Part of the instructions talked about creating a secure password – not just the usual blah-blah-blah of “6 to 8 characters including an upper-case, number and special character”, but a REALLY secure password – one with multiple words that are seemingly random but easy to remember.

The comic XKCD illustrated it nicely, and I’m reprinting it again because he’s awesome.

But a recent article in Ars Technica explores the issue of weak passwords in more detail. It talks about what kind of computer hardware and software it takes to actually crack a password (answer: not much) and how long it would take. This graph says it all.

Note the overlap between the XKCD illustration and the graph. Longer passwords are harder to crack. 20-character passwords are all but impossible.

“20 characters?!?” you say, “Nobody can be expected to remember a 20-character password!”

“Correct Horse Battery Staple” has 28. And, as the cartoon says, you’ve already memorized that one.

Go. Change. Your. Passwords. Now.

Some of what I’m writing about comes directly from the experience the good folks at Gizmodo had just a couple of weeks ago. Let’s face it: if the people at a technology blog can get hacked, it’s a cinch that you can too. The only thing you have going for them that they don’t is that you are relatively anonymous.

Before I start, a reality check: If someone is trying to hack YOU – not just anybody they can get their hands on, but you specifically – then you are going to get hacked. They have infinite time and resources to do it, and odds are you won’t know they even had you on their radar until it’s over.

With that said, unless you are in politics or work for Gizmodo, you should be safe.

First: What you should have done already – back up.
Do you have a copy of your contact list? How about your email repository?

If you don’t, you are being reckless, hacked or not.

Backing up email is outside the scope of THIS post (but it’s a good idea for another one down the road). Let’s just say for the moment that you have everything backed up.

Second: Verification
Are you SURE you got hacked? It’s easy enough for someone to make emails LOOK like they came from you, so be certain. The best acid test is for you to back up all your contacts and email, and then clean EVERYTHING out – everything in your sent items, your folders, your contacts, ALL of it. You have it all backed up, right? So it’s no big deal. Well, not as big a deal as being hacked, at least.

Now, change your password. Make it something weird – include letters, numbers, uppercase, etc.

Now wait a day or two. If people are still getting strange messages from you, you have probably NOT been hacked. Someone is just spoofing your email address. There’s not much you can do about that unfortunately.

If the emails stop though, it’s a good sign you’ve been hacked. The good news is that the bad guy no longer has access to your email. The bad news is that he did, along with everything in it. You don’t want that to happen ever again.

Next:  damage control
Assess whether you really need to keep your current (hacked) email account, or if you can switch. If you are using AOL, Hotmail, Yahoo, SBCGlobal, or any one of a host of other smaller email providers, I’d say it’s time to switch.

Why? I want Yahoo to make a comeback as much as the next guy, but the reality is that they are having trouble, and the security of their FREE email service is not likely to get a lot of attention right now. Ditto a lot of the small fries. Time to jump ship.

If you aren’t ready to switch, you can still follow most of the instructions below.

Set up your new home
Get a Google Mail account. It’s quick and simple (http://mail.googl.com)

While you are at it, pick a fairly difficult password. “Difficult” does not mean “hard to remember” or “impossible to type”. It means “hard for a person or hacking program to guess”.

Here’s a hint: use a phrase instead of a word. Use the underscore ( _ ) instead of spaces, but otherwise, pick something you can remember, but is more than one word. “Ring_around_the_rosey”. Add punctuation (“Stupid_mean_people_suck!”) and the password became even harder. Why? I leave it to the awesome creator of XKCD to explain (http://xkcd.com/936/):

Once it’s created, set up two-step authentication. Why? Because it guarentees nobody can ever use your email unless they are pretty much sitting in your house.

It works like this: When you sign into your email on a new machine, you will get a text message on your phone (or a phone call, if you prefer). The message will just be a number. You enter the number onto the login screen, proving you are “you”.

While it sounds like a hassle, it’s actually no big deal once you set it up. And let’s be clear: Someone who tries to hack your email is INSTANTLY foiled. They can’t log in without that magic number, which is being sent to YOUR phone. So you know someone is screwing with your account and at the same time, they can’t get in.

If you are on Gmail, you set it up by going to your account page (https://www.google.com/settings/account), clicking on Security, and changing the “2-step security” settings you find there.

Finally, ease the transition
Back on your old email account (you changed the password there, too, right? How about checking to see if IT supports 2-stage authentication? Just to really make it hard for the guy who originally hacked your account.) set up email forwarding to your new account. That way you don’t miss a message as people get used to your new address.

And another thing
Changing your email is an important step, but it’s not the only one. You probably have a lot of “things” that use your email for verification – Facebook, Twitter, Pinterest, bank accounts, etc. Make sure you change those too.

While you are on those systems, change your password (again, consider using a “pass phrase” instead); and check out their security settings to see if you can ratchet them up a notch.

All that happened this time was your email got compromised. But you don’t know if that was part of a larger effort to dig into your electronic life.

Trust me, there are worse things than losing all your email contacts.

In a word, I got focused.

AdatoSystems has always been a “me, myself and I” operation, and the website has therefore always focused on whatever it is that I was focused on. Since I split my time fairly evenly between the completely-not-overlapping areas of systems monitoring and automation on the one hand, and website design and monitoring on the other, the website has always suffered from a bit of an identity crisis.

While it didn’t bother me too much, it was increasingly confusing to my customers. The old logo – highly monitoring-centric – was just a bit overwhelming to my website customers. And my blog comment was almost entirely related to web design, which left out people who came here looking for monitoring ideas.

To resolve this, I created two sub-sites, each dedicated to it’s specific area of focus. There is monitoring.adatosystems.com (focused on monitoring, of course). And the site devoted to web design is named, aptly enough, webdesign.adatosystems.com.

This original site, www.adatosystems.com, remains, and will be the place I post some of my more generic (or esoteric) ideas.

Everything will link back to the social media you are probably using to following me anyway – my Twitter feed, Facebook page and LinkedIn profile.

So look for more monitoring articles to appear on the Monitoring and Webdesign subsites in the coming days and weeks. I’ll be moving some of the old stuff from the main site that belongs here, as well as generating brand new content for you to enjoy.

I need to shift gears for a minute and talk about something personal. If you don’t feel like reading about me gushing about my family, it’s time to click “Next”.

I really love my kids. All (4) of them. They do some amazing, funny, incredible, funny, interesting, and funny things. And they’re funny, too.

But recently one of them has done a few things that are amazing enough that I had to comment on it. I’m well aware that she hates being publicly acknowledged (she takes after her Mother, rather than me) so she’s going to hate this. And you know what? Tough.

Let’s start with her committment to education. Back in the summer before eighth grade, she decided that public school wasn’t for her. That’s not unique. Lots of 13 year olds say “school sucks”. But her reasons were a little different: It went too slow, the kids were (generally) too unfocused, and she felt she could get more done on her own. So, for her eight-grade year she basically home-schooled herself, with light supervision from my wife and I. And it worked. She rocked through the year, usually in less hours per day or week than school would have taken. She was happier, she had learned more, and everyone was happy.

While she stopped homeschooling and moved to an online school the following year, she still enjoyed a level of freedom and control over her schoolwork that few kids get to experience.

The net result? Here at the end of her 11th grade year she has exactly one credit left in order to complete High School. And that’s after taking just one credit this year. She had all but completed high school in 2 years.

She held back those two credits because my state has a “Post Secondary Education Option”, which means it will pay the tuition if high school kids go to college before graduation. So this year, at the tender age of 16, she also enrolled in her first set of freshman courses at a local college and took more-or-less a full load of classes. By the time she graduations from high school, she will have 2 years of college also under her belt.

Honestly though, lots of kids do that around here – dozens, if not hundreds. If that was all, I’d be proud but I wouldn’t be writing this post.

During this past year my daughter also got a job, at a local bakery. She liked to bake at home, and thought she could leverage that interest into work that didn’t make her want to gouge her eyes out with a happy meal toy. It was a good job, and my daughter learned a lot and had a good time in the process.

Then the owner of the bakery went in for a routine medical exam and the doctor found a lump near his kidneys. Suddenly he was looking at surgery and several weeks of recovery, and nobody at the bakery to cover during that time.

So, for the next two weeks, my daughter went in to work at 4:00am to learn all the recipes. And for 2 months after that, she was the baker. She didn’t run the store – there were other adults that handled the books and billing and such. And the rest of the back-room staff were still there to do their jobs. But every morning it was my daughter who came in and lit the ovens, maintained the inventory, mixed the ingredients, rolled out the cakes and breads and cookies, tested and approved the results before it moved to the front to be sold.

For two and a half months, she ran herself from 4am until 9pm, working the bakery, catching classes at college, going back to the bakery, then coming home to study and write reports and attend her one high school class. All so a man she had only recently met would have a business to come back to after he recovered from having a 2.25lb cancerous mass removed from his back.

During that time, if you asked her about it, you’d get her trademark shrug, a “whatever”, and then she would tell you how the cake decorator threw flour at her this morning in retaliation for the prank she pulled on him the day before.

Then came the crash. The bakery stayed open late into the night one weekend, and everyone was on hand to deal with the anticipated flood of customers. What they didn’t anticipate was a car coming through the front of the store. Nobody was hurt, and in the end the store didn’t even lose a single cupcake. But having a 2002 Mercury come through a plate glass window can be unsettling, to say the least. Some of the staff was so shaken up they had to go home. But, according to the adults who were there, my daughter was unflappable. She moved between  tasks – pulling bread out of the oven before it overcooked; moving product away from the broken glass; finding boxes and buckets for the cleanup; ringing up sales for customers who  were undaunted by the damage and still wanted their two loaves of rye, sliced if possible.

For a grizzled old jaded adult, there are things to be learned in all of this.

• Working harder today does not always mean you earned the punishment of having to work harder again tomorrow. Sometimes it means you get to do what you want tomorrow.
• If your values say “yes”, it should always trump your fear saying “no”
• Don’t underestimate yourself, don’t overestimate the challenge, and don’t overthink the situation.

Yesterday, she reached another milestone. At 17 she took her last final, and simultaneously completed her junior year of high school and her freshman year of  college. I don’t think she’s going to pull straight-A’s this year. I believe there will be a “B” or two in the mix.

In this case, I’m not inclined to sweat the small stuff.

As I was setting things up, I prototyped it on my server (like I always do) and it looked great.

Then I installed the them on the production site and noticed there was an upgrade for the theme, so I ran it. Lo and behold, the menus on the top weren’t working.

Since I can be pretty scattered about changes; and because modifying a theme to support WordPress’ built-in menus has become second-hand to me, I thought maybe I had forgotten doing that step. But no, that wasn’t the case. In fact, when I upgraded my test site, the problem appeared there as well.

Luckily, the guys over at InkThemes are a great (and responsive) bunch. Even using their free support, I got an answer in under 24 hours, which you can find here.

But the upshot is that one word reversal in their function code made all the difference in the world.

If you are experiencing this issue, find the line that reads:

add_action('after_theme_setup', 'inkthemes_register_custom_menu');

…and change it to…

add_action('after_setup_theme', 'inkthemes_register_custom_menu');

It’s an email one of my customers received recently. I’m listing out all of this bozo’s information so you (or your customers) don’t get scammed:

Dear Manager
We are a professional intellectual property rights consultant organization, who mainly deal with the global domain name registration and internet intellectual property rights protection.

12th,3,2012 we received an application from Matas export trade Limited. They want to register () internet brand and CN domain names. But after checking it, we find this name conflict with your company name or trademark. In order to deal with this matter better, it’s necessary to send email to you and confirm whether this company is your distributor or business partner?

Please let me know whether you let they use or register them by yourself. Waiting for your reply.

Kind Regards,
Jerry Lan
Brand Registration Department Manager
HongKong Newname Net Service Co., Limited
www.trademarkdns.com
E-Mail: jerry@trademarkdns.com
Tel: +00852-8193 0858, Fax: +00852 8193 2728
4A, Units 19/F, Far East Consortium Bldg., 121 Des Voeux Road, Central, Hong Kong

My customer was (understandably) agitated and, believing this to be a real situation, responded. This is what he received back:

Dear Sir,

Since you have no relationship with this company, we assume that they have other purposes to obtain these domain names. Matas export trade Limited want to register the following Domain name:
<yourdomain>.cn
<yourdomain>.com.cn
<yourdomain>.hk
<yourdomain>.com.hk
<yourdomain>.tw
<yourdomain>.com.tw
<yourdomain>.asia
Internet brand:(<yourdomain>)

If your company do not want other to register them, and need to protect by yourself. I will send you an application form to fill out. Then we will use it to reject Matas export trade Limited’s application and help your company to register it. If you think that it is not influences your company and give up it, we will help Matas export trade Limited to register it according to the registration procedure.

That’s when my customer got me involved. Here’s my response to him, and my take on the entire situation.

“My opinion is that the best way to deal with this is to ignore it. It’s meant to scare you into hasty action. Note the wording. He’s contacting you with an offer to PROTECT you from this other company infringing on your brand. What’s that sound like? Yep, Vinny and his cousin are standing in your store, saying what a shame it would be if there was a fire.

Those domain names are – in my not-so-humble opinion – less than useless to someone UNLESS they are going to actually develop it into a website.

If I just buy “.biz” and stick a single web page on it, it’s not going to show up on the search engines and it’s not going to do any good (or harm).

My advice is to either:

1. let it drop.
2. buy up all those domain names at $15 per name per year. It’s not THAT much if it’s really going to concern you. If you do, I would only buy the .net, .org and .biz variants. The ones he’s listing – .cn (China), .hk (HongKong) and .tw (Taiwan) are really less than less than useless.

Meanwhile, if you would like a copy of the presentation, it’s attached to this post as a PDF document:

OBBA_20120229

To those who attended: Thanks again for making the time to listen, and I hope to have a chance to work with you in the future!