I have a confession to make: Despite being an IT type of many years’ standing I’ve only recently acquired a smartphone. I know! For various reasons, until 2017 I stuck to a distinctly non-smart but very compact Nokia 2332. Finally prompted by the withdrawal of my pay-as-you-go tariff by TalkTalk and not wanting to be shunted to Vodafone, I entered the wonderful world of Android.
(For the phone geeks out there, my weapon of choice was a Huawei P8 Lite 2017. Yes, I do like it, no, this isn’t a review.)
Anyhoo, I soon discovered that every time the phone restarted, I would get a cheery notification from Google Play Services a bit like this:
(Actually mine said, “It looks like you changed your phone number…”.)
When this first appeared I dutifully followed the prompts, logged into my Google account and discovered – as I’d thought – that my phone number was already there, and was already correct. Mild irritation.
Next time I switched on my phone, same thing. And the next time. And the next time. And…you get the idea.
Being an IT pro, I called on all my accumulated experience and detailed technical knowledge by searching Google. I found other people similarly irritated but no fix.
I thought it might be because my phone number was wrong in the system settings (it showed the number given me by my new provider before I ported my old one), so duly contacted the provider and asked for a network refresh (or some such term). This did the trick as far as the system phone number was concerned but didn’t stop Mr Google greeting me each morning.
Finally, after putting up with it for several months, I conquered it, courtesy of MultiMatt (whose problem was almost identical to mine) and Ed Nisley (whose proposed fix did the trick). The fix was: Clear the app data for “Google Play Services”, as described in Ed’s post.
After clearing the data I restarted the phone and it told me I now had no backup account (i.e. my apps, photos, etc. were no longer being backed up to Google). So I just picked an account and all was happy again. I’ve not seen the unwelcome notification since.
To paraphrase Douglas Adams, the Internet is new. Really new. I mean, you might think space travel, computers and fridges are new, but compared to the Internet they’re positively ancient.
I know, I know. The technology historians will tell you the Internet had its roots waaaay back in the seventies, but really, for 99.9% of us, “The Web” was just a 1947 crime movie until the mid-nineties. Strictly, the “WWW” appeared in 1991, but come on – how many of you had even heard of it (let alone used it) until well into the era of Cool Britannia, New Labour and England’s agonising penalty shootout defeat at Euro 96? Exactly.
So, by my reckoning the Internet is barely 20 years old. Not much more than a teenager, in fact. Like many teenagers, it’s grown really fast. Some of the things it gets up to aren’t very savoury. And it’s always demanding attention. (Excuse me while I go check my emails, tweets and status updates…) Despite its youth, immaturity and anarchic setup, however, we all know it’s been the most runaway of runaway successes.
“Fascinating,” I hear you say, as you simultaneously stifle a yawn and check your watch / phone / tablet / blood pressure. “But I thought this was about passwords.” And so it is. The point about the Internet being new is that, by and large, it still has a culture of trust. Oh, we hear the stories of scammers, viruses and hackers but tend to assume it won’t happen to us. Regretfully, that’s a naïve assumption.
They really are out to get you
Back in the “olden days” (or perhaps still, in a few remote locations), we’re told that nobody locked their front doors. Crime happened back then, of course, but generally speaking, it tended not to happen and there was that culture of trust. As time went on and burglary increased, we started locking our doors. If we didn’t, and then expected sympathy after being robbed, we’d be laughed at. Not only that, but as time went by we added more sophisticated locks, shoot bolts, window locks and burglar alarms. Multiple defences to make it harder for the baddies. We moved from a culture of trust to a culture of protection and prevention.
In that regard, the online world is like rural England several decades ago. Many of us are touchingly innocent about the malevolent, sophisticated and heartless elements out there in cyberspace. (Does anyone say “cyberspace” any more? Or has it gone the same way as “the information superhighway”?) Not to put the frighteners on you, but I can say with some confidence that there are digital baddies out to get you. They are modern-day highwaymen out to relieve you of your cash. And, yes, although there are multiple routes they take, it all boils down to cold, hard money.
OK, I believe you. But why are they interested in me?
They want your identity so they can steal your money.
They want your confidential information so they can steal your identity so they can steal your money.
They want to blackmail you so they can steal your money.
They want to hijack your computer, your phone, your tablet and anything else connected to the Internet so they can disguise their criminal activities, attack other computers, and probably ruin your files while they’re at it.
My conclusion, Ladies and Gentlemen of the Interweb Age, is that it’s time to move from a culture of trust to a culture of protection and prevention.
Ah, so that’s where passwords come in
Precisely. Although, to be honest, passwords are only a small part of the picture. There are other technical tactics, attitudes and habits we need in order reduce the chances of being taken for a cyber-ride. But passwords are fundamental, much as we may loathe them. They’re like fitting that first lock to your front door. Even a cheap rim lock is better than no lock. And if the next door is unlocked, guess which one the villain will choose?
If you upgrade to a stronger Yale lock or a 5-lever mortice lock, your chances of resisting attack increase. And so with passwords.
OK, so get to that “Three ways…” stuff
Quite so. Here, then, are my top Three Ways To Let The Baddies Win when it comes to your passwords. If you’ve heard them all before, I trust you’re not doing them. And if you’ve never heard them before, please stop doing them. Now.
Way #1: Use Simple Passwords
There are a bazillion articles on the web about how you shouldn’t use simple passwords such as:
Yes, even that last one is lousy and could be cracked in a little over 2 minutes:
Cyber Villains United would thank you for using any of the above or similar.
Way #2: Use the Same Password for Multiple Sites
Why does this matter? ‘Cos if Joe Evilhacker gets hold of one of your passwords he’s going to try it on loads of popular sites and, in your case, he’ll strike gold because you use the same one on Amazon, eBay and Facebook.
Do not do this. If you’re doing this, don’t do it any more. With immediate effect.
Way #3: Make Your Passwords Conveniently Available
If you’re going to physically write them down, treat that document like your front door key. Don’t write your passwords on sticky notes on the PC. Don’t leave them lying about on the desk. Don’t put them in a notebook entitled Computer Passwords. Make it difficult for anyone who shouldn’t have access to even recognise what the document is, let alone get hold of it.
If you keep passwords on your computer, at least make sure there’s a password on that document. (And, yes, you must also protect the password to that document…) A “password manager” is better than a simple document for various reasons – but whatever approach you take assume that the worst could happen. (And, of course, if the information is in a computer file of some sort, it must be backed up somewhere – otherwise, it might be you that’s locked out of your accounts, not just the criminals.)
A note of clarification
At the (severe) risk of insulting your intelligence, I should emphasise that the above are what not to do. Was that blindingly obvious anyway? It was? Sorry.
Enjoy the Internet, that stroppy teenager, and may your digital defences never be breached.
…I’ll make an exception today because I’m writing one 🙂
My WordPress blog goes through long periods of neglect (like my squash playing or cleaning the bath) but then the mood strikes and here I am again. How come?
Firstly because my To-Do app on the iPad prompted me that it’s time to back up my blog. Actually there’s not a lot of point me backing up this blog since the last post was in March and I backed it up in April. Although, since I’m now writing a new post…
Secondly because when I do blog I sometimes try a different theme and I knew that I really didn’t like my last choice. But of course, you can’t see my last choice because I’ve now changed it. And if you read this at some point in the future (what else might you do? read it in the past…?) you might not be seeing the theme I chose today ‘cos I might have changed it again…
Thirdly because I was thinking about writing a tech-based post due to the increasing frequency with which I’m being notified that my devices / software aren’t up to scratch to run the latest stuff. More on this below.
Hence, I sit and type.
On my 2009 Compaq desktop running Windows Vista. Vista???!! Yep. On which I run Internet Explorer 9, the latest Vista can understand. And which, Twitter, now tells me, is inadequate and therefore I am reduced to viewing Twitter Mobile. On my desktop.
My other ageing device is a second generation iPod Touch, circa January 2009. I recently tried to add a Gmail account to the mail app and Gmail refused, saying the device wasn’t secure enough. Can’t complain about that, what with me being an IT guy and all. Then yesterday YouTube on the iPod started warning me it no longer fully supported my device.
Dang it. Inevitable really.
And so I muse on changing the PC, upgrading the PC to Windows 8.1 (and thence to Windows 10), and whether to keep the iPod for music only and invest in – gasp – a smartphone that can handle my email and YouTube thingies. (My current phone is distinctly unsmart – it makes calls and sends texts, end of story. Until my iPod started showing these signs of obsolescence I thought I’d hang on to my old phone until it broke. But maybe not.)
If you have absolutely nothing better to do, watch this space for further developments. And if you really have absolutely nothing better to do than that, I suggest you seek help.
The other day my iPad blogging app got confused between a brand new post I’d written and an existing WordPress post on this site. Result: When I “published” my new post, it actually overwrote the existing post. Boo. It was a fascinating one, too (as are they all, of course). Having dried my tears, I came to terms with the fact that it was irretrievably gone. All my blood, sweat and tears, vanished in an instant.
A quick glance around my WordPress dashboard led me to the Export tool. This downloads my precious posts to an XML file suitable for re-import to any WP site. (But, at a pinch, the raw text could also be extracted.) So hereafter, I’ll download the file at least monthly so that in the event of further human or technical glitches I can recover.
Have a good day – and don’t forget to back up your data 🙂
ONE of my Windows Server 2008 servers runs SharePoint for our intranet. I know enough about SharePoint to keep it running but I’m no expert in Internet Information Services (IIS). A while back we added another site to IIS for other specialised company information. The site’s developed by a programmer colleague of mine who works on it on his PC then publishes it to the web server. He told me that to make the publishing far smoother he needed something called “Microsoft Web Deploy” installed on the server. Apparently without it I would have to discover and configure a dozen IIS7 settings to make this thing work.
Because it’s “my” server, and I didn’t want to break SharePoint, I felt duty-bound to do the installation myself. However, I really hadn’t a clue what I was doing and just wanted “paint-by-numbers” instructions to follow. My colleague pointed me to this page for said instructions. This introduced me to the world of Microsoft’s Web Platform Installer (WPI), which I’d also never heard of before.
Next, I chose to install the Recommended Server Configuration for Web Hosting Providers (probably an over the top choice, since we’re not a hosting provider…), deselecting anything PHP-related (because we don’t use PHP). The installation started at 11 a.m. and was still going, showing no activity and no sign of progress, an hour later. I cancelled it.
Now, since working on versions of Windows Server later than 2003, I’ve become familiar with the “Run as Administrator” gotcha. That is, sometimes, even when you’re logged on to the server as an administrator, some software doesn’t work properly unless you explicitly right-click and choose Run as administrator. There’s no explanation; it just doesn’t work. I’ve been caught like this several times. I thought maybe I was a victim of this gotcha on this occasion, so I tried the WPI installation again, having run the installer “as admin”.
Again the installation started…and stopped.
At this point I also discovered that my SharePoint intranet site was broken. So much for protecting that. In frustration, I cancelled the installation and rebooted the server. Still no intranet. I checked that the SharePoint site was running in IIS, which it appeared to be. For good measure, I stopped and restarted the site and voila! My intranet lived again. But I still faced the problem of the failing WPI installation.
Returning to Google, I followed the recommendation in this post and deleted the contents of C:UsersusernameAppDataLocalMicrosoftWeb Platform Installer. I ran the installer (as admin) again and got the same problem.
This time I found the WPI log file and noticed that the last line was:
commandline is: 'C:Windowssysnativenet.exe stop was'. Process Id: 6300.
I wondered if the installer was failing to stop a service, so I ran the command manually and stopped the service. The output was this:
C:WindowsSystem32>net.exe stop was
The following services are dependent on the Windows Process Activation Service service.Stopping the Windows Process Activation Service service will also stop these services.
Net.Tcp Listener Adapter
Net.Pipe Listener Adapter
Net.Msmq Listener Adapter
Do you want to continue this operation? (Y/N) [N]: y
The Net.Tcp Listener Adapter service is stopping.
The Net.Tcp Listener Adapter service was stopped successfully.
The Net.Pipe Listener Adapter service is stopping.
The Net.Pipe Listener Adapter service was stopped successfully.
The Net.Msmq Listener Adapter service is stopping.
The Net.Msmq Listener Adapter service was stopped successfully.
The Windows Process Activation Service service is stopping.
The Windows Process Activation Service service was stopped successfully.
So – it seemed that the command in the installer failed to pass the “Y” command and sat there in limbo waiting for the service to stop. I cancelled the installation yet again, left those services stopped and ran the installer again. Mercifully, it completed.
After that it completed the install of 45 components (many of which we probably didn’t need, but what the heck), requested a reboot and finally my colleague could “Web Deploy” to his heart’s content.
This seems to be a bug in the WPI installer. I wondered why nobody else had found it – or, at least, I couldn’t find any posts suggesting they had. Hopefully by posting here, somebody else may be spared the pain I went through.