Grab the latest edition of the monthly "News & Tricks" newsletter

The latest edition of the White Collar Handyman "News & Tips" newsletter is out.

Grab it here, and if you're not yet a subscriber, the sign up form is just over there to the right. Please sign up!

Need another reason to use strong passwords and two-factor authentication? iPhones Held Hostage!

One of the of the security features offered by Apple for its computers, iPhones and iPads has turned around and bitten several Australian users who found that they were suddenly locked out of their devices and asked to pay a ransom of up to $100 to a hacker holding access to their devices hostage. 

Find My Phone is a great security feature that allows an iPhone owner to remotely lock his or her device should it be lost or stolen, thereby securing all the data on the phone and rendering it useless without the entry of a security code. But, problems arose for the Aussies when a hacker going by the name of Oleg Pliss somehow obtained usernames and passwords, and locked the rightful owners out. Apple says it has not been the victim of any security breach and suggests that credentials were gained either by phishing or because of password reuse.

Phishing attacks are just a modern form of film flam and trickery. A scammer sends an email that looks authentic, and the dupe dutifully responds with all kinds of information that is best not shared with bad guys. Phishing can be thwarted by never clicking on links in emails. If a legitimate web site needs information from you, you will be able to find their inquiry on their website. If you get an email asking for any information:

1. Make note of what website it is supposedly from.
2. Delete the email.
3. Go to the subject website by opening your browser and using your own bookmark. If you do not have a bookmark, enter the URL for the website you are trying to reach, or use a trusted search engine to bring you to the genuine site.
4. Log in and look for a message to you.

Follow this method for dealing with emailed information requests and you will avoid falling prey to almost all phishing attacks.

I've discussed Password Reuse before. In a word, it's bad. If you use the same username and password at more than one site, once a hacker gets information from one web site breach, he has access to every account you have that uses that username/password combo.

Finally, Two-Factor Authentication: In a word, it's great! Here is a large list of websites indicating which do and which do not have 2-Factor Authentication. In short, without rehashing what's been said before, if a provider offers 2-Factor Authentication, use it, and if they don't, encourage them to do so.

Learning a Thing or Two about Email Security from Sarah Palin

Even if you have followed the advice to generate a unique random 30 character password for your Internet account passwords, you are still in danger of being hacked. Certainly, the danger is more remote. The fact is, most hackers are going after random accounts on the Internet looking for the low hanging fruit. If your password is KjuD;NnoG7RaygNNuFcsCHQmwcofLv and someone else's is "g00gle123" chances are it's the other guy who's going to be victimized.

But what if it's more personal? What if it's an ex-employee, ex-spouse, vindictive co-worker or neighbor or some other vengeful sort with you in their crosshairs? This targeted hacking presents another problem that banks, credit card companies and others seem to be setting you up for.

What's your mother's maiden name? Where did you go to high school? What's the name of your first pet? Where did you honeymoon? What's your maternal grandfather's first name? What's your date of birth?

Recognize these types of questions? It's the "Lost Password Trap," and it's just out there waiting for you. Do you remember answering those questions when you set up your online banking? Sure. It's these questions that a website will use to verify your identity if you forget your password. But do you remember answering these questions over cocktails, during pillow talk, or merely in casual conversation? How much of this is simply findable on your Facebook profile?

This is exactly how Sarah Palin's email account was hacked in 2008! A hacker, claiming to be Sarah Palin went through the Yahoo email procedure for recovering a lost password.

Birthdate: 2/11/64
Zip Code: 99654
Where did you meet your spouse: Wasilla High

Similar techniques were used to infiltrate the Twitter accounts of Barack Obama, Britney Spears, Lily Allen and lots of not-so-famous victims.

Some will advise you to make up a fake answer to these questions. Not bad, but your fake answer may be as guessable as your real one. Mother… Goose? Pet…Fido? If you can keep it in your head, it's probably not a great idea.

How about using your random password generator to come up with a short but random string of characters, and saving it in your password management app?

Mother's maiden name? oL-eF-yeph

What's In Your (Digital) Wallet?

On April 29, the Supreme Court heard the case of a young man who was pulled over for driving a car with expired tags.

"Hmm… coulda happened to me," you think.

Sure, that or an inspection sticker, tail light out, jaywalking, whatever. What happened next is frightening. The cop who pulled him over picked up young Mr. Riley's Samsung Instinct M800 smartphone and took a look-see. There he found pictures that linked our motor vehicle violations suspect to an unsolved drive-by shooting that ultimately resulted in a murder conviction and a 15-to-life sentence.

While few of us will have sympathy for a murderer who was convicted of murder, the thought that I could be jaywalking down the street at one moment and giving the police complete and unfettered access to everything on my iPhone the next (photos, email, documents) is horrifying.

This is one more reason to have a strong password on your smartphone: Although the protection provided by a strong password might not survive a court order, it will certainly prevent the immediate disclosure of your most personal photos and emails during a routine traffic stop!

You may not have killed anyone, but is there anything on your phone that you don't need Barney Fife taking a gander at? Riley's lawyer argued that it may be one thing for cops to go through your pockets and wallet, but letting them nose through an Android or iPhone at a traffic or sidewalk stop is like giving "the police officers authority to search through the private papers and the drawers and bureaus and cabinets of somebody's house." The Court's decision may decide whether it's legal for the police to search the digital contents of your cellphone without a warrant.

Even if it's legal, it doesn't have to be easy. Even a 4-digit code is better than nothing. Maybe take a moment to lock it up, now.

Teach your iPhone to Speak Correctly

If you use Siri to make phone calls or send text messages (and if you don't, why don't you?) it can be infuriating to hear the way she mangles some people's names, or even worse, refuses to call them until you say the name her way.

Let's say I have a friend named "Jimmy Kao." Every time I would ask Siri to "Call Jimmy Kao" she said, "I don't see Jimmy Gow in your address book. Perhaps you mean Jim Franklin?"

Yeah, Siri. Right. That's what I meant to say… not. So I got stuck asking her to call "Jimmy Kayo." I didn't like that, because I kept forgetting to say his name wrong, so I changed his nickname in my address book to "Jimmy Gow." Then Siri understood what I said, but also started referring to him as "Jimmy Gow" in print, like in texts and emails. But, no longer, thanks to this somewhat hidden-but-kind-of-obvious trick:

One day I said, "Learn to pronounce Jimmy Kayo" and Siri said, "OK, How do you pronounce the name (Jimmy)? and I said "Jimmy." Siri said, "OK, thank you. Which pronunciation should I use?" and there were 3 sounds for me to playback and choose from.

Next Siri asked "OK, How do you pronounce the name (Kao)?" and I said "Gow," and there were 3 sounds for me to playback and choose from. One of them sounded pretty close to what I wanted and I chose it.

What happened next was so cool! While she spoke the words "Thanks for correcting me on that, Rob. I'll pronounce it as 'Jimmy Gow' from now on," what it said on the screen was "Jimmy Kao."

Now Siri speaks my friend's names properly and spells them properly too, no matter how they're spelled or pronounced.

…and, with a last name like "Falk" I really appreciate being able to teach her the right way to say it.

iPhone Battery Life Tip That Actually Works, Immediately

If you have "Facebook Messenger," delete it. You're welcome. Go back to what you were doing.

I did this, and my battery life immediately and dramatically improved.

As it turns out, Facebook Apps are battery eating monsters, even when you think you are not using them.

Honestly, you could go in to your iPhone Settings > General > Background App Refresh and turn off Messenger, but why bother? Once you turn off Background Refresh, you have nothing but a big hunk of disconnected bloatware sitting on your phone, taking up space.

And, guess what? If you are like most people, you'll never miss it. Go ahead and open the Facebook App. Look in the "Messages" section. Yep, it's all there and you can continue to receive, reply and create messages right there. As it should be. In one app.

Facebook wakes up &
runs every 10 seconds!

Speaking of the Facebook App, it's gnawing away at battery life too. Unless FB updates are mission critical, consider turning off Background App refresh for it as well. And turn off Location Services for Facebook while you're at it: Settings > Privacy > Location Services and toggle Facebook to "off." Chances are you won't miss a thing.

If you're really curious, here are a couple articles that explain why Facebook Apps are killing your battery:

The Guardian, April 8, 2014

Sebastien Düvel, iOS Programmer Blog