News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon

Blog Archives

  • Easiest way to make it easy for attackers

    Posted on November 18th, 2020 at 21:37 Susan Bradley Comment on the AskWoody Lounge

    We are really bad at picking passwords.  Truly we are.  I’ve also seen that many folks use the same passwords in many web sites.  So attackers only have to get a data dump from one hacked database and then they can try to reuse these passwords in other places.

    Do yourself a big favor:  Over the holiday season see if you can 1. pick better passwords (passphrases) and 2. see if the site allows you to add two factor authentication.

  • Changing my mind about Facebook

    Posted on September 23rd, 2019 at 01:00 Tracey Capen Comment on the AskWoody Lounge


    Amy Babinchak

    Undoubtedly, you’ve seen the invitation to sign in to a website with your Facebook account. And you ask yourself: “How can that be safe?”

    Using one account sign-in for everything goes against a basic tenet of password security. And you’re trusting Facebook to keep your credentials secure — and not share them. (Sharing is core to Facebook.) And yet you watch as all your friends get hacked and cloned while using conventional sign-ins.

    Read the full story in AskWoody Plus Newsletter 16.34.0 (2019-09-23).

  • Microsoft: Forced password changes don’t work

    Posted on April 25th, 2019 at 15:30 woody Comment on the AskWoody Lounge

    Yesterday, Sergiu Gatlan at BleepingComputer wrote about Microsoft’s newfound antipathy to forced frequent password changes.

    You know the problem: Every 30 or 60 or 90 days, you’re forced to change your password – and the new one can’t match the last 12 of them. Your solution is probably the same as mine:


    and so on. With the way technology has changed (I hesitate to use the term “improved”), frequently changed short passwords don’t hold a candle to LongPasswordsThatYouCanEasilyRemember. Even old LongPasswordsThatYouCanEasilyRemember work better than Shorter1, Shorter2, Shorter3. Forcing you to change them every 30 days only pushes you toward less secure passwords.

    Of course, you use a password manager such as LastPass or OnePass or KeePass. In that case, changing your password every 30 days is just a pain in the neck. No security improvement at all.

    The topic has come up because Microsoft just released its newly revised “Security baseline” for Win10 version 1903. It’s still marked Draft, but should be solidified before too long. Here’s what MS says:

    When humans pick their own passwords, too often they are easy to guess or predict. When humans are assigned or forced to create passwords that are hard to remember, too often they’ll write them down where others can see them. When humans are forced to change their passwords, too often they’ll make a small and predictable alteration to their existing passwords, and/or forget their new passwords. When passwords or their corresponding hashes are stolen, it can be difficult at best to detect or restrict their unauthorized use.

    Bravo and huzzah!