The Power of Distraction

So much for multi-tasking with a smartphone.  Researchers at The University of Texas at Austin have found the following:

...that it didn’t matter whether a person’s smartphone was turned on or off, or whether it was lying face up or face down on a desk. Having a smartphone within sight or within easy reach reduces a person’s ability to focus and perform tasks because part of their brain is actively working to not pick up or use the phone..

Source: The mere presence of your smartphone reduces brain power, study shows — ScienceDaily

We really are addicted to these things and they pretty much destroy our concentration.

The next time you are in a meeting look around the and see who has a smartphone in reach.  Doesn’t matter if it’s in their hand or on the table.  They aren’t actually engaged with the meeting.  Even if they think they are.

Everybody’s phone needs to go into a basket when they enter the room.

—————-

University of Texas at Austin (UT Austin). “The mere presence of your smartphone reduces brain power, study shows.” ScienceDaily. ScienceDaily, 23 June 2017. <www.sciencedaily.com/releases/2017/06/170623133039.htm>.

Practical Passwords for Regular People

“Dadada.”  According to the article below this was the password for Mark Zuckerberg’s hacked LinkedIn account.  I found this astounding.  And I am just a regular guy who works in an office full-time, not some super-geek.

seeker.com

“A group of hijackers known as OurMine, possibly from Saudi Arabia, briefly took over Facebook chairman and CEO Mark Zuckerberg’s Twitter and Pinterest accounts yesterday.” – Source: Seeker.com – How Not to Be Mark Zuckerberg About Your Passwords

But Zuckerberg is ridiculously wealthy.  He can afford to pay people to clean up the mess.

For the rest of us poor schmucks the article has some suggestions which are worth perusing.  I got my AOL account in the late 80s and have used hundreds of various online accounts since then..  I probably have at least 50 active user passwords.  It would be nice to have a reasonable way to manage that.  Unfortunately the suggestions are not packaged for users in the real world.  And the article fails to engage real-world questions that need to be asked about any website you use before deciding which to use:

  • Are you famous or do you otherwise have some sort of highly visible public profile?
  • Is the information you need to protect important?
  • Would theft of the information affect anyone besides you?
  • Is the data valuable?

If the answer to all these questions is “no” then pick any junk password you like.  If you answered with a strong “yes” to any, then find someone with actual expertise and don’t fool around with trying to do this on your own, particularly if you need super-secure options like hardware tokens.  But most people will likely answer “no” to the first and a mild “yes” to one or more of the rest.  So here is my stab at a rework of the suggestions, in order of priority:

  1. Turn on basic two-factor authentication (2FA) for every site that provides it.  Two-factor (or multi-factor) means something besides your user name and password is required to sign in.   The easiest version to use sends a text to your mobile phone with an access code when the site fails to recognize you.  A slightly more complicated but more reliable variant installs an app on a smart phone (which most people have these days).  Basic 2FA means most thieves will need your crappy password and physical possession of your phone.
  2. Lock all your computers, tablets, and smartphones.  A basic four-digit pin or pass-code is probably fine, provided that the device does not connect to a corporate network, and has no remote access capability (or remote access is turned off).  This is basic stuff.  You lock your residence and car, don’t you?

This should keep out casual thieves and provides reasonable security for most of us.  But if a thief gets both your passwords and access to your computer and mobile phone you have bigger problems.  You might now be some hacker’s personal project.  Or you might be bound, gagged, and in the trunk of a car bouncing along a dirt road.  As one writer has pointed out, your potential threats boil down to “Mossad or not-Mossad[1].”  If it’s the first one you are pretty much screwed.

For sites that don’t provide two-factor authentication, do the following:

  • Create unique and reasonably complex passwords.  Passwords should contain at minimum mixes of upper case letters, lower case letters, and numbers.  Special characters should be added if the site allows.  But as long as you do not spell out actual dictionary words, your passwords need NOT be super long or super complex.  Eight characters is good enough for most purposes.  Whether to use more depends on how much damage unauthorized access will do.  Passwords for your bank need to be longer than passwords for your streaming media.
  • Long passphrases can be easier for most people to remember than completely random sequences.  Just don’t use components that you have posted on social media.  Use something obscure, like the combination of a partial childhood address and the name of a childhood pet.  Or the long name of a band you would never admit listening to.  Then mangle it with numbers and mix the upper and lower cases.
  • If you have too many passwords to remember, then create a secured list to build a barrier between where you record them and where you use them.  A plain, old paper notebook is just fine, provided you keep it somewhere reasonably safe.  An encrypted Microsoft Office or Evernote document, or something equivalent will also work.  Or if you are at least slightly geeky you can use a password manager app[2].  The point is to find something that works for you and create the barrier.   So when your device gets stolen and/or hacked the thief doesn’t get your passwords.

The article had some additional suggestions, which are distilled below to something normal people might actually use:

  • Don’t let websites retain information that connects to your financial accounts.  This means debit cards, account numbers, or anything else that points directly to your bank.  The only exception I can see to this is the website of another bank.  Charges on a stolen credit card can be high-order nuisances.  But stolen bank balances are something else entirely.
  • If you let your web browser store your login information, then use a browser that encrypts the data and requires a password to access it.  And never allow storage on a computer you don’t own and completely control.

Oh, and if your passwords are stored on your computer or smart phone please remember these gadgets are not immortal.  Back up the list to a flash drive or printout and hide that  somewhere you can find it.  And be sure to include those stupid security questions and answers.  You might need them a year from now.

—————-

[1] James Mickens. This World of Ours. “;login: The Usenix Magazine.” January 2014
https://www.usenix.org/publications/login-logout/january-2014-login-logout

[2] If you want to really lock your stuff up and need a suggestion for a password app I use KeePass.  It’s highly configurable and open-source (and free).  I’ve also heard good things about LastPass but I’ve never used it.

December 4, 2017 update:  Thank you to a reader who pointed me to a secure password generator at this site: https://www.vpnmentor.com/tools/secure-password-generator/.  She rightly pointed out how easy it is to slip into making weak ones.

 

Death by Pillow

Very, VERY occasionally chronic problems are mitigated by ridiculously simple solutions.  For years now I have been plagued by sinus congestion at night.  Lately it seems to have gotten worse.  When I described this for my physician he asked an unusual question:

How long have you had your pillow?

I really had no idea.  I really liked my pillow.  It was a memory foam one that my wife used before moving on to something else.  Several years?  A dozen years?  Longer?

We talked a bit.  I had seen a specialist previously and the congestion was interfering with treatment for sleep issues.  The specialist suggested the use of a Neti pot.  Nasal irrigation does seem to work but, as I told my physician, I found putting water in my nose to be a high-order nuisance. I also expressed some unease at the long-term use of antihistamines (apparently there may be cognitive effects).  My physician mentioned that he could prescribe a nasal steroid instead.  But what he really wanted me to try first didn’t involve medication at all.

Wikimedia Commons
household dust mite

He suggested getting a new pillow.  He went on to explain that dust mites can invade the pillow over time and aggravate respiratory issues.

Apparently there is something to this and it may be a good deal worse.   Some years ago, University of Manchester researchers found significant fungal contamination in pillows used from 18 months to 10 years:

“The fungal spores found in the pillows fed off human skins scales and dust mite faeces…Lead researcher Professor Ashley Woodcock said the findings showed there was a “miniature ecosystem” operating inside pillows.  Source: BBC NEWS | Health | Pillows can harbour harmful fungi”

It’s been a bit less than two weeks since I ditched my (formerly) favorite pillow for a new one.  Still a bit stuffy which is probably due to spring pollen and the physician recommended something for that as well.  But I’ve slept soundly on about half of the past dozen nights.  Which is a huge improvement over none at all.

Usually when you think of killing someone with a pillow, images come to mind of an assassin smothering a victim by forcing a pillow onto their face.  Not by just having them sleep with one.  I have apparently been sleeping with my face in a microbial compost pile of dead skin, dust mites, dust mite carcasses, dust mite poo, and fungus.

That doesn’t seem to have been doing me any favors.