Protect your online accounts

Posted by robbiebow on 27 November, 2007 under geek | Be the First to Comment

There has been a couple of memes circulating in Facebook recently. They consist of a warning that a certain Facebook user is actually a hacker and should they gain access to you – or your friends’ Facebook profile they will hack it and your email account. Of course, these are almost certainly vindictive japes against specific individuals who aren’t but are claimed to be hackers: just kids making it up for kicks.

See, these “hackers” can only access your accounts by using a username and password – like you do – to get in. So providing they don’t know both they can’t get in. Assuming any of these warnings of hackers trying to befriend you is true, they can find out your username (your email address for many accounts) and then start guessing your password, normally by trying commonly used passwords then dictionary attacks then sheer brute force attacks. There are other techniques that aid our hacker friend, but I’ll leave that for now.

What you need to do to protect your email / Facebook / whatever accounts is:

  1. Use different passwords for each account. If you use one for everything and someone finds that password they can access all your accounts.
  2. Use strong passwords. These are typically a mixture of letters and numbers (and no, “password1″ doesn’t count) and not based on words.
  3. Use KeePass (freeware) to keep your passwords safe and secure and prevent you from losing them.
  4. Set yourself up a “public” free email account (gmail, hotmail, yahoo) that you use for very public use such as in your Facebook profile while keeping your normal email address for friends, business and family.
  5. If you can’t be bothered to use KeePass and strong passwords (maybe you use a fair few computers to access your accounts) then at least try making your passwords stronger by doing something like this:
    1. pick a prefix – let’s say “b1ue”
    2. pick a suffix – “90″ for example
    3. now make your passwords start with the prefix and end with the suffix, and put something in the middle (probably something related to the account you are using it for) so “b1uemail90″ “b1ueface90″ and so on. This is not a strong password system, but it’s better than “password”, “letmein”, “123456789″ and so on.

Get into the habit of using strong passwords. You wouldn’t use a simple bolt on your front door; you go for the Yale key, don’t you?

How to panic a money lender

Posted by robbiebow on 24 November, 2007 under stuff | Be the First to Comment

I came into a bit of money and wanted to pay off some debts with it. So I called Welcome Finance to ask how much I owed and how much would they accept as full and final settlement. It took them two days to come back with two different figures: the amount owed – and that would be paid if I continued with the monthly instalments – and an early settlement figure, which was a full £200 more. It would cost me £200 to pay them 6 months prematurely.

You’d think a provider of “ugly duckling” loans like Welcome Finance would be desperate to get their money back as soon as possible to lend it to someone else. Given the current market situation I’d be surprised if they could raise any capital at all. No-one will commit to risky lending with the credit crunch and all.

There were a couple of interesting things that came out of the exercise: First, Welcome Finance front-load their loans. That is to say, they add the interest at the very beginning of a loan. If you were to pay back on the very same day you take it out you’ll have to pay all the interest (which was roughly the same as the principal amount borrowed in my case.) Bear that in mind if you ever need to borrow from them.

Second, there’s a great site called saynoto0870.com that gives you the direct, normal land line numbers for numerous companies. Given that most mobiles and land lines give you free minutes for normal land line numbers but not 0870 numbers this is a good way to save money. It also gives you the satisfaction in knowing you aren’t paying the company at the other end for being held on hold for 20 minutes (0870 numbers pay the recipient for inward calls.)

So, anyway, the money I was willing to give them up front, now, in their hand, safe, is going to go and sit in an ISA and give me interest instead of them. Go figure.

Controlling right-click using JavaScript

Posted by robbiebow on 14 November, 2007 under geek | Be the First to Comment

We’ve all seen web sites that try dismally to protect their content by disabling the right-click driven context menu appearing. However, you might have a use for using the right-click as a prompt to do something useful. If you do, here’s a quick solution:

Read more of this article »

« previous home top