If you work in a business where you use networked computer systems, you know what I’m talking about.  Various surveys have shown that the average corporate network user has to remember anywhere from five to 15 passwords!

That number doesn’t include all the userids & passwords for your personal use such as online banking, credit card accounts, airline frequent flyer clubs, hotel or other travel club memberships, business or trade group member sites, online shopping sites, insurance or investment sites, personal webmail, blogs, online forums, gaming sites, … YIKES!  How do you keep it all straight?

We don’ need no steenking Online Security …

One way some people deal with this jumble of userids and passwords is to simply use a familiar word for all their passwords like the name of their spouse, child, or pet, or maybe their birthdate, house or apartment number, etc.  A recent survey showed that the most commonly used password is … “password”!

Unfortunately, this is almost as bad as no security at all, and is just what a hacker is expecting. They can download ready-made “dictionary attack” lists full of the most common names and number combinations used as passwords, then setup an automated script to try them out and see which ones work.  It usually takes just a few minutes to guess such easy passwords.

Some Password Advice

So how do you create a secure password? Here are some basic dos and don’ts:

1) DON’T leave your passwords on a sticky note pasted to your monitor or in your top drawer – 60% of all security breaches are done by insiders (co-workers, friends, or family members), not outside hackers!

2) DON’T use current telephone numbers, social security numbers, or the names of family members or pets – it’s pretty easy to go online and find out all kinds of information about you, including your birthdate, your family members, your home address, your phone number, and so on.  And that adorable picture of your cocker spaniel, Molly, on your Facebook page is a clue to your potential password as well!

3) DON’T use the same password for everything – some userids and passwords would have minimal impact if someone else learns them (like for accessing a blog or forum), while others hold the key to your financial well-being.  Use a different password for those high-impact security areas.

4) DO use acronyms – it’s hard to guess or remember a password that is a jumble of letters or numbers, so try making up an acronym that you can remember like “Steelers Fans Are The Greatest” or “I Like Rolling Rock Beer.” Turn this into an acronym and it becomes “SFATG” or “ILRRB” – nonsensical words to anyone who doesn’t know what they stand for, and hard to crack via a “dictionary attack.”

5) DO add numbers or other non-alphabetic characters to your passwords – this makes them even harder to guess. For example, if the home where you grew up (not where you live now) was located at 227 Maple St., you could add the numbers 227 to your acronym letters and come up with a password like this: ILRRB227 – a password that you could remember but would be very hard to guess or crack, even with specialized “cracker” software!

6) DO change your passwords on a regular basis – preferably 3 to 4 times a year, especially for logins that grant access to your personal information or bank accounts.  Some sites that provide access to highly sensitive information may require you to do this anyhow.  If you’re using my “acronym + numbers” recommendation, at least switch the sequence of letters or numbers around so the numbers are first instead of last.  Or you could change the numeric part of the password to another easily remembered number: perhaps the 3-digit area code or exchange of your old home phone number, the route number of the highway that you used to drive to work, the last two digits of your spouse’s or parent’s birth year, etc.

Hopefully these suggestions will help you secure your online account access while not making remembering your passwords a part-time job!

So grab your sharpened virtual No. 2 pencil, and let’s get started!

Q1: You just received an email promising that if you’ll pass this message on to 10 of your friends, the email tracking software that Bill Gates has developed for Walt Disney Productions will be able to keep tabs on how many people get your email and forward it; if your message gets forwarded to enough people, you’ll win a free trip to Disney World!  Your response should be:

A)     Immediately click on the “Forward” button and send the message to everyone in your address book so you’ll accumulate the most points possible.

B)     Only send the message on to 10 people that you really care about – after all, the message did say that they could track your emails, so you don’t want to get caught breaking the rules!

C)    Start laughing hysterically that anyone would be dumb enough to believe that all forwarded emails could be tracked.

Q2: Which (if any) of the following stories that are being spread via email are true:

A)     A policeman from Ohio warns against the dangers of “Dust-Off” (compressed air in a can) because his teenage son died from “huffing” the vapors.

B)    A distraught mother writes that her 9-year-old girl, Penny Brown, has been missing now for two weeks, and includes a picture with her plea for help.

C)    Mister Rogers was actually a Navy Seal with numerous kills to his credit in Vietnam before he decided to devote his life to helping children.

D)    If you locked yourself out of your car, you can unlock your car by having someone else call your cell phone and send the “unlock” signal from your remote entry device to your cell phone held next to your car.

Q3: True or False: Your bank will send you an email if they’ve spotted suspicious activity with your account along with a link to their web site so you can confirm your account details.

Q4: True or False: A public cell phone directory is going to be published soon and if you don’t call the number setup by the FCC to put your cell phone on the Do Not Call list, you will start getting telemarketers calling your cell phone.

OK, class, pencils down!  Now let’s see how you did.

The correct answers are:

Q1: The CIA might be able to track ALL forwarded emails, but not Microsoft or Disney, so the answer is C).

Q2: All but A) are hoaxes.

Q3: This is FALSE – it’s a “phishing” email from someone who is trying to steal your account information!  (I’m sure that you got this one right.)

Q4: This is somewhat of a trick question: several major wireless phone providers (most of them except Verizon) announced their intention to establish a ‘411’ directory of customers’ cell phone numbers back in 2006; however, the numbers would only be made available with customer consent and only to those who dial directory assistance and pay a fee.  However, this service has never been implemented.  Yes, the FCC DOES allow you to put your cell number on the Do Not Call list if you want, but this is redundant since their regulations already block most telemarketing calls to cell phones (unless you have a business that lists a cell phone number for contact info). Also, once a phone number is listed in the DO NOT CALL directory, it will not “expire” and require you to renew it.

By the way, all of the above came from actual emails that I’ve received. To check out any suspicious emails or Internet stories, I’d recommend the following sites:

http://www.snopes.com/ (one of the first places I check when I get a message that sets off my “sniff alarm”)

http://urbanlegends.about.com/ (another good source of up-to-date info about questionable messages and the latest viruses and scams)

http://www.factcheck.org/ (mostly deals political issues and other stories that are “in the news”)

Surf safely!

You’ve seen and heard them all over the place – strings of characters, dots, and slashes like these:

www.netgreenconsulting.com

www.duq.edu

www.beaufort.usmc.mil

www.theregister.co.uk

Yes, they’re links to web sites for various businesses and organizations. But what do these jumbles of characters and symbols really mean?

URLs and You

For Internet users, these are known as Uniform Resource Locators or URLs. Type one into your browser’s “Address” field, press Enter, and voila!  You are magically transported to a web page for that business or organization. But how does this magic happen?

URLs rely on the Domain Name System that I wrote about in a previous article. These names are read from right-to-left, with each section separated by a period or “dot”.  Note that the URLs shown above end (or start if you’re reading right-to-left) with .com, .edu, .mil, and .uk. These are known as Top Level Domains or TLDs. Each TLD was initially created for a particular type of organization that connected to the original US Department of Defense ARPANET (the predecessor to the Internet). The original 6 TLDs were:

.com = commercial organizations and businesses

.edu = educational institutions such colleges and universities

.gov = US Federal government agencies

.mil = the US Military

.net = network and telecoms providers

.org = non-profit organizations

Masters of Their Own Domain

It used to be that a single domain registrar in the U.S., Network Solutions, managed all domain name assignments for the whole Internet. In 1999, this lucrative business was put out to bid, so now a slew of international domain registrars administer the various TLDs.

In addition, each country has a designated two-character TLD that they are responsible for, such as .us (United States), .ca (Canada), .uk (United Kingdom), .mx (Mexico), .de (Germany or “Deutschland), .it (Italia), etc.  Many of these country-specific domains also maintain sub-domains that mirror the American TLDs, such as “.co.uk” for commercial entities in the UK.

The reason for all this domain registration administration is pretty obvious: there can only be one “netgreenconsulting.com” or “duq.edu” (my graduate school alma mater, Duquesne University in Pittsburgh, PA) in the entire world. If domain names were not unique, our web browsers and email servers would get very confused!  (It would be like having two different “Maple Streets” in the same town or postal code.)

Once an organization has registered a domain name, they can create their own sub-domains if they want.  For example, the U.S. Marine Corps has created the “beaufort.usmc.mil” sub-domain so they can better maintain the Internet services specific to their Beaufort, SC, area bases and personnel (near where I live in the “Lowcountry” of South Carolina). Thus the URL www.beaufort.usmc.mil points to the World Wide Web (“www”) server for the Beaufort area USMC bases that are part of the US Military.

Similarly, The Register, an irreverent IT-focused online publication headquartered in the UK, has the URL www.theregister.co.uk for its web site.  This indicates that their corporate domain “theregister” is registered under the “commercial” sub-domain for the United Kingdom (co.uk).

With Liberty and Domains for All

Needless to say, as the Internet has grown, so has the competition for desirable domain names; over 82 million second-level domain names are currently registered!  (You can check the current statistics here: http://www.domaintools.com/internet-statistics/)

The original restrictions on what kind of organization can get a domain name in a particular TLD have evaporated, at least in the U.S.  I can now register a .com, .net, or .org domain for just about any business or organization that I want, and businesses often have to go with one of the alternative TLDs if someone else has the .com domain that they would like to have.

Several new TLDs have been added, including .biz for businesses, .aero for the aviation industry, .tv for online television or video services, .info for information services, .museum for museums, and .name for individuals. The Internet Corporation for Assigned Names and Numbers (ICANN), the international organization that now has overall responsibility for Internet domains and IP addresses, is also considering proposals for new generic TLDs (currently 21 are in use) and internationalized domain names (domain names represented by local language characters such as Arabic, Russian or Chinese).

Hey, Buddy, Wanna Buy a Domain?

To register a domain name, you can contact any number of domain registry services such as www.networksolutions.com, www.godaddy.com, www.betterwhois.com, www.register.com, or the many country-specific domain registrars. Most ISPs can also register a domain name for you.  But don’t hesitate; if you find that a domain name that you want to use is available, register it as soon as possible, even if you won’t have a web site ready to use it for some time.  It’s worth spending the $10 – $20 per year to grab a good domain name before it’s gone. There’s always the off-chance that someone else may be genuinely interested in that domain name and may snap it up whilst you tarry (and I’ve seen it happen where a domain name that was available one afternoon was gone the next morning when a client tried to register it!)

I’ve also heard that some registrars allow “snooping” of domain name queries on their sites. A colleague of mine tested this out by going to a domain registrar web site (not one of those listed above) and doing a query of some nonsensical domain name that didn’t spell out anything recognizable. Within a few days, some “cybersquatter” had registered that domain name and sent him an email offering to sell it to him for twice the price it would have cost!

Also, be wary of dealing with ISPs or web hosting companies that offer to register a domain name for you.  Make sure that they register it in YOUR name with YOUR administrative contact info, not theirs, if at all possible; or if they will only register it under their business on your behalf, make sure they don’t lock the domain registration down with no way for you to move it to another provider in the future.  I’ve seen domain names lost by clients who didn’t get the domain expiration notice email because it went to their old web hosting company instead of to their email address. (And don’t forget to update your contact info if it changes!)

A final story: I was working with a Thai restaurant in the US that was negotiating with a web developer in Thailand. This web developer bought the .com domain that they wanted to use and then offered to sell it to them for $600!  Meanwhile, they had already put that domain name on letterhead and business materials in anticipation of registering it. Talk about a nasty international dispute!

David G.

Nope, it’s not a business name, address or phone number. But it’s becoming even more important than those identifying pieces of information to many of us.

It’s an Internet domain name. You know, all the “yaddayadda-dot-coms” that have become part of our daily lives.  (There’s a local auto dealer that I’d like to strangle every time I see his commercial and hear him loudly close with his website address, emphasizing the DOT COM – really, is the fact that he has a website the most important thing he has to tell us?)

You probably have one with your own identifier attached to it: your e-mail address, as in suzieq@mynetwork.com. Or maybe your business, church, organization, or even your family has a domain name so you can better serve your customers or members, as well as attract new ones, via the Internet.  Many online entrepreneurs have basically built their business around their domain name and the latest web technology.

Remember the Name

Why do we need domain names?  Basically, they function as virtual pointers to the real IP (Internet Protocol) addresses of devices that are connected to the Internet.

The reason that domain names were invented is pretty simple: we humans find it much easier to remember names than numbers, especially complex ones like IP addresses. This is why you’ll usually hear a business’ phone number three times in a radio or TV commercial but may only hear their Web site address once – if at all.

Computers, on the other hand, see everything as a string of ones and zeroes, so they work best with numbers. Names have no personal meaning or emotional attachment to them like they do for us humans.

For example, I can execute the DOS command ping www.wordpress.org on my PC and find out that this domain name actually points to the IP address of 72.233.56.138 – one of those “dotted decimal” addresses assigned to computers on the Internet.  In this case, it’s the IP address of the server where the main WordPress website resides.  By knowing this set of numbers, my PC can send out packets of information to that IP address and know that it will get to the correct destination.

The Domain Name System

Back in the early days of the US Department of Defense’s Advanced Research Projects Agency Network (ARPANET), there were few computers connected to what would eventually evolve into “The Internet.” But even then, the researchers using this experimental network found it much easier to remember and use names than IP or physical addresses.

Soon, an official list of system names and matching IP addresses began to be compiled – sort of an “ARPANET white pages directory” – and multiple strategically placed servers kept copies of this database available for lookups. This distributed names-to-numbers directory system became so popular that it was formally adopted as the Internet’s Domain Name System (DNS).

DNS is still one of the technological foundations for our e-mail, Web surfing, game-playing, online shopping, and other Internet-based traffic going all around the world. If you’ve ever experienced problems with accessing DNS servers, you’ll know it quickly when these applications fail to connect to other systems because the domain name can’t be found and matched to its IP address!

So the next time you hear or see an Internet domain name in an ad, remember – it’s being provided because you’re a human, not a computer!

Aaaawww, fuggetaboudit.

Maybe the Internet was a “bold new world” for many folks around the turn of the century. (That’s the 21st century for you folks with silver in your hair.)

But in 2009, the Internet has become ingrained into the very fabric of our society. It’s the always on, available everywhere, gotta-have-it-now, “I’ll just Google it,” “why is my Blackberry so slow downloading emails,” communications medium of choice.

Even my parents (in their late 70s) are reading and forwarding emails daily (“No, Mom, you don’t have to enter your cell phone in the Do-Not-Call database”), researching their hobbies and health problems on the web, and using a VoIP phone to talk to friends and family. Now THAT is market penetration!

(At least they use the phone to TALK; the Gen-Y crowd would rather use their iPhone to send Twitter updates than actually talk to someone on it, for God’s sake!)

Yep, the Internet is no longer a strange place where only academics, hackers and spammers hang out (although Lord knows there are still plenty of the latter lurking around). When Grandma and Grandpa start getting upset with their ISP because their Internet link is down for a few minutes (especially now that they’ve upgraded to cable modem service from dial-up), it’s no longer a novelty – it’s a utility, just like running water and electricity. It’s just expected to be there – and to work when they need it, by golly.

The Virtual Village Green

The Internet has become what the town’s village green once was a century or more ago – a place where you can stroll around, window shop at the stores, buy what you need, chat with your neighbors, argue politics, swap stories, play some games, listen to musicians, or just relax and watch the world go by.  Only now we’re zipping along at 10 Megabits per second instead of strolling at 3 miles per hour!

So think of this blog as your Virtual Village Green. We’ll discuss all sorts of things: life as a virtual business person, the Website Circle of Life (coming soon), life in the fast lane of Internet marketing (making a living from the Internet), life in America, family life, eternal life, the beginning of life, the end of life as we know it – and maybe even some alien life forms. (There DO seem to be a few of those living and working in our nation’s capital these days!)

Feel free to window shop, browse around, check out the “goods,“ and voice your opinions. Just don’t track any mud across my nicely manicured virtual lawn; I WILL cheerfully zap any “trash talk” with a photon torpedo!

Live long and prosper!

David G.