A little password care boosts hack-resistance
Patrick Marshall offers some advice on digital security and password management, also touching on drive encryption, “kill switches” and biometrics. He also answers a reader’s question about multiple Wi-Fi connections shown on Windows 7.
Special to The Seattle Times
Q: Seems it is time to become proactive about making my passwords tougher and changing them with regularity. First of all, I would like to know what you use and why.
Second, I would like you to forecast the future a bit and tell me if you believe that some form of biometrics will replace typing in a code?
Finally, given how resourceful hackers are, what assurances does one have that passwords associated with an online-management software won’t be hacked anyway?
— Ric Thorning, Lynnwood
A: I agree with you that we need to be more careful about password security. And it’s not just stronger passwords we need. Drive encryption is important, especially for mobile devices that are more likely to be lost or stolen.
I’m also in favor of requiring cellphone manufacturers to include “kill switches,” which allow owners to disable lost or stolen cellphones. It is assumed that such switches will make cellphones less attractive to thieves since they won’t be able to resell them.
At the same time, sadly, service providers, who sell cellphone insurance, have resisted such measures. Need I say more?
As for passwords, I change mine every couple of months and I make them “strong,” which means using 8 to 12 characters, mixing letters and numbers with special marks. And it means not being “obvious” by using children’s names, birth dates, etc.
How do I remember passwords when I change them frequently? I keep a list, hidden on my computers. I do take a bit of a chance by using a password manager in my browser, which means I don’t have to remember passwords for every site I connect to. But that manager won’t work until I sign in to the browser using the correct password.
Of course, if any device I have my passwords list on is lost, stolen or hacked, then I need to immediately change passwords again.
And yes, I’m hopeful that biometrics will ease the password-management challenge. In fact, laptops have been available for several years that sport fingerprint readers for logging in. The iPhone, too, now has that capability.
We’ll soon see even more subtle biometrics. I recently spoke with a researcher at Georgia Tech who has developed software — called LatentGesture — that uses a cellphone’s display sensors to detect the speed and “style” of a user’s swiping and tapping. Using that data, the software creates a user profile. If a user doesn’t match the profile, the device can be programmed to lock up. In testing, LatentGesture proved accurate 98 percent of the time.
As for being hacked, unless the NSA or Department of Defense has some technology we’re not aware of, I’m afraid any device connected to a network — including the Internet — is capable of being hacked by a hacker with enough talent. That doesn’t mean, however, that it would be a good move to abandon your firewall.
Every layer of security you add — including passwords, anti-virus, anti-malware, firewalls — means you are less likely to be victimized. It doesn’t mean you’re 100 percent safe, but it does mean you are more safe than otherwise.
Q: I have a Samsung RV511 laptop running Windows 7. I am stumped about why in the Control Panel / Network Connections there are three Wi-Fi connections listed: Wireless Network Connection 3 / Microsoft Virtual WiFi Miniport Adaptor #2 (Not connected); Wireless Network Connection 2 / Microsoft Virtual WiFi Miniport Adaptor (Not connected); and Wireless Network Connection / Intel Centrino Advanced-N 6250 AGN (connected).
Any idea why three Wi-Fi network adapters are shown? I need only one, I assume.
— Jim Rivers, Renton
A: The Microsoft Virtual WiFi Miniport Adapter is a feature made available for developers. Using the virtual adapter, a developer might create a program, for example, that can allow your single actual Wi-Fi adapter to connect to two different wireless networks.
Or you might use the virtual adapter to serve as a hotspot so you can connect multiple devices to a single network through it. In either case, you would need additional software to take advantage of the feature.
Questions for Patrick Marshall may be sent by email to firstname.lastname@example.org or email@example.com, or by mail at Q&A/Technology, The Seattle Times, P.O. Box 70, Seattle, WA 98111. More columns at www.seattletimes.com/