In truth, some accounts are actually hacked by viruses, but that’s a subject I’ve already handled.

So what are we to do? The good news is there’s an easy process to protect your accounts:

1. Never use the same password for more than one site
2. Use passwords that contain upper and lowercase letters, numbers and symbols
3. Use the above in a random fashion
4. Never type your password on a computer that has any possibility of infection

There, now that you know what you need to do, practice safe computing and have a nice day.

What? That’s too hard? You can’t remember T$d63Fes% as a password? Thankfully, there’s an easier solution – use a password manager.

Password managers have been around for as long as there have been passwords. My first was a little black book that got washed one too many times. My second was a Palm Pilot, that I lost, and that probably got washed too. Fortunately, today’s solutions don’t risk the possibility of loss or accidentally getting washed. There are many to choose from, but the one I want to detail today is from Lastpass.com.

Lastpass is a browser plug-in for Firefox and Microsoft browsers. By default, it replaces the insecure (yes, they are) password managers built-in to those browsers. Your passwords are actually saved on the Lastpass servers, freeing you from the possibility of losing all your passwords because of a computer failure. I know what you’re thinking – “But that gives somebody else my information!” Actually, no. Before any of your passwords are sent to Lastpass, they are encrypted with your master password. Lastpass uses 256-bit AES encryption which is as good (or better in most cases) as the federal government uses. Maybe that’s a bad example. How about “Its what geeks use.” There, that’s better.

There’s a whole lot of techno-babble I could detail and explain, but suffice it to say that Lastpass gives you secure access to really secure passwords. I’m not going to explain how to install it either, find out at their website.

The real beauty of Lastpass is the password generator, which will give you all of the requirements above. When you use the password generator, you can pretty much guarantee you have a secure password. The design of passwords is customizable for websites that support one style of password but not another (upper/lowercase OK, symbols not OK).

Since Lastpass stores EjaJ9LQ$z%Y^ for you, you don’t have to remember it. Simply visit the site you want and Lastpass will automatically fill in your username and password for you (HINT: If it doesn’t automatically fill in your password, press ALT-PGUP which is the key combination to cycle through all passwords for that site).

You’ll still need to go back through sites and generate new passwords to be secure, but Lastpass should automatically detect the password change and prompt you to save it.

“But, what about when I’m not on my PC?”

The lastpass.com website allows you to login and access your passwords from any PC, also granting you the ability to sign-in to a website directly from lastpass.com without ever typing anything.

Lastly, if you don’t trust the PC you’re using – maybe a internet cafe or hotel computer – you can use one-time passwords. These passwords are exactly what they sound like – they allow you to login one time with that password. So, even if somehow, someone captures your password, its useless once you’ve used it. Of course, you do have to set these up in advance.

There really is no excuse for bad passwords anymore. With the Lastpass plug-in and the lastpass.com website, you have secure password management, offsite storage and one-time use protection when you’re not at your PC.

Just remember to use a secure password for your Lastpass password. By the way, Bible verses make excellent passwords (Ephesians6:7, 1Corithians13:4-8).

I was at a client’s office the other day when I noticed an error message pop-up on the receptionist’s desktop. Before I could even get a look at it, she clicked “OK” and the message disappeared. I asked her what that was and she said “I don’t know. Stuff like that comes up all the time. I just click ‘OK’.” Needless to say, I was not amused that this apparently had been going on for sometime and that I had not been notified about it. She responded that her PC at home does the same thing, she just thought it was normal.

Messages from your PC mean something. Sometimes they indicate a problem, sometimes they just notify you of what’s going on in your PC. In the case above, the dialog message she received was warning her that that the hard drive (where all you data is actually stored) was beginning to fail, of course it wasn’t in plain English so she didn’t know that. My point is, to simply dismiss a dialog without reading the content can be extremely dangerous.

Another case of “click fiendery” came in the form of a user running as an administrator, who answered “yes” or “OK” to seemingly every message he received from the Internet. This included ads from webpages that told him “You may have a virus. Click here to check.” This action installed malicious software (a virus) that then pestered him continually with pornography and ads on how to remove the offensive software, for a price. His excuse was that he was just tired of having to answer dialog boxes all the time. Just so you know, he was running anti-virus software already, but even that won’t prevent every bad thing that can happen to your PC.

The problem has gotten so bad that studies are being conducted to see just how gullible the average user is. You can bet your spyware and virus writers will be happy to get that information.

Unfortunately, it seems that the dialog box is overused in today’s programs. Even I myself, fail to understand why, when installing the latest large software company’s product, I have to answer questions repeatedly during the install. One would think that all the questions about where and what to install could go at the beginning of the install. So we become perturbed, and we click wildly to get the dialogs to go away so we can get back to our work. I understand your frustration, I really do.

The solution though is quite simple. SLOW DOWN. Easy for me to say, I’m not on a deadline right now. But the truth is, it’s become necessary for us to take a moment and actually READ the message we’re being given, then to apply some common sense to it.

YOU MAY HAVE A VIRUS. CLICK HERE TO CHECK. “Do I already have anti-virus software? Does this look like my anti-virus message?”

THE DEVICE DISKS/HARDDISK0 HAS ENCOUNTERED A HARD ERROR AND DATA WAS LOST “What data was lost? Is my stuff backed up? Maybe I should call someone who knows what this means.”

So the next time you ‘re presented with a dialog box and a message you weren’t expecting, take the time to read and understand it, or you may find yourself with plenty of time to think about it while your PC is getting repaired.

RUN AS AN ADMINISTRATOR

Back in the days of DOS (and up to Windows ME), if you used the Windows operating system, you ran with administrative privileges. Since the advent of Windows 2000, users have been given the choice to run their PCs with limited user accounts that are not allowed to change system files.

However, the average user today still performs his or her daily activity using an account with administrative privileges. This is the single biggest mistake people make using PCs today.

“So what. What’s the real danger?” you say.

Lets start with simple facts. (1.) A limited user account is exactly what it says it is – an account with no rights to change critical system files. This means that a limited user can’t change or delete files that would cause the PC to crash or otherwise become unusable. (2.) An administrative account can change system files, basically doing anything they want to do, including deleting or changing files that could cause the PC to become unstable. (3.) Any website you visit, any program you run, any file you open at all – has the same rights as you do.

“But, I don’t go to websites that would harm me and I’m not going to download anything harmful to my PC,” you say.

Wrong. According to Google, 1 in every 1000 websites is infected with malicious software. These aren’t sleazy websites either:

In the past year the Web sites of Al Gore’s “An Inconvenient Truth” movie and the Miami Dolphins were hacked, and the MySpace profile of Alicia Keys was used to attack visitors.

The point is that the web isn’t safe and that cute little game you just downloaded is possibly feeding your credit card numbers to the web right now. I’m not trying to be dramatic, I’m trying to wake you up.

So what can you do? First, make the decision to commit to a process to keep you and your PC safe. If you won’t do that, nothing I say here will make a difference. Second, create a single administrative account with a password (accounts without passwords might as well be open doors, anyone can walk through), call it something that designates the impotance, such as Installer or Admin. Third, login with the administrative account and change the account type of all other accounts to limited. Fourth, only login to the administrative account to install software, updates or perform other administrative tasks (defragment, spyware scans, etc.). Finally, never, I mean NEVER, surf the Internet, read mail or do any daily work in the administrative account.

I can hear the whining already, “but, now I have to do a whole bunch of logging off/logging on just to install software.” Yes, you do and that’s part of the point, to make it more difficult for software to be changed on your PC. Remember, if you can’t do it on your account, neither can viruses, spyware and adware.

Lastly, this is not the end of the process. Simply changing account types won’t prevent a malicious website from putting something on your PC. Your user account can still be infected, but at least this way your PC will most likely be safe, and you have an administrative account to help clean it out if necessary.