabled. Sure, some consumers will be affected, but only at first. If a law was passed requiring carriers to be responsible for only activating ‘legal’ phones. Crooks would know that a phone is useless to steal if it just gets ‘bricked’ within a day or two. And would-be-buyers would learn pretty quickly that they need to verify if a phone was stolen before buying it on eBay and Craigslist.

If you steal a car, then try to register it in your name, DMV won’t give you a sticker or license plate.

Sure, there will still be the phreakers who clone ESNs and steal service, but those aren’t usually the same guys who snatch the phone from your hand on a busy street and run.

I’ve been talking about this for many years – I’m glad it’s finally getting some kind of attention.

 

Hashtag Database

23 Mar 2014

hashtags on products - DaveTavres.comIn 2010 when I first wrote about QR codes, several friends say, ‘nah, they won’t take off’. I’m sure people said the same thing about hashtags. Well, hashtags will soon be included on packaging for major brand products, just like QR codes.

#Hashtags are more than common now and there are dozens of websites that promise to give businesses ‘tracking data’ to determine how popular a tag is – in other words, see just how many people passed along the message that was trying to be conveyed. Facebook and Twitter are obviously the most popular social media outlets to use them, but more and more television stations, individual TV shows, movies and of McDonald's hashtag - DaveTavres.comcourse whatever the internet fad of the moment are using them.

Quick quiz… you write a quick post online about wanting to watch the Olympics. Do you write:
A) “Can’t wait to watch the #Olympics tonight!”
B) “Can’t wait to watch the #SochiOlympics tonight!”
C) “Can’t wait to watch the #2014Olympics tonight!”

Of course the answer is – all are correct – but if you want to ‘correctly’ attribute the tag so that searches will take you to the Olympic organizer’s website, which is the “most” correct?

Here’s another one – what if you’re writing about the bone disease Avascular Necrosis which is often shortened to AVN and you add “#AVN” to the post, but don’t check it before you post it… then find out that AVN is probably far more commonly known as the “Adult Video News” – which runs their own version of the #Oscars for porn. Whoops.

Disney hashtag - DaveTavres.comOne last scenario… you’re working on article about camping and travelling and you sidetrack a little about visiting a nearby rainforest. Your article will be released to a broad distribution newsletter that will also be printed and emailed and posted online. You want to ’correctly’ give reference to an organization that raises funds for “saving the rainforests”. You’re not an expert on rainforests and you didn’t easily find a tag for it… So which tag do you use?

You logically use “#SaveTheRainforests”. Then you find out that an oil conglomerate is using that tag in their advertisements, trying to show how environmental they are – when in fact, they clear cut thousands of acres of rainforests a year but ‘save’ 1% of each forest. You may not want to support that company… but now you are supporting their message. Another “whoops”.

Facebook hashtag - DaveTavres.comSo, where do you find the tag that GreenPeace uses when they talk about saving a rainforest? In this article title “The Great Bear Rainforest Victory” or this one “Protecting forests”? Nope. They don’t have any hashtags there. So what should you use?

A website idea

2014 Volkswagen Game Day Commercial: Wings

Okay… how about a website that lists all the hashtags that a company uses for their various advertising campaigns and brands? On the same site you can search (and watch) that fun commercial where the car guys get their wings… Was the tag #Wings or #VW100000… no, it was just #VW (kind of a missed opportunity).

The revenue model would be purely ad-based. This isn’t likely to be a popular consumer website (but who really knows?) If it caught on, companies could pay for click traffic when someone searches for a specific tag to find the ‘official’ company that started using the tag.

In Closing

As hashtags become more commercial, brands will be using them more. Not just in commercials, but in more printed materials, including product packaging. So why not get a jump on the “hashtag database” now? HashBase.com?

 

A Password Safe for All

11 Mar 2012

KeePassEverything now has a password. I may have started when the first answering machines came out that let you call home and get your messages remotely. You would call your number and when the message came on you could hit a key which would prompt you for your passcode then listen to the messages people left for you.

Since then passwords have gone crazy. Every website needs not just a password, but also a username. Some people have tricks to remember what their login info is, but most don’t. Instead, they just use the same combination on EVERY website! That’s not really a problem unless someone (a friend or a hacker) figures out your info. Of course lots of people think they’re smart by creating a Word or Excel document that has all of their information – this is even worse than using the same password for everything. If the file get corrupt or stolen or accidentally deleted, you’re screwed.

I happen to use many various and random passwords. For many websites I can remember the user/pass combination, but I deal with many more websites than most people and because of all of the clients I work with I have their usernames, passwords, emails and other information. There is NO WAY I could keep track of all of that information without some form of master list. THEN the problem is trying to keep it secure.

The answer is simple: KeePass. I’ve been using KeePass since about 2005 after someone suggested it to me. There’s even a version for your Android phone so you can always have your passwords with you. One password to get in, then you have access to all of your other information. I even keep all of the information from my wallet in it so that I don’t have to grab my wallet when buying online. I have a record in the KeePass database for each one of my credit/debit card, including the number, expiration date, security code and even the phone number on the card incase I lose my wallet.

Best of all, the .kdb file gets backed up by your Carbonite subscription (yeah, if you don’t know what that is, click the link and email me).

KeePass Password Safe

If you’ve gotten this far, DOWNLOAD AND INSTALL KEEPASS! Smile