Free PC performance scan "I repair computers for a living and was looking for a utility that would simply do what usually took me hours. PC Pitstop's Optimize did all of it and more. I am very satisfied with the product and have recommended it to numerous clients." Larry, CA ... Run a free PC Optimize scan now! PC Pitstop

Computer parts, accessories, and security Supplier of low-cost computer parts and accessories. Quantity discounts on all items. Computer cables, adapters, and converters | power strips and cords | network/telephone cables and parts | internal PC cables | tool kits | fiber optics | security | TV mounts. Computer Parts Plus

Move software and files to a new PC easily Easy, virus-free transfers of files and applications between computers. SoftRescue saves you time and money by moving applications, files, settings, and e-mail automatically. No CDs or keys needed for most applications. The only utility that leaves your new computer free from viruses, spyware, and malware! Multiple transfers with one license. Now only $39.95 for box or download. SoftRescue

See your ad here

By Becky Waring

The disclosure of a back door allowing bad guys to repeatedly guess Gmail passwords should remind us all to protect our accounts with long and strong character strings.

There's a straightforward way to protect your online accounts — use signin phrases that are easy for you to remember but hard for others to guess.

The latest vulnerability affecting Gmail accounts was recently revealed by security researcher Vicente Aguilera Díaz in a posting on the Full Disclosure security list. (Aguilera previously revealed a Gmail flaw known as session-riding, which Google subsequently fixed, as reported by WS contributing editor Scott Spanbauer on April 23 and May 7.)

According to Aguilera's new security alert, Google allows anyone with a Gmail account to guess another Gmail user's password 100 times every two hours, or 1,200 times per day. No "captcha" keeps hacker bots from guessing passwords in this way. Worst of all: If a hacker controls, say, 100 Gmail accounts, 120,000 guesses can be made per day. Because Gmail accounts are free, many hackers control far more than 100 accounts, of course.

To its credit, Gmail requires fairly long passwords of 8 characters or more. However, as Aguilera points out, Gmail allows users to create extremely weak passwords such as aaaaaaaa.

A quick survey of my friends and relatives revealed that not one of them uses strong passwords. Most people have no idea how to create them. Yet everyone I asked expressed guilt at using easy-to-crack passwords: pet names, birthdays, and common dictionary words.

Most people's passwords could be guessed in far fewer than 10,000 attempts. And, despite using weak passwords, the people I interviewed say they rarely change their signin strings. (One-third of the people surveyed use the same password for every Web site they sign in to, and the infamous Conficker worm needed to try only 200 common passwords to break into many systems, according to an analysis by the Sophos security firm.)

Here's the topper: many respondents to my informal survey admitted to keeping an unencrypted file on their systems that lists every password they use!

You may not think the password to your webmail account is valuable. But anyone with access to your account can use it to send spam and ruin your online reputation. More seriously, you may have entered the same password at an online banking site, such as PayPal, or a site where your credit-card number is stored for easy ordering, such as Amazon.

Use tough passwords but make them easy to recall

You can see whether your current passwords — you do use more than one, right? — are rated "strong" by using Microsoft's online Password Checker. I bet you'll be unpleasantly surprised by the results.


Figure 1. Test the strength of your passwords by entering them in Microsoft's Password Checker.

The three keys to strong passwords are length, randomness, and use of different types of characters. Each additional character multiplies the potential combinations a brute-force attack must try.

Random passwords use upper- and lower-case letters, numbers, and symbols. When at least three of these four categories are used, an eight-character password should suffice in most instances. According to the FrontLine security site, such a password would take a century or more to crack by a hacker using a single PC. The eight-character standard is also the minimum the Microsoft Password Checker deems "strong." Of course, the more characters in your password, the safer you'll be.

If you wish to create your own password, use a sentence or phrase you can recall easily and then tweak it for each account.

For example, start with the phrase "all good things come to those who wait." Then take the second letter of each word — or the only letter in the case of single-character words — to yield lohoohha. Then use upper case for every other consonant and substitute numerals or punctuation for certain vowels: loHooHh@.

(Never use any password-creation system you've read in a book or on the Web, including the example in the preceding paragraph. The password crackers read these articles, too.)

You can be as creative as you want with your rules. The goal is to produce a random-seeming combination of letters, numbers, and special characters — one generated by a set of rules you can remember and recreate.

Next, add a few characters denoting the site or the account for which the password is required. For example, you could add the first three letters of the site URL to the beginning, middle, or end of your base password, but five letters later in the alphabet, so "ama" for Amazon.com becomes frf.

By this time, you'll likely have a password that's at least 8 to 16 characters long and fairly random-looking — strong by any measure. When you need to change a password, keep the same rules and change just the base phrase.

Dos and don'ts to keep your passwords safe

Now that you know how to create strong passwords, follow these ten tips for using and protecting them.

• DO use a password manager such as those reviewed by Scott Dunn in his Sept. 18, 2008, Insider Tips column. Although Scott focused on free programs, I really like CallPod's Keeper, a $15 utility that comes in Windows, Mac, and iPhone versions and allows you to keep all your passwords in sync. Find more information about the program and a download link for the 15-day free-trial version on the vendor's site.
  
  
  Figure 2. Callpod's Keeper password-management utility lets you sync passwords between Windows and Mac PCs and iPhones.
  
  
• DO change passwords frequently. I change mine every six months or whenever I sign in to a site I haven't visited in long time. Don't reuse old passwords. Password managers can assign expiration dates to your passwords and remind you when the passwords are about to expire.
  
  
• DO keep your passwords secret. Putting them into a file on your computer, e-mailing them to others, or writing them on a piece of paper in your desk is tantamount to giving them away. If you must allow someone else access to an account, create a temporary password just for them and then change it back immediately afterward.
  
  No matter how much you may trust your friends or colleagues, you can't trust their computers. If they need ongoing access, consider creating a separate account with limited privileges for them to use.
  
  
• DON'T use passwords comprised of dictionary words, birthdays, family and pet names, addresses, or any other personal information. Don't use repeat characters such as 111 or sequences like abc, qwerty, or 123 in any part of your password.
  
  
• DON'T use the same password for different sites. Otherwise, someone who culls your Facebook or Twitter password in a phishing exploit could, for example, access your bank account.
  
  
• DON'T allow your computer to automatically sign in on boot-up and thus use any automatic e-mail, chat, or browser signins. Avoid using the same Windows signin password on two different computers.
  
  
• DON'T use the "remember me" or automatic signin option available on many Web sites. Keep signins under the control of your password manager instead.
  
  
• DON'T enter passwords on a computer you don't control — such as a friend's computer — because you don't know what spyware or keyloggers might be on that machine.
  
  
• DON'T access password-protected accounts over open Wi-Fi networks — or any other network you don't trust — unless the site is secured via https. Use a VPN if you travel a lot. (See Ian "Gizmo" Richards' Dec. 11, 2008, Best Software column, "Connect safely over open Wi-Fi networks," for Wi-Fi security tips.)
  
  
• DON'T enter a password or even your account name in any Web page you access via an e-mail link. These are most likely phishing scams. Instead, enter the normal URL for that site directly into your browser, and proceed to the page in question from there.
  

Table of contents

Scan, repair, and optimize your system RegistryWizard's free scan automatically identifies Registry problems and provides a complete Registry report detailing harmful system conflicts and errors. RegistryWizard cleans your Registry, safely fixes PC errors, and optimizes your system for peak performance. Give us just 2 minutes and we guarantee that your PC will run better, faster, and error-free! RegistryWizard

"Who wants a faster computer?" Now, at last, an easy, proven PC optimization formula that works in speeding up your PC without spending a penny on expensive hardware or complicated software — guaranteed! PC Secret Formula

Get Windows news and tech tips daily Replenish your mind with tech excellence! Visit the Infopackets site right now and get your daily fix of Windows news, reviews, tech tips, plus freeware goodies daily. Bonus: join our mailing list today and you'll also receive our highly coveted Top 10 Tech Reports, including PC Security Essentials, Windows Optimization Secrets, Top Freeware Antivirus Reviewed, MS Office Alternatives, and more. Infopackets Windows Newsletter

See your ad here

• "I just read 'Install MS's out-of-cycle patches for IE, apps' by Susan Bradley in Issue 208, 2009-07-30. It was clearly written, and I understand the need for the patches.
  
  "Maybe I'm uneducated or alone in this, but I cannot seem to get the hang of this patching stuff. I went to the security bulletin as recommended, but it doesn't seem to contain the information needed to download the recommended patches. Then I ran Windows Update, as recommended by the security bulletin. It found no unapplied, high-importance patches.
  
  "So then I went to Control Panel, with 'Show updates' turned on. For some reason, it shows patches according to Knowledge Base article number. I have no idea what the Knowledge Base numbers are for MS09-034 or MS09-035. As a result, I have no idea whether the patch suggested is on my system or not."
  

Table of contents

Save up to 76% on quality inkjet ink We offer the sharpest prices on the Web for quality ink and laser toner. Bonus: save an extra 10% by using coupon code DPL7349X. Free shipping to contiguous U.S. locations for all orders over $50. Offer expires 9/30/2009 and excludes OEM items. 4InkJets

Your old drivers are slowing down your PC Driver Detective provides the most up-to-date drivers specific to your computer, including all major-brand OEMs (Dell, HP, Compaq, Toshiba, etc.) and generic brands. We access a database of over 9.2 million device-associated drivers — the largest driver update database on the Internet. Driver Detective saves you endless hours of work and aggravation normally associated with updating drivers. Driver Detective

Get your message seen by 400,000 readers Does your company offer a product or service? Now you can place an ad in the Windows Secrets Newsletter and be seen by more than 400,000 active buyers of PC hardware and software. Bid as much or as little as you like to get the ideal ad placement. Take advantage of our all-new design interface, allowing larger images and longer text, and get updated stats in real time! Windows Secrets Newsletter

See your ad here

By Stephanie Small Think you know what it's like to be green? Perhaps you recycle compulsively, use earth-friendly cleaning products, drive a hybrid, and wear only organic clothing. Or maybe you believe simply eating organic food is enough to reduce your carbon footprint. Taco Bell has come up with what is truly the greenest thing you could do. For a limited time only, all items on the menu will be environmentally sound, taking none of their ingredients from nature. Beef, lettuce, and practically everything else will be replaced with artificial alternatives — which may not be much different than what the company's been selling for years. So grab a chalupa or burrito and taste the future! Play the video

Table of contents

TOP STORY By Becky Waring Gmail flaw shows value of strong passwords Use tough passwords but make them easy to recall Dos and don'ts to keep your passwords safe KNOWN ISSUES By Dennis O'Reilly Navigating the maze of Microsoft patches WACKY WEB WEEK By Katy Abby Go really green with Taco Bell's artificial food

	LANGALIST PLUS By Fred Langa Diagnose and repair network-connection glitches What's blocking my PC's port 80 connections? Tracking down the source of XP freezes What is WSE 3.0, and how did it get on my PC? Access .docx and other Office Open XML files
	BEST SOFTWARE By Ian "Gizmo" Richards Give Vista the best features of Windows 7 Freeware tweaks let you speed up Vista Taming Vista's User Account Control applet Easy way to disable unnecessary Vista services Be ready for trouble when disabling services Why I've decided to put Windows 7 on hold
	WOODY'S WINDOWS By Woody Leonhard Time to dump Outlook Express and Windows Mail Windows Live Mail isn't your only e-mail option Alternatives for OE and Windows Mail users Making the switch to Windows Live Mail What to do if the transition falls to pieces

	There's no fixed fee! Contribute whatever it's worth to you Readers who make a financial contribution of any amount by August 12, 2009, will immediately receive the latest issue of our full, paid newsletter and 12 months of new paid content. Pay as much or as little as you like — we want as many people as possible to have this information.
	A portion of your support helps children in developing countries Each month, we send a full year of sponsorship to a different child. Your contributions in August are helping us to sponsor Maria, a 3-year-old girl from Ecuador. Children International channels development aid from donors to Maria and her community. We also sponsor kids through Plan USA and other respected agencies. More info

More info on how to upgrade

Table of contents

• Visit our Unsubscribe page.
  

Table of contents