We've all heard the lectures about password security 100 times.  We know the basics like "don't use real words," "no names of your family members," and "the most common password is the word "god."  We've heard these things before and I think most of us have a false sense of security about our how secure our lives are.

These days, password cracking tools are freely available on the internet.  "Hackers" with almost no skills download powerful tools that rapidly attempt to guess a password using combinations of every word in the dictionary and every name.  Personal computers are becoming more and more powerful meaning that the time it takes to attempt these brute force password attempts becomes shorter and shorter.  Also, new password cracking algorithms such as rainbow tables are becoming accessible, even to people that don't know how to use them.

On top of that, most people use the same password for everything.  Their personal email accounts, their banks, their retirement accounts, their facebook etc.  If not exactly the same, then some variation of the same.  If a hacker guesses your password for one account, what kind of access to destroy your life do they have?

My final argument in favor of paranoia is this: Let's assume bank websites are secure.  Those institutions put a premium on defending their customers from hacking attempts or internet vulnerabilities, so let's just assume those places are hack-proof.  Addditionally, let's assume those sites are the one place where we keep a ridiculously long, very secure password that is different from every other website we use.  Are we safe in this scenario?  If I were a hacker, I would avoid bank sites assuming they're too hard.  Instead, I would go after an email site.  I would assume people keep less secure passwords for their email and therefore they are easier to get into.

What kind of information would a hacker have access to if he could gain full access to my email account.  There's not really anything sensitive in my email account by itself.  What I'm concerned about is how many other secure websites are tied to my email account.  For instance, could a hacker go to my bank website and click the "I forgot my password" link and have my bank send a new password to my now compromised email account?  What about my 401k website or my investment account.  The possibilites are enough to keep me up at night.

So, what can we do?

First, follow good password behaviors.

• Keep a separate, secure password for each website. 
  

I know how daunting this is, but there are tools to make it easier.  Keepass is a free, open-source password database that is a highly encrypted place to store passwords.  It will even auto-generate passwords that are as complicated as you want them to be.  You only have to remember one password to open your entire database of passwords.  It has the ability to copy and paste passwords so you don't have to type them and you can store the url's for important websites right in the app.  There are versions of keepass that you can keep on a usb thumb drive or even on your phone.  Another tool to make a secure life easier is Roboform - it has the same master password concept as keepass but will auto fill in website passwords once logged in.
 

• Don't use real words in your passwords

A trick to make this easier to live with is to substitute symbols or numbers for letters.  For instance, if you want your password to be the phrase "world wide web," subtitute the lettering for something similar to "W0rldw1dew3b!"  It's easy to remember and won't be found in any dictionary.  Remember to use a mixture of lowercase and capital letters as well.

You can also use passwords based on phrases that are important to you.  The phrase "The Lord is my shepherd, I shall not want" would become something like "tLimsIsnw." 

Patterns on the keyboard are equally efficient.  For instance, start on the bottom row with the letter "z" and click through to the "m" and then do the same patter in reverse on the top row of keys.  Easy to remember, difficult to crack.

• Change your passswords periodically

I recommend changing passwords frequently, at least every 90 days.  As personal computers get faster and faster, this can help keep you ahead of any password cracking attempts.  The longer your password is, the longer it takes to crack.

• Keep your passswords at least 8 characters long

Hopefully, a good password policy will keep you out of heartache.  A little extra precaution goes a long way in this always connected world we live in.

Most all of my clients have either a BlackBerry or an iPhone.  And almost all of them use Microsoft Exchange.  This is not going to be a compare and contrast of who is better: the BlackBerry or the iPhone.  Of couse the iPhone has ActiveSync integrated into the OS if you have the Enterprise Data Plan from your Wireless Provider.  But now there is an equalizer, AstraSync enters the picture.  AstraSync allows for you to synchronize your BlackBerry with your Exchange server without having to Install BlackBerry Enterprise Server or its free counterpart.  AstraSync is like ActiveSync for the BlackBerry.  It allows you to get and recieve Exchange Email, it updates your calendar and your contacts, you can flag messages and add attatchments.  Pretty slick if you ask me.  Also, what I hear is that you do not have to upgrade your phone to the Enterprise Data Plan to be able to use it.  You can just get an unlimited data plan with your provider and away you go.  The software costs $49 per year and is well worth it when you look at your savings from not having to have an Enterprise Data Plan.  They also offer a free trial so that you can get your feet wet with to see if you really want it.  Just use the link below to give it a try.

http://www.astrasync.com/

Here's the situation.  I have a corporate email account on hosted exchange (Microsoft BPOS) and this is my work email, calendar, and contacts.  I also have a Google apps domain for my personal email, calendar and contacts.  I am a Google voice user and share my Google apps calendar with my wife.  It is essential that these calendars and contacts are the same.  I also have an iPhone that uses the exchange active sync connection and have to Goggle apps account setup for email only.

In the dark days of owning my blackberry, I tried to sync everything using the Google app on the phone.  The results were disastrous.  I had to undo the sync and restore from a backup.  I also received errors all the time saying that the contacts and calendar were being synched by another program (Enterprise activated) and could not complete or a duplicate would be created.  

This time around, I said that I need the application to reside my desktop to handle the issue.  I searched and searched for something free to do this but could not find it.  Add to the complexity that I am running office 2010 x64 edition.  This only further narrowed my options.

After searching for a while, I found Gsyncit. (http://www.daveswebsite.com/software/gsync/).  I read all about it and decided it was going to do everything I wanted it to.  The app is $14.99, but very much so worth every penny.  It took about 10 minutes to setup, and then I had some de-duplicating to do in contacts because the contacts between Google Apps domain and Outlook were already out of sync from me manually doing it when I remembered to.  The de-duplication process to about 20 minutes.  I have almost 300 contacts so not to bad.

But here's where I ended up after my $14.99 purchase and 30 minutes of work.  All contacts and calendars are synched between the two accounts.  If I make a change on my phone while I am on the road, it gets updated to corporate exchange.  Then when I get back to the office, I load Outlook and all those changes are synched back to the Google side.  I can also accept invitations from either of my accounts in any method I want.  Then changes are synched later when Outlook is loaded on my desktop.  Finally, since all my contacts are in sync, Goggle voice calls are very rarely unknown callers any more and I am no longer required to press 1 to accept the call of an unknown caller.

To be a complete nerd for a little bit, I have been trying to accomplish this for a very long time.   I have seen Gsyncit for a while but really didn't want to pay $14.99.  It has been a frustrating uphill battle to get these all in sync but now that they are, I feel major satisfaction.  

I WANT an e-book reader and I must have one!  I am tired of all the books I buy and having to keep up with them.  I have broke down my thoughts and would love any comments to help me finally decide.

Kindle 

The kindle with its low price has me wanting to go that direction more than any other.  I know what type of books I like to read and amazon book store has most of the titles available for the Kindle.  The e-ink and battery life of the new generation is very attractive.  The big downside, I don't get all the cool features of the iPad.  Apps, web surfing and so on.

Nook

In my opinion, I feel like this is a very similar product to the Kindle.  Barnes and Nobles saw the success of the Kindle, tweaked and added some features and called in Nook.  To me, there just does not seem to be enough originality to make me want to chose one over the other.  Additionally, when I searched the BN site for books I like to read, less were available for the nook than the Kindle.  I welcome someone to prove me wrong on this one and bring up some points I have missed.

iPad

Total awesomeness.  I want it!  But wait, reports I have read say two things bad.  1. it's not that great of a platform to read books on.  2. because of the light it emits, the iPad is more like watching TV than reading a book.  Meaning that my sure fire way of getting sleepy, reading, now is going to keep me awake.  Apple's selection doesn't seem to be that great right now (at least for the books I like to read).  But it is Apple, that will change.  I can't remember that last time I bought music anywhere but iTunes.  We all know Steve Jobs wish is for the same thing to happen with books and media in general.  We are now saying, "what's a CD?", but Steve Jobs wants us saying "What's a book" or "What's a Magazine".      

Wrapping it up

What's makes this the hardest for me to decide is that I am cheap.  I want to be a cool kid and have an iPad.  But it's the most expensive option. My other issue in general is that a recent report shows that people read much slower on the "ebooks" than real paper.

Microsoft is trying to kill public folders and make everyone go to SharePoint.  As far as mobile access to SharePoint went, it was rather bad.  Text only or a really small screen of the SharePoint page. Today I needed a way to make SharePoint pretty on an iPhone.  Basically more elegant than the text only version.  After some research, I found Moshare.  http://moprise.com/

Right now the program is free to download and use via the App Store.  I downloaded, installed and configured in under 10 minutes.  

The drawback I see is that all information is read only.  Which, let us be honest, if you are using your iPhone to access the site, do you really want to do more than read the info?  

I had a client contact me recently about email encryption.  I new already that there were 3 ways to go about this:

1. You can use a service that manages the encryption.
2. Install an encryption gateway at your office.
3. Or install a desktop app that you have to manage public and private keys for.

This is a necessity for many that send sensitive email because once an email leaves your organization it is no longer encrypted. 

Example 1:  You have hotmail account and you email a yahoo account: the email is not encrypted once it leaves hotmail's servers.  and visa versa.

Example 2: You have an Exchange Server in your organization and you email another company out there that has an Exchange server by default these messages are not encrypted either. **

While I was updating my pricing list for different services to recommend, I found a very compelling new service:  http://www.sendinc.com

The service does not store any of your data.  You go to the main page which has the email form on it.  After you type in your email address they require you to register.  You then create your message and choose who you want to send it to.  You can attach as much as 10 Megabytes of attachments.  The message is encrypted and then attached to an email that is emailed to the recipient.  So the message is no longer stored at Sendinc.  When the end user opens the website attachment the data is uploaded to the website and decrypted there.  All data transmissions are RSA SSL encrypted (1024 Bits).  Even if you forward your email to someone else they cannot read it.  It has to be opened from your email.

I give this web app two enthusiastic thumbs up!

**You can create a site to site encryption in Exchange server between different email domains but that is beyond the scope of this post and would be time consuming for managing the certificates between any domain and all the domains that you would want to encrypt your email between.

Do you think Strickland Networks has or is helping your business by managing the Information Technology side of your business?  Do you know other companies that could benefit from our services?  If so, recommend us to your friends, colleagues, and business partners.  Strickland Networks is offering $250 for each referred new client that signs and enters into a Managed Service Contract with Strickland Networks.

This money can be paid directly to an individual, credited to your monthly bill, or it can be given to a non profit / charity of your choice in your name.     

Have your friend, colleagues and business partners call or contact us.  Be sure they mention who referred them to Strickland Networks.

info@stricklandnetworks.com

(817) 224-2020

I have switched all my person email to a Google Apps account.  I wanted the email control and the customized domain.  Only problem was that I couldn't use most of the other Google products.  In particular: blogger, picasa, and voice.

I searched for some time trying to figure out how to do this.  Nothing useful was coming across my screen.  I accidentally discovered how to do what I so desperately wanted Google to do when I was trying to setup adsense.  

Here's how you do it:

Create a new Google account.  Here is the link. 

https://www.google.com/accounts/NewAccount.  

Use your Google Apps domain email address and follow instructions.  Once complete / confirmed, you can use most of the Google products.

Bonus tip:

If you want to transfer your Google voice account from your Gmail.com account to your Google Apps domain, click this link.  

http://spreadsheets.google.com/viewform?formkey=cjlWRDFTWERkZEIxUzVjSmNsN0ExU1E6MA.  

You must complete the Google account setup first though.

Disclaimer: not every bank has this setup yet, my bank just happens to be leading the pack.  

I got my iPhone 4 about three weeks after it had been released.   I am finally one of the cool kids and I do not have a blackberry or windows phone anymore.  I installed my banking app and remembered someone telling me that their app allowed depositing of checks via the app by taking pictures.  Honestly, I thought this was the most useful thing to do with the camera and the iPhone in general.  

I get expense checks from time to time that are not direct deposited and my bank has no local branches.  Previous to the iPhone app, I had another bank locally, and I had authorized wire transfers between the two.  But this still required me driving a ways, depositing the check and then transfer the funds.  iPhone app comes along and this is not a problem any more.  I choose mobile deposit and take a picture of the front and back (which is signed with and labeled for deposit only into my account).  Funds are available immediately.  

To me, this is a game changer and should send banks into examining why they have so many branches when a smart phone could do a bulk of deposits for individuals.  Commercial deposits, well, not every solution is a good fit to every problem.   

My definition of CLOUD:  The most over used buzz word of recent times.  Putting that aside, some IT solutions just fit better with someone else hosting and maintaining that part of your business.  Today, I am focusing on email.  

Money: Yes, money talks.  You can host email offsite for as little as $4.17 / month / user and a maximum of $10 / month / user.  This isn't with some fly by night company either.  We are talking about Microsoft and Google.  Let's case study a company with 30 employees needing to upgrade their email server and say that the company replaces equipment precisely every 4 years.  Option 1: Purchase new server and replace.  Cost: Approximately $7500.  (Server + Software + Licensing) .  Option 2: Google apps domain: Yearly cost $1500 and total cost over 4 years is $6000 plus initial setup (man hours). Option 3: Microsoft hosted exchange: Yearly cost of $1800 and total cost over 4 years $7200 plus initial setup (man hours).  Option 4: Microsoft BPOS: Yearly cost of $3600 and total cost over 4 years $14400 plus initial setup (man hours).

With the last 3 options, the best news is that after the first four years, your company is purchasing new equipment.  You continue to pay your monthly fee and upgrades and improvements are added to your hosting solution in the cloud with out any intervention from your IT staff.

Maintenance:  I am in no way saying the cloud is maintenance free, but I am saying that your IT staff will spend much less time maintaining the email hosted in the cloud once the initial setup is done.  Think of this, the burden of backups, uptime, equipment and so on is now rolled up into a nominal fee you are paying.  

Reliability: Service Level Agreement!  What would it cost your company to place a redundant email system to a data center that offered very high speed internet and redundancy.  I have recently priced this and $20k - $30k for hardware alone.  Add on a $500 - $1500 monthly fee for the data center and internet.  All this exercise was to get your SLA up to 99.9%.  Or, when you buy a hosted solution, it comes with that SLA bundled in you low recurring fee. 

Eat our own Dog Food: Not only do we recommend these solutions, but we use them too. Our corporate email is hosted with Microsoft BPOS.  Personally, I have a Google apps domain for my family.  I like both products and they both are reliable and quality products.  

Ready to buy yet?   If this peaked you're interest and you are ready to switch, give Strickland Networks a call.  Not only can well help you chose the right solution, we can help you implement it as well.