Shark watch: How safe are your online passwords?

Nut graf: Some passwords are just about useless, and they’re the most common ones online.

If your bank website password is something like 123456, you might as well hide your money under your mouse. It’s every bit as safe.


Still using that old password?

You’re probably giving someone an engraved invitation to access your website, read your information, make unilateral withdrawals from your bank account or create all sorts of havoc.

Splashdata puts together an annual list of the most common passwords, and the top three in the 2014 version are (drum roll): 123456, password, 12345.

Understand the methodology here. Splashdata equates the most common passwords with the worst, and it truly makes sense. Someone trying to break into your system is probably going to start with those.

Also you might want to consider something else. These passwords were leaked in various website attacks. Y’all, if it was leaked I already don’t want it.

Here’s Splashdata’s list of most common passwords in 2014:

Rank     Password              Change from 2013
1             123456                   … and still champion!
2              password              No Change. Better luck next time.
3              12345                     Up 17
4              12345678            Down 1
5              qwerty                    Down 1
6             123456789          No Change
7             1234                         Up 9
8              baseball                 New
9              dragon                    New
10           football                  New
11           1234567               Down 4
12            monkey                 Up 5
13            letmein                   Up 1 (You’re kidding, right?)
14            abc123                    Down 9
15           111111                    Down 8
16           mustang                  New
17           access                       New
18           shadow                   Unchanged
19           master                     New
20           michael                   New
21           superman             New (Batman’s cooler.)
22           696969                  New
23           123123                  Down 12
24            batman                 New
25           trustno1                Down 1

Yeah, the usual suspects.

Random first names show up in the top 100 or so, along with many of your favorite sports teams and cuss words.

I might mention Splashdata has a pony in this race. That company developed SplashID, a password management application.

Some gains, though. Mark Burnett, who knows enough about online security to write the book Perfect Passwords, says fewer are using those commonly weak or weakly common codes:

“The bad news from my research is that this year’s most commonly used passwords are pretty consistent with prior years. The good news is that it appears that more people are moving away from using these passwords. In 2014, the top 25 passwords represented about 2.2% of passwords exposed. While still frightening, that’s the lowest percentage of people using the most common passwords I have seen in recent studies.”

Maybe people are catching on. I guess having your information harvested or your identity stolen is a clue that something’s wrong.

My passwords tend to in the strong range. But I’m not perfect. In the do-as-I-say-not-as-I-do department, I’m guilty of some password offenses:

I’ll recycle mine, use one password for several sites. They’re strong passwords, but I really need to change some around. Fortunately, most of these recycled passwords are in low-impact sites where it’s not a killer if you get in. More important sites, such as my blogs or banking info, don’t get the recycled stuff. But still …

One of my weakest passwords is the one that gives me root access to my computer. I’m not gonna tell you what it is, but I’m really not all that worried. A guy has to a) have my physical computer, b) know what a root password is, and c) know Linux to make any use of it.

So recycling passwords is not among your best practices. See, I’m already making this difficult.

So where do I keep passwords? There are several options:

My editorial comment here is cast in stone.
My editorial comment here is cast in stone.

– In my head. Good luck with that.
– In an Evernote file. Not real secure. Not with Evernote’s search functions anyway. Some one could type “password” or “pass” into the search bar and strike gold.
– In a file on your computer. Also not real secure.
– In a notebook near the computer. Puh-leze!
– On a sticky note next to the computer. Really. I’ve seen this done an awful lot.
– In an online password keeper such as LastPass. It’s reasonably secure, creates random passwords and all that, but the data is kept online. You use a master password to get in, and I sure hope it’s not 123456. Lastpass has been attacked a few times, and it usually lets its users know it.
– An offline password keeper like KeePass. None of the stuff is kept online. Hey, it’s a whole lot harder to crack when it doesn’t exist in the cloud, right? The only real drawback I see is that KeePass won’t work with some of the niche browsers such as Seamonkey. So there’s that, but a few of the really security-conscious recommend KeePass.

Okay. How do you know if your password is strong enough?

Many websites have a little meter that will let you know if it’s a weak or strong password. Here’s the catch, though. Not all these meters are created equal. It varies by a lot.

This is how LastPass rates passwords. If this was a high-priority site I’d change it immediately.


This is according to the tech site ReadWrite, which cites a study by Concordia University:

“Confusingly enough, nearly identical passwords provided very different outcomes. For example, Paypal01 was considered poor by Skype’s standards, but strong by PayPal’s. Password1 was considered very weak by Dropbox but very strong by Yahoo!, and received three different scores by three Microsoft checkers (strong, weak, and medium). The password #football1 was also considered to be very weak by Dropbox, but Twitter rated it perfect.”

I’ve noticed that. Many of these password-strength meters use the standard indicators: Length of the password. Presence or absence of uppercase, numerals and the good ol’ @$*%^. I reckon some password meters consider whether your password shows up in a dictionary somewhere, but that’s just a guess.

In the interest of stronger passwords, some sites have their own rules. My bank requires at least one upper case letter, one numeral and one symbol. Another bank won’t let you use three of anything in a row, so “anYthing111” is out.

# # #

Personal news: I published my latest fiction work, Desert Vendetta the other day. It’s a mystery involving reporters, corrupt cops, feuding families, casinos, the Nevada and Arizona desert, casinos and the occasional dead body. It’s available on Amazon.


Glen Campbell’s Grammy gets personal

I didn’t hear about it until a couple of days later, but the news that Glen Campbell won a Grammy for best country song of the year really hit home.

You’d have to be a serious baby boomer to have the whole lowdown on Campbell’s career. An in-demand sideman and session guy, he filled in with the Beach Boys for a while before going out on his own. Songs like Wichita Lineman, By the Time I Get To Phoenix, Galveston and Rhinestone Cowboy were among his biggest songs.

But his latest Grammy winner is really personal. He played I’m Not Gonna Miss You for a documentary on his battle with Alzheimers. He was diagnosed a few years ago, and he continued to perform as long as he could while the disease took over more of his brain.

I have to include a clip of the song here. If you’re close to someone who’s going through the same thing, I’ll bet you can’t watch the video without blubbering like a baby:

Alzheimers — like the other forms of dementia — is an insidious disease. Often the person who has it is the last one to know, and just the thought of it is scary stuff. The things that a person used to do almost instinctively, he has to think about long and hard now. Journalist Greg O’Brien describes it first-hand in his book On Pluto: A guy could be standing in the back yard holding a garden hose and wonder how he’s supposed to work the stupid thing. And feel this rage because he used to know all this stuff.

I saw a video clip of Campbell on his last tour, and there were times he looked really lost. He had a TelePrompter on stage so he could remember the lyrics. At one point he finished Galveston, talked with the audience for a few seconds, and started his intro to his next song: Galveston. His daughter Ashley, who played banjo and keyboards in his last band, had to remind him that they just did that song.

Here’s a clip from that tour, with bio and interviews from 2012:

I like my music edgy, served up in your face with a side of danger. To me, Glen Campbell’s music veered too much into pop territory. Just not my style. Let the record reflect, though, that he was one of the great underrated guitarists. The man could really pick:

In his farewell tour he certainly lost a lot off his chops, but that’s no surprise. I’m amazed he was able to remember chord patterns and fingering at all as he got deeper into the disease. His kids say he would forget a solo to a song and improvise his way through it, somehow making it work.

Maybe continuing to play was his way of fighting the disease? His wife Kim seems to think so.

“It’s been an amazing journey,” she said at the awards presentation. “He’s been so courageous in bringing awareness to Alzheimer’s and caregiving. Music, I really believe, kept him healthy for a longer period of time and enabled him to enjoy life while living with a debilitating brain disease.”

To me, this is kind of personal because in the last few months I’ve been watching the effects of dementia close up. Since May I’ve been down in the pit with it, seeing the wreckage it leaves.

Where it gets personal
I’m currently in California serving as a family caregiver. Both my parents developed forms of dementia, and it became obvious to me when I came out for a visit last April. I just wasn’t sure what I was getting myself into when I moved back out here to help them out. But in these past few months I’ve been trying to learn as much as I can. How to transfer someone from bed to wheelchair. How to clean up after the person who used to do the same for me. How to keep things at ease when the disease is scaring the parent. I became half nurse, half physical therapist, half legal advocate and half financial counselor, knowing none of this adds up.

And all actor. Forget about reasoning with a brain taken over by dementia. Often I just have to play along.

Mom passed away in late October, and I’m now keeping an eye on Dad. He’s relatively low maintenance, but I know that will change.

Caregiving’s a tough business. So demanding. Physically and mentally draining, and you’re usually flying blind. Forget the two-week crash course, it’s time to start as soon as you arrive. You learn as you go, praying you get it right.

But that’s the easy part. Emotionally, it’s hell.

That amazing person you once knew? Not exactly gone, but you probably won’t recognize him or her. The person you’re taking care of is just a shadow of the one you once looked up to. When you’re seeing this process at such close range, if it doesn’t break your heart it means you probably don’t have one.

The progression
All is not well with Glen Campbell. The song was recorded in 2013 and released in the middle of last year. Since then he’s been in a long-term care facility. Forget about performing now; I understand he’s lost the ability to speak. Although the number varies depending on whose scale you use, he’s at late stage six of a seven-stage progression.

Did he realize the impact his song has on those of us in the trenches? Even the fact he won this award? Probably not.

“We told him about the Grammy,” Kim told Entertainment Tonight. “He might have forgotten it immediately. He knew something good happened.”


For further reading:

Disclaimer: I do get a commission on this book through Amazon Associates. But that doesn’t matter. I read this book and recommend it highly even without the commission. If you want to know what the dementia patient deals with, this is the best guide I’ve found.

Customer loyalty cards: Permission to get creepy?

These loyalty cards save me a lot of money, but there's a dark side to them.
These loyalty cards save me a lot of money, but there’s a dark side to them.

Like many other people, I keep loyalty cards to my favorite stores on my key ring. They save me a metric pantload of money, but I ran into the darker side the other day.

I got a phone call from the New Orleans-based Reily food company telling me that a chili mix I bought at such-and-such a store has been recalled. Seems it has traces of peanuts and/or almonds and can bring me a nasty allergic reaction.


Then I went shopping and saw another warning on my sales slip from that grocery store. I later checked and I still have that chili mix on hand waiting for my kitchen magic. No mention of peanuts in the ingredients. Reily Foods said in a statement that at least one of the spices the company gets from a third-party supplier contains undeclared nut allergens. Undeclared meaning, it was thrown in there without telling them.

I understand the peanut risk. I have a few friends who have this allergy, and I guess a reaction can be fatal. I don’t have that problem, so I’m going to use the chili mix anyway. I appreciate the fact the grocer and food manufacturer are looking out for me.

But still … how do they know?

Ahh, yes. That loyalty card.

Basically, when you get one of those cards you give the store permission  to track your purchases and tailor their advertising to your known buying patterns in exchange for deep discounts. That’s nice. I like deep discounts, and I like getting dollars-off coupons for products I actually use.

I shop for Dad and myself, and the receipt will tell me how much I’ve saved on my purchases by using the card: Usually around $20 for a purchase of a little less than $100. Not half bad.

But let’s flip this on its head, shall we? If I opt out of the loyalty program, I give the store permission to overcharge me by about $20. That’s the story once you strip away the gee-whiz you’re-saving-money verbiage.

Tracking, tracking everywhere!

But the tracking part is interesting. Of course you can forget about privacy in the Internet age. Somebody, somewhere sees every Website you visit, every Google search and every purchase you make.

None of this is new. Casinos have been tracking customers for years, again via a loyalty card. You get all sorts of swag, comps and maybe some bonus payouts when you win. The casino then knows how much you bet, how much you lose and which games are your favorites. Get right down to it, the casino knows way too much about you.

As if the phone call wasn't enough ... I appreciate it, but it still creeps me out.
As if the phone call wasn’t enough … I appreciate it, but it still creeps me out.

Amazon’s like that too. I love Amazon. They’re my #1 publisher (which gets me a monthly royalty from them), and I buy a lot from that company. Of course I’m gonna get targeted advertising based on what I’ve purchased. That’s just plain smart marketing even if it is creepy.

Noted whistleblower Edward Snowden recently aired his Amazon fears via video link at a Cato Institute symposium. Here’s a highlight:

“Wherever you’re at, wherever that jurisdiction is, they can see what books you’re looking at. This is morally irresponsible, and as a business it’s problematic to allow this to continue when we know for a fact that they have the capability to provide for secure communications because as soon as you go to purchase that book, as soon as money’s involved, they turn it over to encryption.”

Got that? According to a story in The Passive Voice, Amazon encrypts the really vital stuff like your credit card numbers. But your searches are in plain text, readable by anyone.

Okay. I sound like one of those off-the-road paranoid conspiracy types, a candidate for increased medication and maybe one of those canvas blazers with wraparound arms. But bear with me as I offer some evidence:

Tres creepy, no?

Now, let’s get back to customer loyalty cards. This extracted information is good for the company. The consumer (hopefully) knows it’s a trade for lower prices or some good swag. But does the information stay in-house? That’s where things get messy. There’s just no guarantee.

How do you know that customer list or mailing list your on doesn’t get sold to someone else? How do you know a real bad criminal organization, like say, the federal government, won’t get its hands on the data?

All it takes is a little suspicion and a subpoena for Big Brother to peek at your buying/searching habits. And that’s if everything is done above board. What guarantee is there that Uncle Sam observes even these rules?

So what’s a guy to do?

I’m torn. I like the savings and bonuses that come with a loyalty card. Long as I don’t go out of my head when buying — like case lots of whatever it is that they use to make bombs or street drugs — I’m probably all right. Right now the only really telling information one can get from my buying habits is my raging addiction to Cafe Bustelo coffee.

But to live a totally invasion-free life I’ll have to throw my computer out the window, get bound books at a used bookstore, pay cash for everything, stay off all public streets, communicate via carrier pigeon and/or tin cans with string, pay the higher price at the grocery store and wrap my head in tinfoil before going out.

Welcome to the modern world. Dont’cha love it?


How do I detect an email shipping scam?

Just when you think you’ve seen it all, another emailed scam arrives to remind me that it’s nearly impossible to stay ahead of the curve.

Most recently I’ve been picking up emails claiming to be from Amazon, providing me with information on my order. Like, on my order I never made.

Understand, I do a lot of business with Amazon. I get most of my books through there, plus many office supplies. Anything I can’t get locally I’ll get through Amazon.

Shoot, I can order food items from there too. For those who follow this space y’all might have heard I recently moved to CA from South Carolina, and Southern delicacies are now considered foreign food. I’ll probably end up getting my yellow mustard-based barbecue sauce and Luzinanne sweet tea through them before too long.

So I know a little something about Amazon’s shipping process. This knowledge helps me to sniff out the frequent BS that filters into my inbox.

Here’s the email, as seen by my Thunderbird email reader:

Receive any email like this lately?
Receive any email like this lately?


Keep in mind, I didn’t order anything.

And they’re not Amazon. Check it; I have the sender’s email address circled.

So who’s

According to my web search, nobody. A couple of sites indicate the domain name is up for sale. So forget uexclusive for a moment; they’re not important.

But they’re not Amazon. Or any other big shipper. That’s important.

Oh, yeah. There’s an attachment to this email, and I’m supposed to click it and download it. Yeah, right. If you get this email, don’t do it.

* * *

Here’s some info I got from Scam Detectors:

Fake Amazon/DHL Shipment

amazon shipping scam

How the scam works:

Amazon is one of the most widely used online retailers, with close to 300 million visitors each month. The main reason for Amazon’s overwhelming popularity is its ease of use for consumers. However, with this popularity comes a down side; scams aimed at bilking customers of the online retail giant.

The latest in phishing scams is centered on Amazon shipping notifications, involving scammers sending you an email verification of your processed Amazon order but the email contains an incorrect shipping address.

The victim is then required to click a link in the email to correct the information; when the link is clicked malware is released onto the computer or device that captures passwords or private information.

In a different variation of the scam, criminals claim to be from well-known shipment services such as DHL, UPS, or FedEx, in which they include terms such as ‘tracking notification’, tracking number’, ‘pickup date’ or ‘Processing completed successfully’. Just as in the above Amazon example, the zip file attached to the message contains malware.

DHL scam


Check the email domain name that came with your email. If it’s (or whoever the legit shipper is), that’s one thing. But if it’s something else, it’s probably a scam or an effort to harvest your information or identity.

Which email address did it go to? Another dead giveaway. Email addresses are cheap; everyone’s got a bunch of ’em. I have close to a dozen myself. But only two of these addresses are associated with an Amazon account. Surprise — it’s not one of them.

For the gazillionth time, enjoy your computer. Have fun online. But watch out for those sharks in the phishing hole. Again.


Live without my cell phone? Forget about it

What would happen if I threw this one against the wall?
What would happen if I threw this one against the wall?

Sometimes I want to throw my phone against the nearest cinderblock wall and send it to the digital hell where it belongs. It goes off when I’m working. It annoys me. It can befoul my mood in a split second.

But I feel I can’t function without the stupid thing. Ever since I got my first cell phone in 2000, life has not been the same. I could run but forget about hiding.

I never go anywhere without my phone. Never. Anywhere. I’m not the only one either. If you have a cell phone — who doesn’t these days? — you probably have it with you right now. Even if you’re in the head. I’ll bet it’s even on.

Smartphones upped the ante even more. Now you have many reasons to frequently check it — someone could be talking about you on Twitter or trying to contact you on Facebook. Or you need to know the weather right now, even though poking your head out the window is still more reliable.

My smartphone recently bonked out on me, and I’m still going through withdrawals. I’m using one of those feature phones (read: dumb phone) and it does everything I expect a telephone to do. But I miss that anytime-I-want-it Internet connection. I can get ball scores, bank balances and the weather through a text message and it’s faster, but it’s still not the same.

See, here’s the part I don’t understand. I didn’t always have a phone, landline or otherwise. For a long time I just used a pager. Someone would call, punch in his call back number and I’ll get back whenever I felt like it. There were always phones around anyway; I could use one at work or even a pay phone to return the call.

(Hey, remember pay phones? If you do, you’re probably an old person like me. Now you can’t find one anywhere.)

But I functioned quite well without a phone. Really really well. And I was able to separate my home life from my work life, which isn’t always easy to do. I worked as a newsman for years and never had a cell phone the entire time I was in that trade. Never missed a good story either.

Today? Don’t ask. I don’t go anywhere without it. Someone important may call.


Whatever happened to just calling in sick?

In some parts of the country, they call it “laying out” from work. That’s about what this guy in Florida did, in a most novel way.

According to KSDK Channel 5, a Hillsborough man staged a burglary so he wouldn’t have to go to work. Said he couldn’t get his wife to agree on letting him play hooky, so he tried something else.

He called 911:

Caller: My door’s wide open, my windows to my son’s bedroom are wide open. My TVs in there on the ground.

Dispatcher: Did you see anybody when you came in or is anything missing that you you can see?

Caller: I called y’all right away. All I see is the front-door wide open. Called my wife and I asked her, we did go out the front door, right? She said yes.

Dispatcher: Did you see any vehicles driving away when you were pulling up or anything like that?

Caller: On the corner, right when I pulled up, a white kind of little Honda Civic pulling away. White, it had kind of like a black fender …

It wasn’t until the cops showed up that they caught on. They saw no signs of forced entry, so they told the guy he could get in a bunch of trouble for lying to officers …

A neighbor ended up telling a local reporter, “To me, it would have been easier just to go to work. Instead, he got a ride to jail.”