Blog posts

Posted on

Notes from Zoom Meeting – 14th May 2020

Not much to report, but we had a good chat – eighteen members attended (according to Jim) – thanks for the photo.

I encouraged members to take a look at the Flipboard magazine where I’m trying harder than I had been to curate articles that I think might be of interest to you all. There’s a link on the Blog (Home) page of this website, but here’s a link as well. One of the links I mentioned was this one on an AR app which I invited members to investigate and feed back to me what they thought of it!

I raised the fact that Google Meet was now available and invited anyone who had a Gmail account to take part in a test with me. I haven’t followed that up yet! It’s a direct competitor to Zoom and has been brought out of the Business suite that Google has because of the success of Zoom’s free offering which gives 40mins of video-calling.

We also briefly discussed Google Lens which is certainly available on Android, but I wasn’t sure whether it worked on iOS/iPadOS – it is as part of Google Search and Google Photos, but not as a standalone app. It also works with the Google Assistant on Android as well. Shame! Google Assistant is available on iOS/iPadOS though.

I mentioned that I’d been asked about Jamkazam as an alternative to Zoom by the convenor of the Recorder Group. It’s probably very difficult to make sure the latency of all the participants are kept in sync, but it might be a bit of fun. I suspect some expensive equipment might be needed to make it work successfully. I also suggested that Phil (as a member of the Group) might offer his technical expertise!

I advertised the Which? Scam Service and encouraged members to have a look at it. I started a new Topic in the Computing and all things Digital which I’ll retitle Scams and keep an update on ones that I come across.

I gave a demonstration of my new personal family website which I’ve been working on through early May and explained some of the design issues in building a private members-only website which incorporated a social-media element for closed family chats incorporating threads (which WhatsApp doesn’t) and embedded images (which again WhatsApp has difficulties with).

Ted expressed his pleasure with his new Huawei Honor 8A smartphone and explained he now had to work-out linking Spotify to it, as well as transmitting to his Chromecast machine and integrating with his HiFi. Several members had suggestions and I think that’s a good idea for a topic in the Computing and all things digital forum.

Postscript: This website, and all the others I have hosted with TSOHost went down for approximately 4hours on Friday – that wasn’t the reason why I didn’t get round to writing-up the notes until this morning though! I’m a bit disappointed they haven’t published a reason why they had “network issues”. Yes, I know they happen, but when they do the educated user would like to know what happened, and moreover what they’re doing to mitigate the problem in the future. I don’t depend on my livelihood for income from my websites, but others do. They (we/I) deserve better.

This was our attendance the previous week …

… again – thanks to Jim.

 

Posted on

Covid-19 Tracing app

What is Contact Tracing, and how does an app help?

This video from The Guardian is an excellent review of how Contact Tracing works in both a traditional and technology-enable world. You should watch it.

Contact Tracing Infographic

An Infographic that explains how Contact Tracing works

Approaches to creating a Contact Tracing app

Google and Apple have combined to work out a solution that works across iOS/Android devices. Here’s a document that explains how what they have done would work …

Overview_of_COVID-19_Contact_Tracing_Using_BLE

 

But there are Privacy concerns as this BBC article (with video) explains.  Regardless of those concerns the app is being trialled in the Isle of Wight. It’s useful to know the difference between the approach being used by the NHS and the Google-Apple approach, this article explains those differences.

However there are potentially difficulties …

France (how unexpected) have threatened Google-Apple over the fact they won’t work with France’s standalone approach (a similar approach to the UK); and it has been suggested that failure to adopt a common approach could threaten international travel – as “health passports” will be impossible to implement.

Then there are technical difficulties as iOS and Android devices work in different ways (not unsurprisingly) causing success of the Google-Apple approach to be dependent on a very high adoption amongst Android users.

The new NHS contact-tracing app could be used to send malicious alerts causing people to isolate unnecessarily, The Independent has been told. The app, which is being trialled in the Isle of Wight, tells users if someone they have been in close proximity with may be suffering from coronavirus, meaning they could be exposed. But because users can set off the warnings themselves by reporting symptoms – rather than positive Covid-19 test results – it could be used to send out false alerts. Dr Michael Veale, a lecturer in digital rights at University College London, said Britain’s tracing app had no measures in place to stop individuals “maliciously triggering notifications” using its normal functionality.

Then, on the technical front, some notes from Phil Edwards’ friend

On the Apple-Google Indirect approach

“Their approach seems pretty solid. I think they’re basically exposing some features that previously weren’t available to app developers. Both seem pretty determined to limit the potential for it to be exploited by governments; I think they announced yesterday/the day before that any apps using their system can’t also access location data.

Contact tracing is totally doable without central databases. I can see why a government might want to own data themselves, but there are big downsides (especially security when building in such a rush).”

On the NHSx Direct approach

“The implementation of this contact tracing app really hits that sweet spot between ‘Are they incompetent?’ and ‘Do they have ulterior motives?’ I’d advise against installing it but I doubt it’s going to work properly anyway in its current implementation because of various oddities around how Bluetooth LE works. This isn’t a great article but covers some of it.”

A better comment from Hacker News covers it clearer:

“‘Bluetooth LE has four main states: scanning, advertising, peripheral connection, and central connection. In order to exchange the data that the app needs it needs one device in the peripheral connection mode and the other in the central connection mode. This means one device must have previously been advertising and the other scanning. The two important states are advertising and scanning.Android devices can advertise in the background but they can’t scan reliably, they can do this for a short period of time enforced by the Android time limits on apps running in the background and possibly manufacturer specific power savings measures. These limits are not well documented and cause issues on any device using Bluetooth.iOS devices can’t advertise in the background, however they do advertise an Apple specific advertisement which can’t be controlled by the app but can still be connected to. iOS devices also can’t reliably scan in the background however they can scan more reliably for iBeacons (special adverts) [1]Combined this makes it difficult to work well in the background, Android devices can’t reliably connect to any device, iOS devices can’t connect to each other but iOS devices may be able to connect to Android devices.'”

Finally, a potential for Fraud

Plus fraudsters have not been slow to latch-on to the possibility of piggy-backing on the NHS app as this article in The Guardian show (thanks Phil for the link).

Other references:

The NHS Covid-19 website

 

Posted on

Using Zoom safely

Updated 13th May

Since this article was originally written back on March 31st, some other U3A have started using Zoom, and I thought it sensible to Review this article and see if I should change anything in it. Any changes will be marked in red. However, before I start, a couple of things.

Zoom have recognised that there were defficiencies in their security model and have moved in their new client (version 5) to implement end-to-end encryption – that’s what you get from WhatsApp. After May 30th, all users will be using version 5 because a forced upgrade will occur on any person attempting to join a Zoom meeting after that date. However, you are recommended to upgrade before that day and you can do that from this link.

A member has also sent me this really useful Infographic on implementing Zoom which I would recommend reading carefully …

Secure_Zoom_2020_03

 

I could stop here, but there’s a few things I differ from the advice in that infographic which will be highlighted below and which I’ve also discussed in another article here.

You might also like to take a look at this article with video that explains the new features on Zoom v.5.

So here’s the original article, as I said published on March 31st …

Since writing this article, just over a week ago – gosh it seems longer than that – more groups have started using Zoom, and it’s also clear that it’s being used very widely by friends, families, communities, etc. It’s also clear that Zoom has responded to some of the criticisms that have been levelled against it and disabled some of the “unintended” consequences of allowing people to Login using their Facebook credentials. That is all good news, so my concerns have been diluted, but I think it’s still wise to “proceed with caution” and to this end I’ve collected together some guidelines which I hope will be of use. First of all – you need to get started by signing-up and installing some software on your device.

Installing Zoom on your Desktop, Tablet or Phone.

Zoom is a multi-platform piece of software – that puts it in a great place to serve the maximum number of people who are all using different equipment. This puts it in the same category as Skype and Google Hangouts.
It’s important to remember that the software was intended for business users, and so some of the language might be slanted in that direction. No matter, what you do need to do, is sign-up to get an account. I would not recommend using your Facebook credentials; I might be tempted to link my Google account to Zoom and use it to Login; but overall, it’s probably better to setup an account directly. I have given advice before to use a “throwaway” email account – one you’ve created which is separate from your main email account for this sort of thing. You can have many Google (gmail) accounts – I probably have 6 or 7!
Once you’ve provided an email address – you’ll be asked to confirm it from an email that will have arrived in your Inbox. Then you’ll be asked to provide normal identity stuff – your name, and then provide a password for your account-you’ll  get a screen which provides you with this information. This is what you can do with your account – you don’t need to press Upgrade Now.

It might be a good idea to allow your self the time before your first meeting to look at the three videos which are in your welcome email – they will give you a flavour of what Zoom is all about and how to take part in a video call.
If you’re going to use a Windows PC or an Apple Mac, now would be a good time to have a look at this page and install the app on your desktop or laptop – but if you’re really careful with your privacy, see the cautionary note below about using a desktop or laptop. [I don’t have this fear now, so I would disregard my cautionary note.]

If you’re using a smartphone, or tablet, it would be a good idea to check this page and install the app on your device.

If you’ve done all that and have an idea how it’s going to work – you’re ready to start. I’d suggest having a go with a friend or family member first, to practice and test your understanding. If you’ve got a problem with anything add a comment to this post and someone will try and get back to you with an answer/solution.

So now we come to making things safer for you. As I said before there have been concerns about Zoom’s Privacy policies or procedures, so although they have tightened up these there are a couple of things you should do. [I’ll add some screenshots from my iPad shortly. I didn’t and I won’t be doing this.]

First of all some tips on which device to use and how to use it …

  • I’ve said this already, but I’ll repeat it. Don’t sign into Zoom with Facebook. This stops Zoom from collecting your Facebook profile info. Although, if you’re already giving all your private info to Facebook, maybe it doesn’t matter.
  • Use a separate device if you need to do anything during the call, if possible, in that way you stop Zoom from tracking any other activity on the device.
  • If you’re an Apple user, use an iPad or iPhone instead of your Mac. Zoom’s iOS app is subject to Apple’s App Store rules, which gives an extra degree of security. The Mac version is a direct download from Zoom, so you have no idea what’s inside. The same is probably true for Windows – but I haven’t checked. So it’s generally safer to use a Mobile device rather than a desktop/laptop. [I don’t consider this a problem now. Zoom have increased their security and it’s MUCH MORE convenient to use a laptop/desktop as you can more easily see everyone on the call in a Gallery view – rather than having to scroll across images of people on a smaller screen device.]

Hints and tips on staying safe …

If you do decide to use Zoom, the company offers a few good tips on its blog for staying safe. First, don’t share a meeting link on social media or any public forum, because then anyone who sees it can join. This can lead to “Zoom bombing,” where bad actors crash the party, and drop off a payload of porn and/or other disruptions, before leaving. Something you definitely want to avoid!

Next, if you’re hosting the event, do not use your Personal Meeting ID (PMI) to do it. “Your PMI is basically one continuous meeting,” says Zoom, “and you don’t want randos crashing your personal virtual space after the party’s over.”

I use Scheduled Meetings even for Recurring Meetings, I can then send a Meeting Invite round in Beacon, that users just click on to join. This is much easier than sending out invites to every meeting.

Also, consider making use of the Zoom “Waiting Room,” which is a way to control who can get into your meeting. [This is now the default setting for a meeting.]You can then decide who you want to admit to the call. [This may not be relevant to your calls, but it’s worth bearing in mind if someone you don’t know somehow appears on the call. Next time they won’t because you’ll have implemented the Waiting Room.]

For more information on staying safe, read Zoom’s blog post, as mentioned above.

Zoom changed a couple of their Default settings from today – 5th April. Now when you join a meeting the default setting from the host is to ENABLE a Waiting Room, from which the Host can invite people in.

The second change is to set a Password on Personal Meeting IDs (PMI). It’s not recommended anyway to use PMI as it’s like a permanently open meeting; far better (if you’re the host), as I’ve described above and elsewhere, to create a specific meeting ID which sets a password anyway. Here’s a link that better explains these changes.

Posted on

Notes from Zoom Meeting – 30th April 2020

Apologies for the slight delay; if you look on the Notice Board and the Guides Menu bar, you can see I haven’t been idle. All the guides are offered unread; I can’t recommend them as I haven’t looked at them yet, but I have used BDM publications on a few occasions in the past and they produce the “manuals” that you often see in WH Smith & Sons, and in their Motorway Service outlets. Pictorial and easy to read is how I’d describe them.

A good attendance again, up to 15 at one time – I was willing two more people to join to force the Gallery view to extend on to a fifth line; maybe next time.

A Review of items from the last meeting:

David H was happy to report that his issue with shielding and deliveries from Supermarkets was now resolved and that Tesco had offered to provide the service to them without the paperwork (as I understand it). Paul on the other hand described the trials and tribulations in getting Asda to amend their online order.

I reported back that I’d been unable to help Ann with her Nest problem, we’d given some suggestions to Margaret on WhatsApp about her router/printer problem, and to Christine (in the last notes) about her Digital TV antenna query. Jenny was going to follow-up her hardware issues with Neil next week.

Today’s issues:

Owen gave us the good news that U3A had purchased a subscription for Zoom and that he was maintaining a diary for any group wanting to use it. I requested that our weekly meetings be put in the diary.

Renee had received her new iPhone SE (review from The Guardian here) but was having problems with her internet connection – someone will have to help me, I’ve forgotten what the problem was!! Duh!

John was experiencing a number of problems with his MacBook Air  with files being greyed out (presumably in Finder). He was going to do more research of the problem and get back to us. Perhaps Creating a Topic in the Computing Forum might be a good idea John? He was also disturbed that in setting up email for his wife on the computer that her email was now in the same system as his, whereas before it wasn’t. I suggested that this was almost certainly due to the necessity of them both needing to have separate Login IDs and accounts on the machine.

David H asked a question of Paul about the Honor phones, to which Paul replied it was wise to investigate whether they had the Google suite of programs available to them as Trump had barred the US from installing them – same for Huawei phones as well. If you bought an 8A (?) this would not be a problem as this model pre-dated the ban. These phones are available from Argos and Carphone Warehouse.

Jim showed us his new external DVD/CD Drive to replace one that had failed in his Laptop. [I forgot to write the model down – can you remind me] He also enquired whether anyone could help him preview photos on his Windows Laptop (outside his photo-editing software). The order in which the pictures occurred seemed to appear in different orders and so it was difficult to review to delete duplicates etc. Owen suggested that he might look at Irfanview. Someone else suggested that there were specific programs to sort out duplicates – indeed we dealt with that in an earlier meeting – dupeguru was used.

Marilyn asked whether it was safe now to upgrade to Catalina on her Mac. I agreed to check and for her, and did, and as she had no Legacy Software installed, it was now perfectly safe to upgrade.

Jenny gave an account of her work for the National Pensioners Convention (?) and asked members whether any of us had experience of providing training for older people. Some of us shared our rather jaundiced experience. We wish her good luck!

Christine alerted us to the fact that Ancestry was now available online through the Cardiff Library Service – but you had to have a current Library account, with a PIN to access it. I received an email alerting me to the fact that Kew was making a lot of its digital records available online during the Covid-19 lockdown – here’s a link to that. You need to have registered with them. Could be an opportunity for genealogy work?

Don gave a very positive account of his experience in using a TP-Link mesh network device to extend his WiFi network in his house. He also alerted us to a service available for Which? to sign-up for a Scams Newsletter. I told the group that I’d purchased another Trendnet WiFi extender device for outdoor use.

Ann thanked us for our advice to clean her Home button on her iPad with an alcohol-based solution to improve the performance of the button. She also enquired on whether anyone had experience of using any video-editing software. I thought I had some notes somewhere on the subject – maybe done for a Digital Group session, but I can’t find them currently. I did find however that I installed (and used) Shotcut and had also (but not purchased) Wondershare Filmora – these are cross-platform programs which work n both PC & Mac. I also mentioned that I thought you could do some basic editing in YouTube, and then download the finished work back to the home machine and delete the uploaded video(s). This feature of Windows 10 might be of use too. I can see that it might be an interesting idea to try a special Zoom meeting on video-editing – especially since I have to do some myself at the current time.

My notes:

Google (and Microsoft in recent adverts) is responding to the rise in the use of Zoom to extend the use of Google Meet (formerly just for business use) to everyone who has a gmail address. The problem with both of these is that you need to have a Google (or Microsoft) account to make use of the service. Zoom is service and platform independent as it’s web/cloud based.

Zoom has responded to security concerns and this article and video might be worth looking at. Those of us in the Apple camp might find this article interesting for group calls.

Google and Apple combine to provide indirect method of doing contact tracing, but UK government decides to go alone with another NHS IT project. [Watch this site for details if and when it appears – there are also pages on other NHSx Covid IT services.]

I mentioned that I’d found an app to help me tune my guitar (Fender Tune), and that I’d also purchased (£4.99) an app called SongShift to copy Playlists from Spotify to Apple Music (and many other services as well) and back again. It works very well!

Finally, we looked at Phil’s experiences of plumbing in a new dish washer, but more interesting than that was his work in installing Ubuntu Linux on an old laptop. Here’s an article that explains the key differences between Windows and Linux. Something that I’d been meaning to do for some time now and had always intended as a Digital Project. Quite a few members were interested in this as the subject of a Zoom Digital Project and Phil and I will be putting our heads together to try and set this up. Watch this space.

 

 

 

 

Posted on

New Guides available

I purchased some Guides from Black Dog Media yesterday. They were supplied in PDF format so I’ve uploaded them to the website so that I can access them from there; if you navigate yourself to the Guides Menu tab, you might also be able to see them 🙂

Here’s one on Google that you might find interesting …

BDM-WIN-004

 

Posted on

You’ve got to laugh!

These videos (amongst many) arrived in Family and U3A Group WhatsApp groups and are linked to our current self-isolation or shielded status. I hope to add others later.

 

… and I couldn’t resist adding these two, which might not be strictly created in the Covid-19 timeframe, but which both strike a chord – literally!

 

Posted on

Notes from Zoom Meeting – 23rd April 2020

I thought it might be a good idea (correct me if I’m wrong) if in addition to any posts that might be generated from the meeting – which I was delighted to see 14 members attended – that I wrote a couple of notes about it.

Covid-19: The main topic of conversation was the difficulty in getting deliveries arranged for shielded people. David H related how his wife had only just (after 6 weeks) received a letter to tell her that she should be considered to be vulnerable and thus shielded – we have other members who are also in that category. Anyway, the problem is getting in touch with a Supermarket to get you on the list for priority deliveries. In Wales that’s compounded by the fact that the letter does not contain a NHS number (as I understand it) and yet the supermarkets require that information. Duh!

It would appear in England that those in the vulnerable category are getting free drops of food – even if they don’t want, or need them and it’s impossible to opt out easily. [We have a friend that’s arranged to take them to the local food bank.] It also appears that the supermarkets are responding off the peg so-to-speak and are approaching customers to offer deliveries even if they’re not regular customers and they would prefer their regular supermarket to reach out to them. Again duh!

This is an unfortunate set of circumstances. On the positive side the number of click’n’collect slots from our local Sainsbury’s seem to have increased – even if the alternatives picked off the shelves for us, are not what we would have wanted – how do you interpret a request for an oatcake into a ginger biscuit????

I’ll put this into the Covid-19 Topic – so please comment there and update my understanding – if I’ve got it wrong!

[Update eConsult]: I forgot this when I wrote up the notes at first. Just a quick note for you to see if your GP Surgery’s website has a link to eConsult on it – as well as My Health Online which you can sign-up for to get repeat prescriptions and book appointments … sometimes! Anyway eConsult gets you to fill-in a form that explains your symptoms as best you can, and asks if you have a preferred doctor from the practice who you’d like to ring you back. My experience was that I got a call back within a couple of hours. Really much better for non-serious consultations that you think can be handled without a face-to-face session. I can see that things will never be the same again. I can see that I’ll be asking my doctor to “zoom” me after I’ve first filled in an eConsult referral. Interesting times!

Screen capture on Windows: Apparently there is piece of software called Snipping Tool in Windows that does the trick, here’s an article that shows a number of ways of solving that issue. On the Mac, you can use a combination of key strokes to Copy screens, or sections of screens to the Clipboard, from which you can Paste the contents to a program. Here’s an article that shows you how to do this on a Mac. On an iPhone you can capture your screen and take a picture that goes to your Camera Roll in this way, and can create a screen recording like this, on Android you take a screen shot this way.

Digital HDS Antenna: Well, it appears Christine that the Dragons Den might well have been taken in by this product sometimes called TV Fix, but also DigitalHDS and TV Brite. The reviews are not good. Let’s pass on …

Sharing Notes between iPhones: Yes you can do that Don, and yes it might be useful for creating shared shopping lists – always useful at a time like this – but my recommendation would be to use Evernote which means you’re not restricted to just a Mac, you can use it on a Windows and also from the web, and share notes that way as work on them collaboratively. Evernote has replaced a word processor for most of my notes taking and writing. Gets 5* from me, and I pay for it too now!!

Have I been pwned?: Another use case for this very handy website that tells you whether your email address has been hacked is a check on your password – just click on this link and supply your “favourite” password to see if it’s out in the wild!

Problems with Nest and Google accounts: An issue we couldn’t really provide an answer to. In fact, I had difficulty understanding (not Margaret’s fault, I’m just not familiar with the product). Paul suggested that maybe trying to use a different email account with the device might allow you to get admin rights back. I really don’t understand this, so I suggest that Margaret might put it up as a Topic in our Forum – perhaps someone outside the Group might be able to help?

[Update We will fix your PC]: Forgot this in the first write-up of the notes. I’ve put a “plug” for Neil in the Computer etc. Forum.

Creating a Zoom meeting: I promised to produce a quick video showing how you can Schedule a meeting as a host, rather than just be on the receiving end. Here’s the video.

New website: I demonstrated the features of the new website using the Screen Sharing facility in Zoom. In feedback to this it was suggested that perhaps there ought to be a facility to add a Photograph to a Profile – I promised to look into this. If you have a WordPress account, this gets picked up automatically, but it should be possible to optionally add a Profile picture. I also pointed at the way of creating a Movie using Quicktime Player (goto Method 2) on the Mac. I’m sorry, but I can’t find an equivalent, easy way of doing it on Windows – it must exist!

Finally, by way of light relief, here’s a video I had thought of showing with you at the end of the call. The Project Manager’s nightmare. Enjoy …

 

 

Posted on

Windows – Updates and Booting Up

Some notes, following the Zoom meeting last Thursday.

Updates: Going to ‘Settings’ you will find a link to ‘Update & Security’ at the end of the list of links. That has a section, ‘Windows Update’, which will tell you if there are any updates waiting to be installed, and also give you some ‘Advanced options’ on how to handle them. One of those is the facility to pause updates being automatically installed for up to 35 days, for instance.

Booting up: Another setting is ‘Apps’, which includes a link to ‘Startup’. This shows a list of your apps, and which of them are selected to start automatically when you log in. If you want your computer to boot up more quickly, it might help to turn off one or more of these apps. I will just mention Skype, which I found was selected to start, although I have never used it.

There are probably similar settings for Apple users.

Posted on

Using a Password Manager and implementing Two Factor Authentication

Introduction – passwords, passwords, passwords.

Log in to your e-mail account. Log in to your bank account. Log in to Facebook, WhatsApp or twitter. Log in to your Amazon account, or any other retail site. Log in to your photo sharing service. Log in to Thought grazing, or any other membership based organisation eg U3A, Which?
Is it possible to remember the number of applications you use on a regular basis that require a password? How do you keep track of all of all those passwords?

Here are a few tricks you might have tried or considered (with hints about why you may want to steer clear of some of them):

    • Memorise passwords. This is a great technique if you use your passwords every day, but maybe not for those you only need occasionally. If you don’t use a password regularly, there’s a good chance you could forget it if you rely on your memory alone. In addition, Web browser cookies can remember your login session for days or weeks at a time, meaning you only enter the password manually once in a while even if you use it every day. This could therefore be a weakness and security breach if someone stole your computer. So to login to your computer, or connect to your bank this might be the best approach, but be mindful of the potential security breaches and use for only a limited number of uses. [NB The login credentials to your bank are not saved on your computer, but other sites may well store them in cache or cookies to make it “easier” for you to connect!]
    • Use the same password everywhere. Memorising a single password for every account does make life simpler. For security reasons, though, this isn’t a great idea, because it makes it easy for a hacker who finds your user name and password for one account to break into your other accounts, too. So what you could do is have a base (root) password that is the same, and then add something you believe you’ll remember to identify the pairing of the password with the site (a variable). Thus making the password unique to that site. So if you wanted to connect to Boots the Chemist you might choose “B00ts&” before your root password. I gave some ideas on choosing a root password in an earlier post.
    • Write passwords down on paper. This is an ideal solution if you can hide the written information where no one else has access and you can remember where that place is :-). However not only is this a risk if someone finds the list, but a written list or an assortment of scraps of paper could also be lost or damaged, and you’ll need to find and update the list each time you update a password. This is most definitely the most frequently chosen option, and most certainly is the worst option too.
    • Write passwords into a file on your computer or mobile device. This is less likely to get lost than the paper, but you do risk losing the file if you have hardware failure. In addition, this file is as vulnerable to hackers as other files on your computer. You could encrypt it for an added layer of security, which makes this strategy similar to the next solution. I used this option for a while with the file saved on Dropbox and protected by a Password, so it was safe from loss – but it wasn’t encrypted and most definitely wasn’t very safe – but it was a safer option than the previous method.
    • Use password management software. Password management software is a utility you can use to save and retrieve all your passwords. This software could be a standalone application on your local computer or a feature within another application (such as your browser) – or both. This option greatly limits hackers’ possible routes to your password data while adding convenient features for organising and retrieving information. This is the strategy that is strongly recommended for everyone and for use on a single computer – it can be FREE.

When I sat down to write this piece, I obviously looked around to see whether there was any information I could reference. After I’d done that, it was clear that there was no point in me re-inventing the wheel. So I point you at this excellent introduction to Password Managers and review of the leading Password Managers out there. Read it before you go any further!.

Password managers – how do they work? Are they safe?

So you’ve read the article mentioned above? Yes – then proceed. Otherwise I really do insist you go back and read it.

So now you know there are browser-based password managers, cloud-based password managers and locally-stored password managers. You do know that, don’t you? If not, go back and read this article again!

Are they safe? – you only have to remember ONE password, the master password, and that unlocks your Password Vault. So compared with unsafe, easy to guess passwords, or scraps of paper – they are very safe; and you can’t lose them, forget them, or mislay them. They’re all in one place!

How do they work? – well, I don’t need to tell you much about this because you’ve already read this, haven’t you? Essentially, you can choose to let the Password Manager generate random passwords for every site you need to provide login credentials for, or you can provide the Password Manager with a password when prompted. I tend to do the latter using the “variable + root” approach I discussed before. It’s not that I don’t trust my Password Manager, it’s just that for many of the sites that I use frequently, it’s quicker and easier for me to supply the password because I can remember it!

Which Password Manager you choose to use is down to your situation – you could read this Review of Password Managers – which picks Dashlane and LastPass as best products. Either of these would be good to implement and use but they have different use cases. I use LastPass and pay a small amount annually so that I can use it on more than one device. I also use it because as it’s cloud-based, I can log into my LastPass account from any machine and access my online services. Dashlane lets you make the choice of local machine or cloud-based password storage – but it is not free, whilst Keepass (which is open source and free) works on a single machine, the passwords are stored on that machine – so that might be the option for you. If you only tend to use a laptop or desktop for browsing websites where you need to provide Login credentials, the free version of LastPass or KeePass is more than adequate.

Note: I do not recommend for the reasons explained in the article, that you use the Password Managers contained in your browser.

How do you use your Password Manager?

This is really beyond the scope of this article but elements of usage are covered in the two articles that have been referenced above. You should refer to the documentation for your chosen Password Manager.

What’s all the fuss about Two-factor Authentication then? Do I really need it if I’m using a Password Manager?

Well yes you do! It’s bandit country out there on the Internet. You’ll know  that if you’ve been on Have I been pwned? and seen your email address has been captured by a leak, or a hack. So it’s always possible that someone has got at least part of your login credentials, and from that it might be possible for them to request a new password – blocking you from using a service – or they may have even requested a new userid!  So that’s where 2FA comes in.

What is it though?

Essentially once you’ve implemented 2FA you’ll be asked for secondary information about yourself (Face-ID, or Touch-ID if you’re using an iPhone) or confirmation that you are the person you’re purporting to be – by asking you to supply a code that is displayed on a smartphone or other device you own, and which is to hand. Thus having your UserID and Password is not sufficient alone to access your account.

If you’ve used Online Banking recently you’ll have noticed they’ve implemented 2FA widely. In fact I believe they’ve been required to by the Banking Regulator. Thus accessing your bank from your device is intrinsically safer now than it used to be.

I’m not going to say much more about 2FA , I’m going to refer you again to a Guide rather than repeat the information myself – and quite possibly make a mistake in doing that. There are a number of sources of reference out there, from Google, Apple, Microsoft but the one that I’m pointing you at is this one which I think explains things well, and also points at how to implement it for a number of popular and well-used platforms and services.

Making life easier with an Authenticator for 2FA

Wouldn’t it be nice – instead of waiting for the site you are trying to access to send you a code to type into the box they’ve provided – if you could just look at your phone and see a code on it that you could then provide and type in?

That’s what an Authenticator does. Perhaps the best known is Google Authenticator – and that’s the one I use on my iPhone, but there are others. You might consider using LastPass Authenticator for instance, I’ve meant to try it out for quite a while, and there’s also Authy, which has significant advantages over Google Authenticator – but it’s perhaps best to get experience using the Google software first.

And that’s it! Thanks for getting to the bottom of this long article. I promise you, if you follow the advice and guidance included in it, and in the referenced articles, your online life will be much safer, more secure and your stress levels will be reduced!