John's router from the ISP is very easy to get into, and there's no way to change the password. Will LastPass protect him from a brute force attack? Leo says LastPass will only help him if he's able to change the password on the router. Then he could use LastPass to generate a secure password and store it for him. Leo says if he can turn off WLAN Administration, then he should at least do that. Even if an outsider were to log into his router, they only could really change the settings. But this still isn't a great solution.
If you've had your email account hacked, then it may be time to take further security measures to keep it from happening in the future. Here are some simple steps you can take right now to better secure your account:
- Change your account password
Brad hears that you don't have to use your fingerprint for Apple's Touch ID -- you can actually use other body parts. Knuckles, palms, and even noses can work. Some guitar players or construction workers who have callouses on their fingers may not be able to use fingerprints. So for those people, they need to think outside the box.
Patrick is frustrated because Touch ID doesn't work on his iPhone 6. He's had his phone replaced and it still doesn't work. It recognizes his fingers for a day or two and then it stops. Leo says that there was an issue with "fingerprint rot," where the reader capability degrades, but Apple fixed that in iOS 8. So it shouldn't have an issue. If Patrick's fingers are clammy or wet, it won't work. His hands need to be bone dry.
George wants to know of a way to use his computer without having to use a password or user name because he keeps forgetting them. Leo says that passwords don't work. We have to remember them, so we tend to make weak passwords and use them on multiple sites. Steve Gibson has an idea called SQRL (Secure, Quick, Reliable Log In). The idea being that a smartphone app will automatically authenicate using a QR code so it just lets the user right in. Great idea, but behind the scenes it's a lot more complicated than that.
Mike wants to know about passwords and how often he should change the ones on his computer. Leo says that local passwords, like for logging into his laptop aren't that big of a deal. Someone would have to have physical access to the computer and a lot of time to crack it. So that's not really the one to worry about. It's the passwords online, and even then, those passwords are encrypted. Those who change passwords a lot are those who have passwords that are shamefully easy to guess.
Alan inherited an IT job and the previous person didn't leave documentation on how to access the hard drives. He tried a password recovery tool, but it didn't help. Is there a way?
Leo says that passwords are crackable if he has physical access to the machine. LophtCrack is one such utility. PogoStick is a popular one with the chatroom. There's also KON-Boot, which is a Windows bypass tool.
A recent article in the New York Times suggests that there may be some very deep meanings behind the passwords we create. The author of the article, Ian Urbina, got people to talk about their passwords and learned the stories behind them.
The Secret Life of Passwords (NY Times)…
Max found out that someone connected to his Wi-Fi network, which concerns him because he has a login key to prevent it. Leo says that Google backs up Wi-Fi passwords and other settings to its servers unless he disables it. It's meant for convenience, but it does mean that Google knows his Wi-Fi password. It's not likely that Google would do anything with it, though. It is important to note though that it would have to be stored unencrypted. But it's not really that much of a concern. It's more likely that someone got in with a brute force attack.
Kal took Leo's advice and created a second user account for his wife, so she wouldn't be using the administrator account for day to day use. But then he lost the administrator password. Leo says there are bootable discs that he can use to reset the password. Here's a support document from Microsoft that will help him reset the password. He can use another computer to create this disc.