Keeping track of your Web site passwords

I have a dirty secret to share with you all today: until recently, I didn’t have a very good strategy for keeping track of my various Web site passwords and logins. Near my desk is a worn set of stapled sheets of paper with various notations about which username, email address, and password I have used to authenticate to its services. Luckily, I work alone, but still it bothers me that if someone were to break into my office, those special pieces of paper would probably be the most important thing to find. I know some of you use PostIt notes for this purpose, and keep them where no one would look, such as under your keyboards.

There is a better way, and I will get to it in a moment, but first I want to take you through what some of the other solutions that I have tried and rejected. Since I do most of my work on my laptop, why not just automate the credentials inside my browser? That is good for some of the sites that I use most frequently, but it isn’t very secure should someone get a hold of my laptop.

Another idea is OpenID.net, which is an open-source collection of Web sites that federates your identity, including Yahoo, MySpace, Facebook, and others. OpenID sounds really good, until you start to peek under the covers, and realize that if a phisher ever got ahold of just one authentication of yours at one site, they could pretty much gain access to the rest of your OpenID sites. This is more ‘phederated ID’ and a hacker’s paradise. The problem is that once you authenticate properly on one Web site, you can use your OpenID URL to gain access to anything else.

I have mentioned in previous missives Ping.fm and Quub.com that attempt to consolidate all of your social networking logins in one place, and be able to update your status messages across the board. But it is troubling when I get emails from Quub mentioning that they have upgraded their system and “had to clear everyone’s existing credentials that were encrypted with the old algorithm. Please re-enter your credentials under Settings …”

RoboForm is another solution, which basically automates the credentials and saves it in an encrypted spot on your hard drive. That is great, but what happens if you are using a different PC?

Another way is to use some form of two-factor authentication, so called because it uses something that you – and only you – have on your possession, such as a special and unique SecurID token. I have one for my PayPal account, it cost $5 and is well worth the added protection that it offers. Basically, no one else can use my account unless they use the token to sign in.

But the issue with these tokens is that you need one for each of your accounts. There are some vendors who are trying to get around this issue by using one’s cell phone as a second factor authentication tool including Phonefactor.com and FireID.com. Both require some integration of their tools into your applications, which isn’t very good if you want to apply them universally to all of your Web authentications. FireID’s solution involves using a special server that sits on my network, while PhoneFactor requires software agents to download to your desktop or to integrate into your Web applications.

So what else can you do? The service that I am trying out now is from Tricipher and called MyOneLogin.com. It costs $30 a year per user, and everything is done via their hosted service so there is nothing to download, other than an optional Firefox or IE browser plug-in to handle some tasks. You set up a special Web portal for your company, and then add your credentials to the various sites. It comes with hundreds of pre-set applications and works with either special knowledge questions (what was the name of your third-grade teacher) or with your cell phone. The good thing about MyOneLogin is that you can set it up and forget your passwords, because no matter where you are you can login to the portal and then to your applications. You can mix and match Web and internal apps, such as your VPN login, too, without any programming or installing any servers. And it is also a great solution if a company wants to keep control of these credentials to these sites, so when you leave you can’t take your logins with you.

Look for one of my WebInformant.tv screencast video demos in the near future that will show you more about the service. And you can try it out for 30 days for free if you are interested. Maybe now I can finally toss those special pieces of paper – but first I will have to make sure to shred them!

PC World: Is it time to switch to an all-wireless network?

In a word, yes. If you haven’t looked at your network cabling in a quite awhile, it might be time to consider upgrading to an all-wireless network infrastructure. Why? Because wireless is a very viable option that can connect all your PCs together.

You can read my column in PC World here.

PC World: How to save money on overseas cell calls

If you travel overseas, here in my column for PC World are some ways to cut costs since international cellular calls can be pricey.

Shrinking your PPT files

If you put a lot of images in your PowerPoints (as you should), you will have the problem of what to do with them when it is time to send them to your conference organizer. Do you email them as attachments? Maybe they are too big. How about Zip’ing them? Then your recipient has to unzip them. Here is a quick solution that seems to work well: use File Minimizer from Balesio AG. The software costs $45 and converts images and other objects in your slide deck (and also works with other Office formats) but keeps it a native Office file, so there is no conversion on the other end. I got a 10 MB PPT down to 2 MB, with no discernible loss of graphic quality. The storage of another slide deck was cut in half. Worth checking out.

PC World: Save time and money with online meetings tools

We all hate going to business meetings. But as the Internet becomes more ubiquitous, there are several useful tools that can help corporate workers schedule and run them more effectively. All of the tools work within most popular Web browsers, and most are available for free or for fairly low monthly fees. The real challenge is in understanding which tool works for particular situations, because not every meeting is held under the same circumstances.

You can read the entire feature, which ran today in PC World, here.

When to defriend and defollow

When I was growing up as a nerdy teen on Long Island, needless to say I wasn’t one of the Popular Kids. Back then we called it Junior High rather than the current appellation Middle School and now nerds are now the new cool kids. In my youth, we didn’t have reality shows where beauties met their geeks, Bill Gates hadn’t yet gone to, let alone dropped out of college, and the Steves were still eating fruits rather than making Macs. We didn’t even have computers, phones still had dials on them, and we all watched one of three network TV channels and read newspapers that came in the afternoon. And all of our parents bought American-made cars.

Ok, enough nostalgia. I give this as background, to explain my own behavior when I started getting involved in social networks. My first thought was to collect as many “friends” as I could, to grow my network quickly and add just about everyone that I had an email address for. Now that I have accumulated a bunch of people on Facebook, LinkedIn, Twitter and Plaxo, I have a different strategy.

I want quality rather than quantity. As my networks have grown – and they still aren’t as large as my college-age daughter (see, it is that underdog feeling again) – I have seen the “feed” streams that are produced from all these people just burying me in the details and status updates of their lives. I try to dip into this vast, deep flow of information on a daily basis, but it quickly overwhelms me. I run back to the relative comfort of my email inbox, where at least I can hit the delete key and pare things down to a reasonable single screen of to-do and action items and people that I have to return messages to.

Burger King ran a promotion not too long ago where they asked people to defriend 10 Facebook friends in order to get a coupon for a free burger. They were swamped with thousands of requests, thereby establishing the value of a friend at somewhere around a quarter. That is pretty depressing. I always thought a friend was worth at least a couple of bucks, if not more.

I also want to grow my networks slower, because like anything else on the Internet, I am concerned about customer retention and my networks are my customers. You are the people that will (hopefully soon, puh-lease) pay me money to speak at a conference, write an article or white paper, produce a screencast video, or do some custom product consulting. So I don’t want to just spam you with needless updates about what I had for breakfast or insights about my pets or family vacations, although I did get some interesting feedback when I mention the books that I read in my last missive.

So I have gotten pickier about who I add to my various networks. And while I don’t want to be as snobby as that Jr. High clique of popular kids, I do think we all need to take a step back and consider what our friending – and more importantly defriending –policies will be going forward.

Over at Twitter (where my network is still “just” a few hundred followers), there is a lot of activity around third-party apps that will automatically increase your network with all sorts of tricks. This is a bad thing, because those networks become less valuable as their feeds become larger. You will be adding more noise to the signal, and as a result, miss out on the important stuff.

I am still figuring out Twitter, to say the least. But I can tell you that my Twitter activities have saved me a grand total of $140, which is the overdraft fee that Bank of America initially charged me when I deposited a check to the wrong account. Through the miracle of social networks, I was able to tweet my bank, email them the information and get them to call me and correct the problem, and probably keep me as a customer.

Now, I don’t have all the answers here. Or even some of them. And I am glad that I don’t have to deal with the hyper social strata that are Middle School today. But I can take some small comfort that none of my 20-something children have Twitter accounts, at least not yet.

PC World: Sharing spreadsheets

If you are part of a business, sooner or later you want to be able to collaborate on a database with a colleague or customer. In the past, the easiest way to share a small database was to create a spreadsheet and email it to your collaborators. While this isn’t the best method, it has withstood more sophisticated competition.

I talk about why and ways that you can share spreadsheets and simple databases in this feature for PC World here.

Cool map of yesterday’s Google traffic foul-up

From Arbor Networks  – they claim 5% of total Internet traffic is Google-related. That big gap was caused by routing errors on Google’s part.

PC World: Better ways to share documents

One of the easiest ways to collaborate with a business partner or colleague is to e-mail a document to them, but it is also one of the hardest habits to break too. And while e-mail is so pervasive and nearly instantaneous, the notion of serial collaboration–I work on the document, send it to you and you work on it and send it back–is clumsy. The attached documents can clog up e-mail systems or get rejected by filters. If more than two people are working on it, someone has to be in charge of resolving conflicts.

There are better ways and I will show you a few alternatives in my column this week in PC World.

Baseline: Managing your hypervisors

Virtual machine technology is proliferating across enterprise data centers. Server consolidation, energy savings and better resource utilization are all good reasons to consider using one physical server running a series of guest VMs. But as you dive deeper into VM technology, especially for virtualizing servers, you need to have a better understanding of the issues involved, particularly when you reach the point at which you run your VMs on what are called “bare-metal hypervisors.” 

My feature in this month’s Baseline magazine goes into more details.