Pelland Blog

Passwords: First Line of Defense against Identity Theft

February 14th, 2017

Passwords have come a long way since the days of Prohibition, when a knock on the door of a speakeasy required the necessary password for entry and the consumption of illegal liquor. Today, we use passwords and personal identification numbers for just about everything online, in an effort to protect the privacy of our personal information.

Identity theft has grown rampant, proliferating at a time when almost every personal or business transaction passes through one or more computer network. According to the Federal Trade Commission’s latest annual report (covering the 2015 calendar year, with the 2016 report due out in February 2017), there were 480,000 identity theft complaints filed during that time period. Of these, 45% involved tax- or wage-related fraud, 16% involved credit card fraud, 10% involved phone or utilities fraud, 6% involved bank fraud, and 4% involved loan fraud.

One recent report surmised that 15 million Americans have become the victims of identity theft in 2016. That means that 7% of all adults have been victimized in this year alone, with an approximate per-instance loss of $3,500.00. On average, these people spend an additional $500.00 and 30 hours of time trying to recover their identities and make their private information less vulnerable.

Start with Your E-Mail Passwords

My company provides e-mail hosting services through Google and Rackspace for our website hosting clients, and it is rare for a few days to pass without being contacted by a client who has purchased a new computer or mobile device but has misplaced an e-mail account password. For obvious reasons, we do not store those passwords, and we strongly advise our clients to keep records of their passwords in a secure location. Our only option is to assist with changing the lost password, which will then require that passwords be updated on any other actively used devices.

When setting up those e-mail accounts (or updating a password), clients are often annoyed that we will not agree to use a weak password like 123456, abc123, password, passw0rd, qwerty, steelers, yankees, football, baseball, camaro or firebird. (Yes, those are actual passwords that consistently show up on compiled lists of weak passwords.) In fact, Google’s Gmail will not allow an admin to use a password that is made up of fewer than 8 characters (although there are no further password security requirements beyond this minimum length.)

Some people make an attempt at generating a secure password that they can still remember. For example, they might concoct “AIwfCim2ft” from “All I want for Christmas is my 2 front teeth.” The rule of thumb is to use something that is both easy to remember and difficult to guess. This is definitely a step in the right direction, but something totally random that also uses special characters and spaces would be even better, although far less memorable.

Secure passwords will provide a layer of protection against some bad character obtaining your password and hacking into one of your accounts, but they are of far less value in protecting your identity should your account be one of thousands (or millions) compromised in a major data breach.

Hacks Happen

You do not need to be Sony Pictures getting under the skin of Kim Jong Un. Big companies are routinely targeted by hackers from around the globe, putting the security of their subscribers at risk when a breach occurs. In general, big businesses take extraordinary measures to attempt to maintain the utmost security standards, but it is an ongoing game of cat and mouse. For example, Facebook alone has paid out over $5 million to date in its not-highly-publicized Bug Bounty program, where it pays independent “white hat” hackers to identify and repair security vulnerabilities.

That is an example of what one big online business is doing; however your own personal security is to a great degree your own responsibility. You will want to check (and often disable) routinely loose security settings when you buy a new computer or mobile device or when you upgrade one of those to a new operating system. Keep in mind that settings that benefit convenience and ease of use are very often directly at odds with the safeguarding of your personal security.

There are many ways that passwords can be hacked online. The most common technique is the use of dictionary attacks, where commonly used words are highly vulnerable and easily uncovered. Another technique consists of using the brute force of computing power and sophisticated software to run through every possible combination of characters. The more bits of data involved (directly proportional to the number and random nature of characters), the longer it will take to hack a password. Complex character combinations and the use of encryption slow down, but will not prevent, the disclosure of a password to a determined intruder.

There are actually times when a company or individual needs to recover a lost password, and there are other instances where law enforcement needs to crack a password in order to uncover criminal activity. We are all familiar with the FBI vs. Apple Computer encryption debate, involving a cell phone owned one of the shooters in the December 2015 San Bernardino, California terrorist attack. Whether used for good or bad, there are dozens of free, open-source brute force hacking tools that can be easily found and downloaded online. Their existence and ease of access should provide a wake-up call to any computer or mobile device user.

Just in case you think that one of your own passwords is “secure enough”, enter it into this online tool for what will probably be a rude awakening:
https://howsecureismypassword.net/

HowSecureIsMyPassword_600x205_100
Minimum Standards

The minimum standards for password security that are generally considered acceptable today involve the use of at least 12 (preferably 16) entirely random characters (a mix of upper and lower case letters, numbers, spaces and special characters), never including a dictionary word or a repeated sequence, and with no password used in more than one application.

There are several online tools that will assist you in generating secure random passwords. Using one of these tool, I just generated a random 16-character password that I then entered into the secure password test site (shown above.) According to that site, the password that I entered would take 41 trillion years to crack. Here are two such password generator tools. Give one of them a try:
Password Generator
https://passwords-generator.org/
Bitwarden Password Generator
https://bitwarden.com/password-generator/

Storing Passwords

The best advice for keeping track of your cryptic passwords is to always maintain a written paper record in a very secure location. To simplify your life, you can also use one of several password managers that will allow you to encrypt and store all of your passwords in one secure location. You will only have to remember one password to access your files. (If you have been following along and learning from what I have written, that password will meet the standards that I have outlined above.)

The following are some of the best free password managers. They all work across multiple devices. Compare their features and choose one:

LastPassDashlaneKeePass

Bear in mind that even these password managers are vulnerable to hackers; however, in one documented security breach, only users with weak passwords were impacted. We are over a month into a New Year. Resolve to at least take a step in a positive direction when it comes to your online security.

This post was written by Peter Pelland

Print Marketing in a Digital Age

February 2nd, 2017

I thought that it would be a good opportunity to share some of the key points from one of my marketing seminars at the recent National ARVC Outdoor Hospitality Conference and Expo. In that seminar, I suggested that print marketing is very much alive and well in these days when most everybody obsesses over the impact of the Internet and its social media components. I also suggested that there are guidelines to be followed that will help you to maximize the impact of your investment.

First, target your marketing. A shotgun approach rarely works. For the same reason that it would make little sense to run an advertisement for a campground in Michigan in the Florida pages of a national directory, it makes total sense to embrace the opportunity to advertise in your own state association’s directory.

My next point was to never waste money on ad space that is too small to be effective. Size matters. An ad that is lost in the clutter generates little if any recall. Beyond size, a clean design that makes effective use of what is broadly referred to as “white space” will stand out on the printed page. That clean design will almost always be produced by an independent professional design firm that is working for you – not the publication – and that understands your marketing objectives and how to ensure that your ad is part of your business’s overall branding strategy.

Your print advertising should reinforce – and be reinforced by – your collateral advertising, website, social media content, signage, and branded merchandise. When it comes to graphics, colors, fonts, headlines and taglines, consistency is mission critical, and “close enough” represents nothing more than a missed opportunity.

Because you never want to settle for close enough, always see a proof prior to publication. If necessary, never hesitate to ask for a second or third proof. On the other hand, if you have been shown a third proof that you still feel is off target, it is time to decide what is going wrong. Is the design firm a mismatch with your company, or are you attempting to micromanage to the degree that you are interfering with the creative process? Always try to evaluate the marketing message from the perspective of a prospective customer.

Trust your designer to understand the “nuts and bolts” of ad production. We have all seen do-it-yourself advertisements with low-resolution graphics and text that is almost unreadable on the printed page. Your designer will choose the right color space, resolution, fonts, and file formats that will make your business look its best.

CMYKColorBars_115950142

A Few Secrets to Lowering Your Cost
and Maximizing the Impact of Your Directory Advertising

  • A professional design firm may qualify for a 15% agency discount, essentially negating the cost of its services. In a smaller publication with light distribution numbers, however, do not be surprised if your ad production costs equal or exceed the cost of the ad space itself.
  • Ask for discounts. Most publishers offer early payment discounts. You may also obtain discounts if you are placing more than one ad in a publication, if you are bundling your ad with other media, or if you hold out for a “remnant” – unsold advertising space just prior to a publishing deadline.
  • Insist on color, but never pay a premium for it. Most publications these days are printed in four-color process. Be aware that it does not cost a publisher a penny more to run your ad in full color than it does to run that same ad in black and white. Negotiate, and do not pay a penny more.
  • Keep your eye on auctions. Most campground state associations have fund-raising auctions that are incorporated into their annual meetings or conventions. These auctions often present opportunities to purchase ad space at deep discounts, especially if there are not several parks bidding up the price.
  • Ask for preferred ad placement. This generally means a right-hand page, with your ad adjacent to related editorial copy. You never want your ad to appear on a page (or a two-page spread) that is populated by nothing but advertising. Those are what I like to call “page-turners” because nobody spends time lingering on those pages. Negotiate premium ad space at no charge, using your leverage as either a new advertiser or a loyal advertiser. Never agree to “ROP” ad space. This stands for “run of publication” and means that you will have zero control over where your ad appears. It will usually be buried away somewhere in the back of the book.
  • Proofreading requires more than one set of eyes. We rarely see our own errors or omissions. Always get another set of eyes, but explain your objective. When you are asking somebody to proofread, you are asking them to look for typos or other blatant errors. You are not asking them to critique the ad concept or design at this stage of production. If you want design input, ask for that earlier on in the process, never forgetting the old idiom that “too many cooks spoil the broth.” Trust the professionals that you hire, taking the opinions of relatives and employees under advisement. Ultimately, remember that once you have signed off on a final proof, a publisher is beyond liability.
  • Always include a compelling call to action. Be sure to include your telephone number and website address, but present them in a manner that encourages people to proceed to that next step. Never expect any single ad to generate a significant amount of business in and of itself. There is only so much that can be said within the confines of a printed space. Use your ad as an effective tool that will encourage prospective customers to go online or call, where your persuasive process may continue to its intended conclusion.
  • Learn to say no, but also learn to say yes. Do not waste money on advertising that is not a natural fit for your business, but remain open to exploring new opportunities.

For any business to prosper, it is important to maintain ongoing awareness in the eyes of its consumers. This should be accomplished in a variety of ways, with directory advertising being an important component in the mix. Wisely executed, that directory advertising can easily be one of the single most effective components of your business’s overall marketing strategy.

This post was written by Peter Pelland