Please stop using ‘12345’ as your password

Every year SplashData surveys the most common passwords and you know that the results are scary. I think it’s even scarier how they do it: they chart the passwords as revealed by leaked accounts and hacked systems, by all the many, many security breaches that are reported every year. There is always enough data to make the survey statistically significant, which means even if you haven’t had your password cracked, you probably use one of these and you are going to be hacked.

Here’s the top ten for 2014 from the most common to the least:

123456
password
12345
12345678
qwerty
123456789
1234
baseball
dragon
football

Dragon? What’s going on there? Anyway, the list continues so if you’re feeling smug, stop now. Unless your passwords are things like 17e£**jjli99Nn like my bank account’s one.

Despite the scary list, by the way, SplashData does try to reassure you a bit, though. A bit:

“The bad news from my research is that this year’s most commonly used passwords are pretty consistent with prior years,” Burnett said. “The good news is that it appears that more people are moving away from using these passwords. In 2014, the top 25 passwords represented about 2.2% of passwords exposed. While still frightening, that’s the lowest percentage of people using the most common passwords I have seen in recent studies.”

“123456” Maintains the Top Spot on SplashData’s Annual “Worst Passwords” List

Read the full piece and then make me personally very happy by getting and using an app like 1Password. If I’ve met you, I’ve told you about this. I’m not as evangelical about this specific app as I am about, say, OmniFocus for To Do tasks, but I am telling you that you must get an app like it. Must. Seriously.

PS. I was kidding about my bank account password. You knew that. But I had to say it. I really, really had to say it.

Making email addresses as secure as passwords

I do know someone who deliberately picked a hard-to-remember email address, something like 9fytyth@hotmail.com because that looked professional. No, I have not one single idea either. I’d email to ask her why, but I can’t remember her address.

However, friend-of-the-blog Daniel Hardy has spotted another, better, easier-to-do way of making an address that’s hard to guess. Easy to remember, hard to guess. He tweeted:

I remember you saying you use this to combat spam, turns out it’s good for security too
Tweet – Daniel Hardy (3 September 2014)

The thing I’d use to counter spam was creating sort-of fake email addresses. They’re only sort-of fake because they really work. But they’re not your real one. What I really recommend is getting your own domain name so that you can make up any address, any time. So I might sign up for Tesco with an address of tesco@williamgallagher.com and it will work. But should Tesco ever sell out its email address to, say, an alien invasion force from beyond the stars, I can just block anything sent to tesco@williamgallagher.com.

But there is now also a very smart way to do this without the trouble of getting your own domain name. If you’re a Gmail user and your address is, say, Al.Phabet@gmail.com then you can give Tesco the address Al.Phabet+testco@gmail.com and it will work. It will work, the fine people at Tesco will be able to email you whatever it is they burn to email you, but at any time you can nobble this new address. And at no time do they know your real one.

Dan saw this on The Verge which goes on to say:

Now, this is not a security panacea by any stretch. You should still be using a password manager to help you keep track of all your different passwords — and now, different email addresses. If you forget the specific email address you’re using, you’re even more out of luck than you are if you forget your password. If you don’t even know the email address you registered with, you won’t be able to even get to those security questions. I personally use 1Password, which I like because it securely stores my data in the cloud (yes, there is an irony there), but there are others like LastPass that seem generally trustworthy.

How to make your email address as hard to guess as your password – Dieter Bohn, The Verge (September 3, 2014)

The full piece does cover the times that this can’t work. And while this particular trick is specific to Gmail, the piece goes on to at least begin covering some similar things you can do with Outlook and others.

It’s okay to use Facebook Messenger

It’s not great, but it’s okay. The security and privacy and just plain tedious issues around it have been exaggerated. True, Facebook is to privacy what Microsoft is to taste and, true, Facebook only profits by what it can leverage out of us. It’s becoming a saying: if a product is free, then you are the one being sold.

However, the specific issues around Messenger aren’t what they seemed. The complaint that most spooked me was that the app uses your iPhone’s microphone. It does. If you agree to it. Don’t thank Facebook for that qualification, thank Apple: apps cannot access your microphone, your photos, your contacts or anything else without asking you first. Android isn’t so bothered.

Facebook does make it sound as if it wants your mic for nefarious purposes where really it’s to allow you to send audio messages. I didn’t know you could, but apparently it is or it is going to be like the voice-text kind of thing that is currently in WhatsApp and will shortly be in iOS 8.

It also says that it might make calls on your behalf. Hmm. But that’s muddy-speak for if you tap a contact’s number on your Messenger screen, Messenger will dial them for you.

It’s not all sunshine and roses, it’s still a pain to deal with Facebook’s constant pressing for more access. I find it extremely annoying that I’ll get a notification on my Facebook icon for a new message in Messenger. Open one, then have to open the other, tap to go back, tap to get out, it’s just ugly.

But it’s not as murderously objectionable as I thought. Read more about this and what’s really going on over in TUAW (The Unofficial Apple Weblog).

Want: Transporter drive

I’m taking my time over this because I want to get a storage system that suits me best and that suits me enough that I can forget about it for years and years and years. Right now, I suspect that it’s going to involve a Transporter and I am so taken with this product range that I want you to know about them too.

Oh, does that not sound like a sales pitch? Seriously, I won’t get any money for you buying one – wait, hang on, I can change that just a teeny bit. If you bought a Transporter drive through these links to Amazon UK or Amazon US, I would be quids in. Or pennies, really. But pennies-in isn’t a phrase. And anyway, I think I’m more likely to directly profit from this if someone who really likes me sees this sometime nearer Christmas.

So.

Transporter by a firm called Connected Data (here’s the official site) is like having your own personal cloud. Just as an aside, isn’t that still a deeply strange kind of sentence? But it’s true. Where I currently use Backblaze to backup our Macs to their servers somewhere in the world and I currently use the hell out of Dropbox for getting me quick access to my files wherever I am, I could use a Transporter. It would work exactly the same. But instead of my documents being on Backblaze’s servers or on Dropbox’s servers, they’d be on mine.

And unlike Backblaze and Dropbox and all there rest, there wouldn’t be any monthly charges. Buy a Transporter and you’re done.

It’s not so much the lack of ongoing fees that I think is appealing, it’s the convenience and maybe the security of it all. Intellectually I do like that it’s got to be more secure having your own cloud than using everyone else’s but in practice I’m probably not that fussed. Since I do have our Macs backed up online all the time, the problem I really want to solve is that I have a lot of data. A lot. I’m writing to you from a 3Tb iMac and it is near-as-dammit full.

Computers slow down dramatically when the drive is full and I am seeing that even with this fairly new iMac. So the idea of having a Transporter in the loft or at my sister-in-law’s house and keeping all my films and music on there, that appeals. It appeals so much that I’m not sure why I haven’t already done it or at least tried out one Transporter.

I think you should try one. In the UK, you can buy a 1Tb Transporter today for £188.12 and in the States it’s $259.99. Spend that, plug it in somewhere, off you go to the races and back again.

I suspect my hesitation is that I would need a lot more than 1Tb to make this worthwhile. Connected Data sells a 2Tb version and it also sells a no-terabyte version: an empty Transporter shell into which you can add a drive of any capacity you can find, if it’ll fit. So the odds are that I could fit a 3Tb drive fairly easily. I’m just not sure that 3Tb is enough either.

Then the same firm does a device called a Transporter Sync which gives you all of this connected cloud lark but I believe does it to any drive you can connected to it by USB. I’m not very clear on the differences, but I’m pondering.

There. This started out sounding like a sales pitch and now it’s more of a sales plea: if you use one of these things, what do you think of it? And how useful is the 1Tb storage?