Updates from the Web

Southeast Technical's computer and Web chronicles

We don't have your password

(Tech Tips) Permanent link

Neither does anyone else - if they are legitimate.

The news about user accounts being stolen from Google, Home Depot, and others, it can be very unnerving. However, good sites don't actually store passwords. They only store a representation of them. Even if your information is stolen, it doesn't mean your password is exposed.

How it works

 

 

Digging Deeper

There are a number of techniques used, but they all use the same basic premise. Here is one of the most common techniques.

When you put in your password into an online account, the password is run through an algorithm. That is, a mathematical calculation is performed. The result is what is saved in the database instead of your password.

The cool part - (getting a bit geeky here)

The result of these mathematical algorithms (you should drop that phrase at your next party), is called a hash. If you use the same type of technique very time, then the same string of characters will always result in the same hash.

For example, using one technique, the password "qwerty123" will always be converted to the hash "2qrW5WBOjhe9nxCNkeJq/mKB2sj9oAkQQKem172bQ7U=". If you use a better password, like "Five5For5Fighting!Google", you get the hash "gsOnlRB5/7LGOSyNTnQjjolSpqumI9UsT5/uNYgnM6A=".

It is this longer string that is saved in the database. If a hacker steals the database information, they can't tell by looking at the hash what your password is. Hashes can't be reversed.

To find out if you used the right password, the website simply runs the same algorithm to check the password. If it matches the hash in the database, you used the right password.

Putting the hash in the password field would result in a completely different hash, so it wouldn't work. So, if you were to put in the qwerty123 hash (2qrW5WBOjhe9nxCNkeJq/mKB2sj9oAkQQKem172bQ7U=) in the password field, you actually get "G4AAO88pl0kITda+I20eX69Pxk6lHGFzfC3l53NF2Ew=" back. It doesn't match, so the hacker can't get in.

Getting a bit more secure

To make things even more difficult for hackers, websites use what is called a salt. This is a string of random characters only the site/database owner knows. This is added to your password before it is turned into a hash. Even if the hacker knows what algorithm is used, without the salt, the hacker can't figure out what the hash should be.

With the salt, the whole thing is really pretty sweet.

What we do at Southeast Technical

More robust systems, such as ours, don't use this technique specifically. We have the benefit of our StarID system. We don't store your password, or its hash. Instead, we have a connection that validates your StarID/password with the State's StarID system.

This is a similar technique used by other government agencies. It allows us to greatly insulate your information from hackers.

Final thought

The techniques outlined above are used by professionals in the Web and security industries. Some, less professional, sites don't use these techniques at all.

It is hard to tell what sites use these techniques and which do not. This is why you should never reuse passwords. If they get your password in one place, it shouldn't work anywhere else - they will certainly try!

Extra links

Find out if your Gmail has been hacked with Is my email leaked site.

Learn about Google's Security Settings (you need to log in first).

3 essential techniques to protect your online privacy (PC World article).

A website for your workday

 Permanent link

www.calm.com

You're welcome.

Password resetting sympathy

 Permanent link

Remember, for every password you as a normal person have to reset, we as IT professionals have ten more we have to maintain.

We feel your pain.

 

Avoiding Common Online Mistakes

(Tech Tips) Permanent link

Die Laptop, Die!Man, are you lucky! You live every day with things that could easily ruin your day, week, or decade. One slip and you are toast.

I'm not talking about your shower or the main stairs in your house. I'm talking about all that living you do online. Facebook, Google, Amazon - you could be running with scissors and not even know it!

A recent article from LifeHacker.com outlines "The Stupid Things You Do Online (and How to Fix Them)". I highly recommend giving it a careful read. Here are the "stupid things" in order.

  1. You Undervalue Your Personal Data
  2. You Submit Sensitive Information Over an Insecure Connection
  3. You Feed Trolls
  4. You Leave Private Information in Your Web Browser
  5. You Don't Keep a Backup of Online Data
  6. You Assume Your Posts and Comments Are Anonymous
  7. You Let People Track Your Whereabouts
  8. You Use an Insecure Password That You Rarely (or Never) Change

Truly, these are the critical aspects of living online that need serious attention. Evaluate your own behavior and see where you can improve. It will keep you from getting into some fairly serious trouble.

While you are reading, I'll be backing up my Google Docs.

The Stupid Things You Do Online (and How to Fix Them)

 

Essential Mobile Apps for Students

 Permanent link

Woman on Cell PhoneMobile apps are becoming a mainstream for student success. If you are a student, here are a few to consider.

Tegrity Mobile App

An increasing number of Southeast Technical faculty use Tegrity to record or supplement their courses. Tegrity offers an app that allows student to bookmark recordings in real time, take notes, and search right from your phone.

More information at www.tegrity.com/product/mobile

Evernote

This services lets you capture ideas, lists, vocabulary, or any other information you need in one place. Then you can easily access and search your notes from any internet connected computer or mobile device.

More information at www.evernote.com

ResumeBear

While posting online résumés can be a chore, ResumeBear not only allows for an easily accessible online format, but allows you to see who is actually reading your résumé. It also allows you to send your resume right from your phone.

More information at www.resumebear.com/mobile

Bench Prep

Bench Prep provides online practice testing services, study guides and material (including video), and peer support. This service is gold whether you are trying to pass biochemistry or studying for the BAR exam. The service isn't free (courses range from $99 - $199), but the mobile download is free!

More information at www.benchprep.com

Mathemagics Lite for iPhone

It is well documented that iPhone users need help with math. Okay, all of us need help with math. Mathemagics Lite is a great tool to help you study for the ACT, GRE, or just get a better handle on math in general. Unfortunately, it is only available for iPhone.

More information at www.bluelightninglabs.com

---

There are many more apps for students, of course (Interview Prep Questions, JobAware, etc.). If you come across one you can't live without, let me know. I'll discuss it in a future post.

 

 

Tips for keeping your Outlook organized

 Permanent link

Outlook ButtonOutlook 2010 is an excellent program, though it can be a daunting one. With a plethora of viewing choices, lots of categories, and more features than you can shake a stick at (I've tried); it is hard to know where to start. Often, people just use one or two features, believing the others to be too difficult to use.

Fortunately, a recent Microsoft article does an excellent job or outlining seven rules to help you stay organized. Most of these I use myself, and it makes my work life much easier. Rare is the day I have more than one unread email in my inbox.

Here are the tips, in brief:

1.      Group by Conversation. This feature allows you to group entire discussions together, eliminating the need to hunt for previous emails in the same conversation thread. If you have ever hand twelve people respond to one of your emails, you know how much this can help.

2.      Sort emails in folders. Creating your own group of folders helps keep things in place. Most people have some folders in place, but don't forget that you can have sub-folders as well. Moreover, you can use rules to automatically sort emails into these folders as they come in.

3.      Create Search Folders. Admittedly, I don't use this feature much myself. I'm a little diligent with my folder organization. However, if you aren't nearly as geeky about this, creating search folders is just the thing for you!

4.      Route mail using rules. If you aren't using rules, you should! They allow you to mark, forward, sort, or delete emails automatically based on your needs.

5.      Use Junk filters. The bane of email marketers, these rules allow you to sort or delete email based on who sent it to you. This is the last line of defense against obtrusive email.

6.      Assign color categories. I use this feature every day. In Outlook, you can give color categories to emails. You determine what these categories mean. For example, I use red for those important "to do" emails. I use green for emails that I will keep for reference, and I use orange for those emails I need to read closer later. It is one of the handiest features in Outlook.

7.      Flag for follow up. These flags are excellent! Simply by adding a flag, you can set a due date, start date, or a reminder. It essentially turns an email into a task. They even show up on your calendar.

To learn how to do each of these, and read more about these great features, visit the Microsoft At Work Web site.

Working with Fonts Online

 Permanent link

Finally RapscallionFor years my students have been asking what they can do to use their favorite fonts in their Web sites. Usually, these students are graphic designers who recoil in horror when they find that a user has to have that particular font installed on their computer.

There have been services to do this for years. IE has had an Active X control that allowed developers to put in fonts by converting them to .pfr or .eot files. JavaScript solutions have also been available.

However, there have always been limitations to these methods. Most don't work in all browsers. Some require the user to download more data. In all cases, it is a lot of hassle for very little impact.

The good news is that this is rapidly changing. As browsers improve, and CSS3 integration increases, it becomes increasingly easy to embed fonts into a Web page.

In an article on the Six Revisions Web site, Joshua Johnson at does an excellent job of outlining the use of the CSS3 declaration. The techniques and resources he outlines use the @font-face declarations to effectively embed fonts into nearly any modern browser or mobile device.

Check it out. The Essential Guide to @font-face

Of course, now we have to deal with that pesky font licensing issue...