The recent heartbleed fiasco has really underscored the importance of smart online identity security. Here’s a couple quick tips to help make sure you’ve reduced the risk of heartbleed as well as future identity security.
Change Your Passwords Often
Many businesses require you to change your work password every 60-90 days, and while we complain about it every time it comes around, we all comply (we have to). But at home, many of us (myself included) use the same password for years. The first big step to protecting yourself from a compromised online identity is to make sure you change those passwords frequently.
Be Smart About Your Passwords
Technical people like to tell you to use “secure” or “strong” passwords, but really what we mean is that your password should be complicated. Something like “P@ssw0rd!” is much more complex than “Password”. That said, the best password is randomly generated. Now you may be saying, “Great. Random passwords are secure but completely unusable.” If you’re on your phone logging into a service and you have to type in “~!sdflkjw932kjs*” that’s certainly not very convenient.
Convenience is relative though, isn’t it? What’s less convenient—taking a few extra seconds to get a password, or cleaning up the damage from a compromised online banking password? And let’s be honest with ourselves—that Facebook service that’s now in the background of absolutely everything, can do some real damage if your password gets compromised. I’d argue that you should protect Facebook to the same levels you protect your banking passwords—especially now that you can “Login with Facebook” on so many other sites and services.
Get yourself a tool like KeePass. Not only is it super simple to use, but it’ll generate random passwords for you, it’ll automatically type them into the browser for you, and there’s versions available for every phone platform too. The other cool thing about KeePass is that it encrypts the password database it uses, so you can store that KeePass file just about anywhere. Don’t rely on it just being on one computer—what if that computer crashes or your house catches fire? Consider backing up a copy of your KeePass file to OneDrive, Amazon AWS, or another cloud backup provider.
You also need to be smart about your password selection. Many less-techy folks simply alternate between a list of standard passwords that they use over and over. How many of you go to work with “Password1”, then when IT tells you to change your password you make it “Password2”. Don’t do that! Patterns like that make your passwords far more easily cracked.
Using Two Factor Authentication
Most of your critical services (banking, Facebook, etc.) support Two Factor Authentication, and if you’re not using it you’re just plain crazy. I’d go as far as to say anytime you have a chance to use Two Factor Authentication, you should be. This process essentially forces an extra step of validation when you try to log in. There’s two main flavors: sending a text message with a verification code, and using an app on your phone to enter a randomly generated code. The first is pretty straight forward. If you’re logging into Facebook as an example, you’ll enter your username and password, then Facebook will prompt you to enter a unique code that they send to you via a text message. This process basically eliminates the risk of someone getting into your account if they only have your password. The latter process, using an app on your phone to generate that random number, is gaining popularity since it doesn’t require you to consume text messages or wait for the delivery of that message. You will install an application on your phone that will be synced with the service, much like those little RSA security tokens we used to carry around to VPN to the office. Most services support one or the other, not both, just look for a menu or an option to enable Two Factor Authentication and follow the steps they give you. Next to smart password management, this is the next best way to protect yourself. If a service offers it, you should be using it.
Look for browser security assurance everywhere you go. This tells you that the site is secure and protected by an SSL security infrastructure. Now, the unique thing about Heartbleed is that it in essence compromises the entire SSL infrastructure, but we won’t go into those details. Back in the day (I say that like it was more than a few years ago), you were told to look for a “padlock” or a “key” in the browser to indicate the website you’re on is secure. Modern browsers take it a step further and in some cases turn the entire address bar green. I’d go out on a limb and say you should never, ever, put any banking or credit card information into a website that doesn’t have a green address bar.
Go download KeePass for your computer and your phone, and familiarize yourself with it.
Change your passwords ASAP—especially if any of your websites are on the list of affected Heartbleed sites.
Discipline yourself to actually change your password frequently.
Remember that while Heartbleed has brought visibility to this, this isn’t a one time thing where you just fix the current threat. As everything moves to the cloud and becomes reliant services like Facebook, Google, Microsoft, etc. you need a strong identity management strategy.
Paul di Resta (GBR) snaking through turns 3, 4, and 5 at the Circuit of the Americas during Practice 3 for the United States Grand Prix! 200mm, F5.6, 1/1250, ISO320
I recently started looking to replace the default “SharePoint” text on the top of the SharePoint 2013 Suite Bar. What I expected would be a masterpage change actually turned out to be much more simple; enter the big hammer (PowerShell). If you dig through the changes to the SharePoint 2013 Object Model, you’ll find an SPWebApplication property called SuiteBarBrandingElementHtml, that does just what it implies… stores the HTML that gets put in the Suite Bar.
We can use some simple PowerShell to grab the SPWebApplication object, set that value to be whatever we want, and update the object; No masterpage or branding/UX changes required.
$webApp = Get-SPWebApplication http://path/to/webapp $webApp.SuiteBarBrandingElementHtml = "Company Name" $webApp.Update()
Coincidentally, after I figured this out and searched to see if it had been blogged before, I found this post. Shout out to Mat for documenting it first… that’ll teach me to search first.
It was a long work day today, so just a brief update on the Timelapse Engine.
This evening I was able to drill the control box and do a test fit of that mounted to the chassis. Everything seems like a good, sturdy fit at this point.
Today I also received a test print of one of the four idler pulleys for the drive track (shown here with a test fit of the 3/8″ idler drive shaft).
It’s a good day today. Not only was it a beautiful day out, but I also made a ton of progress on the Timelapse Engine. Last week, thanks to some help from my dad, we were able to get most of the core chassis structure prepped. Today was a day of drilling the main chassis panels, and tapping lots of holes. After spending 6 hours out in the garage, I emerged with the first test fit of the chassis components. Obviously this lacks the outboard chassis panels and drive mechanism, but things are starting to take shape!
I’m thrilled to say that the first of the six custom pulleys for the Timelapse Engine are here. This drive pulley is the first of the two drive pulleys and four idler pulleys required by the design, which are generated using a 3D printer.
Additionally, during my dad’s visit over the Easter break we were able to make a lot of progress on the core components for the chassis. All of the chassis supports are cut, and most have been drilled. All that remains is to complete the M3 and M5 screw tapping, and several remaining through holes. Once those are completed, I’ll move on to the inboard and outboard chassis components.
Diving into the world of SharePoint branding can be a real headache. What is the best practice for deploying my branding? How do I select a design firm? What is the impact of mobile devices and how do I ensure cross-browser compatibility? What are the new branding tools available in SharePoint 2013? These are all common questions that must be answered during the course of branding efforts. In this session we’ll look at the various aspects of SharePoint branding, and common pitfalls to look out for during your next branding project.