Windows 8 Tricks: Creating a Picture Password

Standard

 

When Microsoft released Windows 8 they were targeting the tablet population. So naturally, with a tablet, they have built in some pretty neat tricks with hand gestures. One of the coolest tricks introduced is the addition of picture passwords.

In the past, when locking a machine, you would have to use a standard keyboard password that included letters, numbers, symbols, or any combination of those. With Windows 8 you can now choose a Picture Password. What this means is that you choose a picture, draw up to three gestures on the picture, and this will unlock your machine.

To turn on this feature, go to “Sign-In Options” under the Users tab (found under Change PC Settings). There will be an option for “Create a Picture Password.”

secure_Windows_8_2You are limited to what gestures you can put onto your picture. They can only be circles, lines, or taps. When logging in, you will have to use the same three gestures in the same three areas on the picture to get into the machine. But otherwise, it’s as simple as that.

One thing to note: researchers at Arizona State University and Delaware State University believe this method of authentication can be cracked rather easily. You can read about their study here. Consider that when creating your picture password. (To understand how secure passwords are and how easily they can be cracked, check out my previous blog post detailing that information here. While the picture password option is a very neat idea, and can work in safe, internal situations, nothing beats the standard text password.)

To understand all of your options, and see some cool tips and tricks for Windows 8, feel free to reach out to our engineers at Everon: 1-888-244-1748. We’re here for you 24/7, 365.

 

Sonicwall Registration Issues - NEW UPDATE

Standard

 

I recently wrote a blog about my issues with trying to register at mysonicwall.com. I added a brief update at the end of the blog. However, I have a new update which I would like to share.

Since getting my issue resolved, I figured that was it. To be honest, that would have been perfectly fine with me. As I mentioned in my blog, I knew someone in the company would have resolved my issue, and as long as I have had my issue resolved, I didn’t care. I wouldn’t harbor any hard feelings toward Dell’s Sonicwall line, and I am going to continue to use my Sonicwall, so no harm done really. However, yesterday I was contacted via phone by the Manager of Global Customer Service at Dell — that was something I did not expect. It really went above and beyond what I expected of Dell, so much so that I decided to write my update into a new blog post here for you all.

The manager at Dell said that she’d read my blog post. She said that what I’d said was fair, and they were able to understand the issue and my frustrations completely. She also noted that due to the fact that I’d detailed the issue so thoroughly, the issue was escalated to their website developers… and they identified the bug and resolved it on their website! Woo!

I think it is something to note that a company as large as Dell will take the time to get your issue resolved, and it really turned around something where I was upset into a renewed respect for Dell. I always feel bad when I have to send in complaints to a company, because I know they have a job and a family, just like me. But it’s good to see results as complete and thorough as the ones Dell gave me.

Dell-Sonicwall-new

 

Sonicwall Registration Issues

Standard

 

Hi all,

I have never used my blogging to complain about anything. I believe blogs should be helpful and should allow you to learn something new that you may never have known before. The blog I am writing now hopefully doesn’t come off as complaining, but maybe more as a way for me to get this information out there for others to review — and maybe we can discuss solutions. Because unfortunately, at the end of this blog, there is no resolution.* But I want to discuss Sonicwall Registration issues.

I am not talking about what to do when you have a Sonicwall, and you need to register it for your account. I am referring to registering for a mysonicwall.com account. I have had the unfortunate experience of having to deal with this, and I want to get some myths and facts squared away.

First off, a little background here: I am a Watchguard guy. I was originally trained on Watchguards, I love the interface, and in my time in Florida it was 90% Watchguard, 10% Sonicwall. We had one client who had a Sonicwall, and I dreaded it. Until I realized they had the Public Server Wizard in the upper right hand corner of the webpage, creating simple rules was as difficult to me as an ASA (I won’t even get into that right now). I have always been a server guy, never strong on networking, so I didn’t understand why Sonicwall needed all of the various components to open a firewall rule. Watchguard made sense to me. You created everything right there with your system manager. I loved it, but upon moving to Colorado, much to my horror, I found that Everon is almost primarily Sonicwalls.

Nevertheless, I took this in stride and began to learn everything I could about these devices. Sonicwall, which was acquired by Dell a few years back, is a good product. It definitely can go toe-to-toe with Watchguard and Cisco ASAs. It is at the forefront of firewall security, so it was something that I needed to learn. I ended up getting a chance to take a Sonicwall home and connect it to my home network. I have a TZ 200, and I wiped it, uploaded the latest firmware at the time, and modified it to match what I wanted out of a firewall.

Flash forward: Everything is working great, but now I want to go further. I want to open some ports and play around a little bit. But first, since it’s been several months, I want to register it as my own. I want a mysonicwall.com account, and I want to update its firmware.

I initially went to mysonicwall.com and began the registration process. Everything seemed right in-line. It looked like I would have my firmware updated by the weekend.

Hold on…. it says my password is poor, with this error:

This password is publicly available in hacking/security forums and can be easily compromised. Please use a different password.

Wow that sounds intense. I really hope the password I chose isn’t available in some forum! I believe it’s a very secure password: I used capital letters, symbols, numbers, and didn’t follow a pattern. It’s over 15 characters! I figure I am going to have to review this later and see if I can find out if I have been compromised in any way. For now, let me input another password….

Same result. (?) How about a different browser…?

Same result. (?!) How about if I VPN into my office at work and try, using a different public IP (because what if, for some weird reason, maybe my IP is blocked)…?

Same result!

Here is a screenshot of the error in all its glory:

Sonicwall

I decided to call Sonicwall to discuss. After all, I am sure they want me as a customer, right? I have called Sonicwall probably at least 100 times before with client issues, so I know that, yes, it can take a while to get someone on the phone. But once I do they are great and will help me out.

Once I got a technician on the phone and explained the issue, he said this can only be taken care of through their Customer Service team, by emailing: [email protected]. OK, that was fine, it sounds like I am not getting to work on my Sonicwall at this time, but whatever, as long as we are moving along. I emailed that address, and a ticket was created immediately, and a response came within 24 hours, so progress. The response that was given was simply:

Dear Customer,
 
You should not use special characters while creating an account.
 
Regards,
DELL SonicWALL Customer Support

OK… pretty sure I had tried without special characters, but let’s go at this again and see what happens. Yep, tried without special characters and I still got the error message. So I emailed Sonicwall back to state this and to see if they will set up the account, or what further can I do. Unfortunately here is where the trail goes cold….

…crickets…

It’s been 5 days now, absolutely no responses. I have tried the registration 3-4 times a day, and responded back to the original ticket requesting assistance, and nothing.

Today I thought about the idea, “What if I just click on ‘Register?’ Will it allow me to somehow register an account?”

NO. (This time the error is that my security question/answer has errors in it. The registration page just gives me two blank fields to fill in whatever I want, so I created a question, and filled in an answer! How could there be errors?! I even tried clicking on the question marks to the side of the fields, assuming those are helpful hints, but even those are not clickable.)

At this point I wrote a “less than happy” email back to Customer Support, because I am at the end of my rope. Even when you Google this Sonicwall error message, you don’t really get anything, so that is one reason I decided to write this blog. Am I the crazy one, or are others out there having the same issue?

I found one response on superuser.com, stating that the reason that error exists is because they are reviewing the password in rainbow tables, and if it exists, they are throwing it out. This made me feel a little more secure, like the password I created was not stolen. To further give myself solace, I created an EXTREMELY long and miserable password by typing random letters, numbers, symbols — everything you could think of — into this registration process… and still nothing. (The password was akin to looking something like this: !@We340rj58tr7j&%#$F093jd938de%^&* That looks pretty secure, but apparently not secure enough for Sonicwall.)

Also, just to state, before I get to my conclusion: if/when I get this resolved with Sonicwall, I will let you all know. I know someone, somewhere in that company will resolve this, and I will continue to be a very happy customer of Sonicwall’s. Just right now we are not on the best of terms.

So, In the end, the point of this blog is really to reach out to the world and state a few facts:

  • This is a big part of being a remote engineer. We are constantly having to contact 3rd party companies all the time, and when they drop the ball it’s tough to relay that information to the client. Because even though you know you have done everything you can, when your client is wanting you to get info from a 3rd party, and they drop the ball, you can’t help but to feel for your client. It’s like you’ve failed them in some way.
  • Sonicwall’s devices are amazing, they are great products, and I recommend them.
  • Dell’s customer service for Sonicwall is less than desirable. If anyone has figured out how to create a registration for mysonicwall.com, please email us at [email protected], subject line: Sonicwall.
  • And lastly… Watchguards RULE! I still love those devices!

245845c*UPDATE [Two weeks later]: I have resolved this issue, and I have my Sonicwall account created finally! I almost gave up, but I decided that if the original engineer who was assigned to my ticket was not going to get back to me, I was going to email in again separately and create a new ticket. I know how their CRM works — just like at Everon — where when you email in to a specific email address, a ticket gets created and assigned out to an engineer. My thinking is that I received an engineer who didn’t care to help me — unlike at Everon. But this situation does happen at some companies sometimes. So if I email in again and a new ticket gets created, maybe I would get an engineer who cares.

So when I emailed in and a new ticket was created, I did get a response — albeit it took 2 days, and they requested a screenshot of the issue. I sent them a screenshot with my phone number, and they actually called me and set the entire account up! They didn’t sound too happy on the phone, and I am sure they were nervous about talking to me since I sent a very nasty email beforehand. Regardless, the issue is resolved, and I have my account. I hope to never have to use Dell Sonicwall’s customer service center ever again. I will say this as well: my password I ended up using has special characters, so the original technician who suggested I could not use special characters was flat-out wrong.

I hope this helps anyone else who might have been going through the same issues, as this was a nightmare for what honestly should have been a very easy, and quick issue. Good luck!

 

 

The Latest Password Strengthening Tips (in the wake of Gmail’s massive hack)

Standard

download Do you have a Gmail account? You might want to consider changing your password. It was just reported that 5 million Gmail accounts and their passwords have been posted to a Russian bitcoin forum by a user named tvskit. The post was taken down rather quickly by the moderators. However, the original post contained a text file that could be downloaded, so it has most likely spread and will pop up again elsewhere. When reaching out to Google for comment, their response was that most of the accounts stolen were old or suspended accounts. But the user, tvskit, claims that he (or she) was able to log into most of the accounts.

Regardless of whether your account is on this list or not, it brings up a good topic in regards to security of your email. Security of email and private information is increasingly becoming vulnerable due to the sophistication of hacking attempts. A few recent examples of hacks that have unfortunately been successful include the iCloud hacks of celebrity photos,  the Sony PSN hack, and the FBI website hacks by Anonymous. The PSN and FBI hacks were due to flaws found in their services.

But the iCloud hacks happened due to simple passwords.

In fact, most hacks happen because users use simple passwords in order to remember them. These simple passwords (examples include password, 123456, qwerty, 11111) can cause a lot of issues, especially because they are constantly targeted by thieves. GRC is a great site to determine how secure your password is. This site allows you to input a password, and you can see, through their mathematical equation, how quickly that password can be hacked.

I strongly recommend you review this site and come up with a password that provides as much strength as you can handle. Even adding a few symbols and numbers to a simple password can really amp up your security. For example, let’s take the password “password.” In an online fast attack scenario, that word can be hacked in 2.17 seconds! But if you add an exclamation point to the end of that password (i.e.: password!), this increases the fast attack scenario hack to 1.02 days. 

In my example at the GRC site, I made the password: !@#P@ssw0rd*(). I added a capital letter, some numbers, and a good amount of symbols. I now took the 2.17 sec.-hacked password to 15.67 million centuries. It’s easy to remember, as well. Think about it: the first three symbols follow a pattern. Then I spell password, with a capital P at the beginning in leet speak, and then my three end symbols all follow a pattern at the end of the spectrum.

The case I am trying to make really is to protect yourself. There are so many malicious hackers out there, as we have seen with the latest Gmail hack, that ensuring that your password is as secure as possible should be of the highest priority.

Dude, Where’s My Phone? Finding and wiping your Android device through a web interface

Standard

hiding cell phone

“!@#$%! I lost my phone AGAIN!”

Does this sound as familiar to any of you as it does to me? Well, unfortunately, this is far too common for me. In recent days, however, I have been turned on to a handy online tool to help find my Android phone when it gets misplaced.

If you are like me as well, you probably have work-related items on your phone. Or personal items that, if by chance your phone found it’s way into the wrong hands, could be devastating. This Google feature provides you the ability locate your phone, wipe it clean if needed, and set a new unlock code so it is not easily accessed.

This will work only if you have an Android device and know the Google address you set your phone up with. To start, open up a web browser and go out to www.google.com/android/devicemanager. It will prompt you to log in with your Google email address (being the same one you set your phone up with). As soon as it logs in, it will start contacting your phone.

Contacting

If your location services are on, it will provide you a GPS location of the whereabouts of your devices. If not, you have other options. You have the ability to “ring” the device. Whether your phone is set on vibrate or silent, it will loudly ring your phone for 5 minutes or until you hit the power button. Also, you have the ability to set a new lock code so no one but yourself can access it while it is not in your possession. And finally, you have the ability to wipe the phone back to factory settings, in case you are worried about sensitive data being compromised.

As I previously stated, this will work for Android devices, to include tablets, only and not any others such as windows phones or iPhones. There are other features on the market out there for the devices it does not cover, so if you are interested in hearing about those, please reach out to Everon at 888-244-1748 and we will be glad to discuss them with you!