Ten Ways to Protect Your Accounts with Strong Passwords

Recently, many of us have been receiving messages that some of our passwords have been compromised. I have written about passwords before but I want to give you another dose of rules, tools, and suggestions to keep you as digitally safe as possible. I have been sitting down with friends and relatives recently and asking them to evaluate both their passwords and how they store and create them. 

Here are some suggestions, rules, and tools:

1. Don’t use the same password for more than one login. If one of those sites has a breach, someone now has your email (or user name) and password. You can be sure they will try it on other sites! 

2. Make passwords long and complex. Use numbers, capital and small letters, and symbols (if the site allows). 

3. Do not, do not, do not, do not keep a list of your passwords on a post-it note on your computer. While a piece of paper in a file might have some degree of security and practicality there are better ways to do this. On Apple products, you can create a password protected note, which is better than having a slip in your wallet – but there are better methods. 

4. I recommend everyone use a password manager. I use 1Password, but there are many others. Apple offers Keychain built into the Apple ecosystem. The main benefit of a password manager is that it stores all your passwords securely and you don’t have to remember all of them. All you have to remember is how to get into the manager (thus the one I use is called 1Password because I only have to remember the password that lets me into my password manager). I STRONGLY suggest looking at a dedicated password manager that is not a locked note, Keychain, or the password saver built into your web browser. 

5. Another benefit of a password manager is that it can autofill your usernames and passwords when you go to a website. It will also remember your password when you use it on a new website (and even offer to create a strong and complex password for you). 

6. A side benefit of this is that, if my password manager does NOT offer me my password on a website that LOOKS LIKE it is my bank, for instances, it is a warning that I might be on a fake website and about to give away my username and password to a hacker! If my password manager doesn’t recognize the website, I need to find out why. 

7. Consider trying passkeys instead of passwords. Passkeys are when you use another device instead of a password. You might use your fingerprint or other biometrics. A website might ping your phone, watch, or other device. You can even purchase an actual digital key that plugs into your computer and lets websites know that it is really you! 

8. Many websites now use one-time password codes instead of passwords. You log in with your email and they send you a code. This is great – as long as you have control over the means of getting that code. If a hacker gets control of your email or phone number, you will be unable to receive these one-time password codes.

9. For this reason (and others), it is critical that you use secure passwords with your high-priority assets: your email account, financial institutions, any website where you have stored a credit card (Amazon), social media accounts (Facebook, Instagram, TikTok, etc), and of course, work-related websites. All of these should be protected with long, complex, and unique passwords – so long and complex that you could never ever remember them. Thus, storing them using a secure password manager would be a good idea (there is a theme here – get it?). 

10. Always, always, always take advantage of two-part authentication when it is available. This is when you get a code sent via text or email or through an authenticator app when you log on to a site for the first time on a new device or browser. This is not foolproof. If someone has your phone, they might be able to use this to reset a password. However, if you receive a message with a code when you haven’t logged in to that website, you know someone else is trying to. 

The scammers are getting more and more clever and devious, as I have written about before. We have to help each other stay safe and protected! While a warning that you have a compromised password may or may not be true, we all could improve our password security. Be safe out there! 

UPDATED: Strategies to Avoid Getting Scammed

The scammers are devious. They are increasingly harnessing both technological and psychological weapons to trick people out of their money – especially vulnerable people like the elderly. 

I have written about scams before, and while the articles and advice in those posts are still relevant, the scammers are escalating their tactics and we need to add some more precautions to our anti-scammer protection system. 

For those who don’t want to read much, here are my anti-scamming suggestions (this is an extenion on the list I wrote here): 

Trust your gut: If you even have a slight inkling that the phone call, email, website, text, or other form of communication is a scam: STOP! We frequently have a little voice in the back of our minds that raises the issue, but we don’t pay attention: PAY ATTENTION! 

Just because they have some information about you, even something as private as your social security number, bank account number, credit or debit card number, address, or date of birth, don’t trust them! Scammers can get this information. Bad actors can access private and personal data. Don’t rationalize that, “this can’t be a scam because they have my…”

If the message is urgent, it is likely a scam. If the message is highly sensitive, it is probably a scam. If the message is emotional, it is likely a scam. If the message is shocking, it is likely a scam. Your grandchild is most likely not in danger. No government agency is coming after you. No one has hacked into your bank account. “You can’t tell anyone,” is a huge red flag! When the person on the phone or the email screams that the house is on fire and you must trust them to put it out, hang up and do the thing next on this list. 

Contact the agency or person in question the way you normally do! If the email or caller says they are from your bank, hang up and call your bank. If they say that there has been a car accident and your relative needs help, call that relative (and if you can’t reach them, call someone close to them whom you trust). As the photo shows, links can look like they are correct and lead you to the wrong website. If you have a browser bookmark for your brokerage account, use that link– never click on links in texts or emails! 

Don’t give ANYONE your private information. Period. Don’t confirm your private information. Period. Of course, if you call your doctor, banker, broker, or other trusted source, you can do that. However, if someone contacts you and claims to be from their office – or even sounds like them – nope! 

Fakes are easy to create! Scammers can spoof phone numbers, so don’t trust the caller ID. Spammers can fake people’s voices, so just because it sounds like that person doesn’t mean it is that person. Spammers make website addresses, links, emails, and phone numbers look like the real thing. That is why you must always use the contact information that you have used in the past and know 100% is, in fact, the real thing – not the link, email address, phone number, or other method that they are feeding you. 

If there is even a tiny chance you are on the phone with a scammer: hang up! Then contact the organization using your regular contact method. Pro tip: if you are on a cell phone call and turn it to airplane mode, the person on the other end will see a “call failed” message. To really sell it, do this in the middle of a sentence or word. 

Don’t use passwords, passcodes, PIN numbers, or other private unlocking strategies in public - EVER. Don’t unlock your phone at the bar. Go inside the bank and cover your PIN number with your hand at the ATM – or better yet, use a teller. Never use passwords on public wifi networks. Learn to use passcodes like your face, fingerprint, watch, or USB keys. 

Don’t do strangers favors: Lots of scammers take advantage of your good nature. They ask to use your credit card at the gas pump because they only have cash. They ask you to loan them money. They ask all sorts of things. The answer is no! While sometimes, they really are people in need: more often, they are scammers. Give to charities and social service agencies and call them when people are in need - if people approach you directly, be suspicious. 

If you have other strategies, send them to me and I will add them here (and credit you, if you are okay with that – I can also credit you with just a first name or initials). 

Here are a few articles to give you the flavor of what scammers are doing: 

“Lake Co. Resident Nearly Loses $20K In PayPal Scam”

“AARP sounding alarm on fraud, offering helpful resources to victims”

“10 Security Settings That Protect Your iPhone From Thieves”

“How to Avoid Pump Switching Scams at the Gas Station” 

“How to Protect Your Parents From Elder Fraud and Scams”

“How to Protect Your Finances From Identity Theft”

“This 'IRS Letter' Is a Scam”

“These Financial ‘Experts’ Got Scammed, so You Can Too (Really)”

UPDATE: 

Some dear friends replied and added the following:

Beware when the person texting you says they can’t or won’t answer a phone call from you because they are “driving”… it’s really because you would instantly recognize that they are not who you think you are texting. If you think about it, people who are driving would really prefer talking over texting as that would be safer!

Many scammers are from foreign countries and English is not their native language. Therefore, be aware that even the SLIGHTEST English grammar or syntax error should alert you that the person is a foreign scammer who has a high level but not perfect proficiency in speaking English.  Even a SINGLE WORD misused that would not be said that way by a native English speaker should be a huge red flag to you.

If a person asks you to pay for an item via Zelle be aware that, unlike a credit card payment, money sent by Zelle cannot be retracted or credited even if you later can verify it was sent to a scammer. Never use a phone number or email link sent by the person to make a Zelle payment, as your money is probably not going to the person you think it is.

If you are purchasing an item and the main message to you focuses on receiving the payment rather than the details of the item itself that should clue you into the fact that all they want is to get your money from you.

If you are communicating with someone via Facebook messenger and then switch to texting but they won’t talk out loud by phone call that’s a clue that they are trying to hide their true identity.

If the party refuses to take a check as payment and insists on using electronic payment via Zelle, Venmo, or PayPal that’s a clue that it’s a scammer, as the scammer wouldn’t be able to cash your check, especially if located in a foreign country,

If the person selling an item says you need to pay them because other people are also trying to buy the same item, be aware that it’s probably a lie and trick to make you pay sooner rather than later.

Try to buy items from established online retailers like Amazon, Wal-Mart, etc, and not from Facebook marketplace or unknown retailers.

If someone asks you to text back a Google phone code and you do they might create a Google Voice phone number that links to your phone, thus compromising your phone! 

Beware of scammers who say that they are checking that you are not the scammer! How ironic! 

Thank you to my friends for these strategies! 

Reading for Treasure: Protecting Your Information and Privacy

Reading for Treasure is my list of articles (and other readings) that are worth your attention. Click here for an introduction.

Once again, here are some articles to keep you safe as you use your technology. Specifically, how to thwart being tracked or scammed by devices, websites, advertisers, and others. 

This video from CNN includes a password tip that is genius and I have never heard of before. I am not going to list it here, but listen for the word “salt” in the video: "Here's how to keep your passwords safe, according to a hacker.” 

Wired provided a simple and common sense list of “6 Things You Need to Do to Prevent Getting Hacked.” Read the article, but I’ll list them here: Use multifactor authentication, get a password manager, learn how to spot a phishing attack, update everything, encrypt everything, and wipe your digital footprint. If any of those terms are foreign to you, take it as a sign you need this article. 

A great compliment to the above article, Propublica’s article, “A Former Hacker’s Guide to Boosting Your Online Security.” provides a straight forward and simple list of ten things to preventing stolen data, identity theft, and other online hazards. Again, I’ll list them here, but read the article for more: stop reusing passwords, delete unused accounts, use multifactor authentication, manage your privacy settings, think before you click, keep your software up to date, limit what you’re sharing online, security your SIM, freeze your credit reports, and back up your data! 

Lifehacker is also a great source for digital safety. Here a short and simple article that lets you know “How to Tell Which Apps Can See Your Private iPhone Data.” It is an older article, but still worth reading. 

This somewhat scary article from The Conversation via Inverse is a good overview of how your use of technology may put your privacy at risk: “Here’s exactly how tech companies and apps conspire to track you 24/7.”

Yes, emails can snitch on you. Many emails report back to their senders if you opened them, when you opened them, and even for how long you engaged with them. Want to stop this? Read this article from Wired: “How to Tell Which Emails Quietly Track You.” If you use Apple devices, this Lifehacker article, “How to Stop Email Trackers on Your iPhone, iPad, and Mac” will help you with this issue and more. 

A new form of hacking is to use free USB charging stations. Apple Insider discusses, “What juicejacking and trustjacking are, and how to protect yourself.” The basic piece of advice here is, if your phone asks you “Do you trust this computer?” or “Allow this device to access.. and you are not connected to your home computer, say, NO! 

How many of us have lost our phones or have had our phones stolen?  We may feel safe because our phone is locked with a passcode, fingerprint, or our face. Lifehacker says, “Your iPhone Is Still Vulnerable When It Is Locked” and then helps you secure it! 

And it is worse than that: Lifehacker provides instructions on how to use screen time on the iPhone to prevent a stolen phone from becoming a stolen Apple account or worse: "How Screen Time Can Save You When Your iPhone is Stolen." 

I am currently reading The Paper Menagerie and Other Stories by Ken Liu

The World Science Fiction Convention Online!

The coronavirus prevented people from traveling to Wellington, New Zealand for the 78^th annual World Science Fiction Convention. I was not planning on making the long trek down under. I was, of course, a supporting member, and planned on participated in voting for the Hugos and site selection from afar. When the convention went virtual, I signed up to attend – online. It was an opportunity to go to a Worldcon from my home in Illinois. What a great opportunity!  

For those readers who don’t know about Worldcons, science fiction conventions, or the wonderful world of fandom, take a look at this report from the Worldcon in London a few years back to get an idea of the scope, scale, and focus of these wonderful celebrations!

The virtual Worldcon a great experience. The organizers of CoNZealand did an outstanding job of creating both an analog experience and a new way to engage with fandom. I am so grateful to the many people who worked hours and hours to transform a traditional Worldcon into a meaningful online event.

 

I am a panel person. I enjoy many aspects of conventions, but the discussions at panels are my favorite part. The panel selection at CoNZealand was strong, but the online transformation of panels enhanced my experience significantly.

 

By any convention standards, the panels were great. The panelists were expert and articulate, the moderators did a great job of structuring the conversation. There was higher quality interaction between the audience and the panelists (and among the panelists) than at a typical live convention.

 

One of my biggest panel pet peeves is the people (often in the front row) who believe they are panelists and keep participating no matter what the moderator does. We had none of these! It wasn’t possible. There was strong information for moderators and a programming and/or tech person in the background helping structure the panel and making sure the technical details worked. It showed. Things ran beautifully!

 

The use of the Q&A and chat functions in Zoom also enhanced the panel significantly. Those who wanted to participate and provide a running commentary could use the chat feature. This felt both appropriate and a good way to channel (sorry) the need to provide a running commentary on the panel. Many times, panelists pulled ideas and comments from the chat into the panel! It was a multi-leveled conversation.

 

The Q&A function was a great replacement for hands up. Questions could be voted up or down and moderators could control how they asked them. The structure helped create panels that moved forward instead of the constant “back to what so-in-so said ten comments ago.”  

Continuing the panel discussion on Discord added yet another improvement to the convention panels. For me, the only way to continue the conversation started at a panel is to talk to my friends with whom I saw it. If I am lucky enough to spot a panelist, I might be able to bring up points from the panel (which has its own problems). CoNZealand created a dedicated avenue where panelists and audience members could continue their conversation on a Discord channel! This is a great way to deepen engagement and help foster stronger relationships between convention-goers.

 

Since the panels were on Zoom, they were recorded and these recordings were available shortly after the panel and for a week following the con. I attended many panels live but saw even more afterward. I got to see every panel I wanted to attend! I’m still watching them. Of course, I didn’t get the chat and the Discord follow up when I saw the recorded panel, but just being able to see multiple panels that were scheduled at the same time or at a time when I could not attend was a huge bonus! I felt like I got much more from this convention from the sheer number of panels I got to see!

 

I attended some of the parties on Zoom, sat at a fan table for a few hours, and toured the virtual exhibit hall, dealer’s room, and art show, too. While I would have preferred to interact with these in person, I liked being able to see the displays and take as much time as I wanted. I could linger at the art show and browse the dealers’ websites. I even appreciated the ambient sound of a busy convention hall that accompanied this area.

 

I am hoping to be in attendance in D.C. for the next WorldCon, and I do prefer being present in-person to a virtual experience. Yet, there are aspects of the online convention that could be integrated into a live one. Providing an online chat for panels, recording them, having an online discussion area would all be great enhancements. Are these worth the cost and people power to make them happen? I am not sure.

 

Having a virtual track on future conventions does make it more accessible and provides more value for all attendees. Yet, it would require much more work on the part of the organizers. As we envision a post-COVID world, we may need to both prepare for the possibility of an entirely online convention and provide ways for those who cannot travel to participate. CoNZealand did an outstanding job of exploring this brave new world of virtual conventions and I am very grateful! Bravo!

Death of a Website

In the summer of 2000, I took a workshop on creating websites. We used Front Page, a program that didn’t make us code directly in HTML, and made it easy to create simple web pages. I was hooked. I created an elaborate teacher website that looked like the computer interface from Star Trek: The Next Generation.

At first, my website was a simple way for students and others to get the handouts that we used in class. I linked the homework calendars, syllabuses, specific assignment sheets, and handouts in HTML form.

Then I realized that I could do far more. I created an FAQ page to address the many parent questions that I had fielded for decades. I took many useful handouts, from grammar and writing to study strategies, research, and public speaking, and put them in a special resources section of the website. I posted my schedule in great detail so students would find it easier to make appointments with me or get in touch.

I speak at several school presentations throughout the year. I talk to seniors and their parents about college essays and freshman parents about responding to progress notices. I took these presentations, my notes on them, and related information and created web pages for them. A few years later, I recorded all of Charles Dicken’s A Tale of Two Cities with explanations and annotations. I posted them on my website.

In short, I put my teacher life on the web for all to see.

Students were not yet carrying around computers during this time. Neither the Chromebook nor the iPad had been released and portable computers were very expensive. However, we had desktop computers throughout the school, and almost every student had access to one at home. Handwritten assignments were becoming rare, and most students produced their work on computer.

I suppose you could call this era Web 1.0. When we started to use tools like turnitin.com, a server to which students upload their work that checks for plagiarism and allows for digital feedback, I needed to make some significant updates to my website. I incorporated Google products into it.  I gave it a makeover.

By this point, my website had several thousand pages, most of which were always accessible. In about fifteen years, I had fully integrated this website and its online resources into the fabric of my teaching.

In the summer of 2015, our district updated its website, and all of a sudden, I could not get to my website and make changes. I called the person in charge and was told that my website had been “legacied.” I almost threw up. I thought I might cry. I explained that this was not a little three-page site with my phone number and email address; it was an integral part of my teaching! I begged not to have it taken away!

 

I was heard. My website was “migrated.” I continued to change the quotation on the front page weekly. I updated it so it had everything students, parents, case managers, and others would need.

After we distributed Chromebooks and kids brought their individual devices to school, the website became a digital blackboard, a powerful way to extend the classroom beyond the walls of the school.

My district is now going to use a learning management system called Schoology next year and it will work as well or better than my old website. Schoology will be one-stop shopping for all learning materials, grades, and school information. It will be better than my old website.

So I am about to voluntarily close it. No one is making me. It is time. It has lived its life and now there are tools that will function more effectively. Mr. Hirsch’s Online Classroom will close after almost eighteen years of service. That’s a long run for technology in the twenty-first century. I don’t know if the old site will still be accessible, but I don’t think that anyone will miss it. It lasted longer than any of my computers.

Who knows how future children will access school information and on what devices? Perhaps I hung on to the old website too long. My goal is always to help develop independent and self-directed learners. My old website helped me do this. I am hopeful that the new system will do this even better. At the end of this school year, my website will truly be officially retired. It is sad, but it is time.