DO
• Use a password with mixed-case letters. Use uppercase letters throughout the password.
• Use a password that contains alphanumeric characters and include punctuation, where supported by the operating system.
• Use a password with mixed-case letters. Do not just capitalize the first letter, but add uppercase letters throughout the password.
• Use at least six characters, eight characters for Windows NT.
• Use a seemingly random selection of letters and numbers.
• Use a password that can be typed quickly, without having to look at the keyboard. This makes it harder for someone to steal your password by looking at your keyboard (also known as “shoulder surfing”).
• Change passwords regularly. The more critical an account to network integrity (such as root on a Unix host or Administrator on Windows NT), the more frequently the password should be changed. This change stops someone who has already compromised an account from continued access.

DO NOT
• Use a network login ID in any form (reversed, capitalized, or doubled as a password).
• Use your first, middle or last name or anyone else’s in any form. Do not use your initials or any nicknames you may have or anyone else’s.
• Use a word contained in English or foreign dictionaries, spelling lists, or other word lists and abbreviations.
• Use other information easily obtained about you. This includes pet names, license plate numbers, telephone numbers, identification numbers, the brand of your automobile, the name of the street you live on, and so on. Such passwords are very easily guessed by someone who knows the user.
• Use a password of all numbers, or a password composed of alphabet characters. Mix numbers and letters.
• Use dates e.g., September, SEPT1999 or any combination thereof.
• Use keyboard sequences, e.g., qwerty.
• Use a sample password, no matter how good, that you’ve gotten from a book that discusses information and computer security.
• Use any of the above things spelled backwards, or in caps, or otherwise disguised.
• Write a password on sticky notes, desk blotters, calendars, or store it online where it can be accessed by others.
• Use shared accounts. Accountability for group access is extremely difficult.
• Reveal a password to anyone.

SUGGESTIONS
Common suggestions for constructing seemingly random passwords are:
• Use the first letter of each word from a line in a book, song, or poem. For example: “Who ya gonna call? Ghost Busters!” would produce “Wygc?GB!”
• Use the output from a random password generator. Select a random string that can be pronounced and is easy to remember. For example, the random string “adazac123″ can be pronounced a-da-zac, and you can remember it by thinking of it as “A-to-Z,1 through 3.” Add uppercase letters to create your own emphasis, e.g., aDAzac.2
• Use two short words connected by punctuation, e.g., T1me#0ff
• Use numbers and letters to create an imaginary vanity license plate password, e.g., 1H8work!

A common theme of these suggestions is that the password should be easy to remember. Avoid passwords that must be written down to be remembered. If unrecallable, someone in your office may find the password you have written down, and compromise your network identity.
These guidelines and suggestions should enable you to choose strong passwords that will help you improve the security of your system.

Additional Notes:
The CERT/CC (Computer Emergency Response Team / Coordination Center), a federally funded organization based at Carnegie Mellon University, estimates that 80% of all network security problems are caused by bad passwords; therefore, good passwords are the simplest, and most important part of information security.

Regardless what the salesperson tells you, you don’t need the extended warranty.

Here’s why:

• Most major computer manufacturers already offer 1 year of parts and labor.  If your computer fails, it’s most likely to fail within the 1st year.
• The average cost of fixing a computer is about the same cost as the extended warranty.
• Many extended warranties won’t cover the kinds of disasters you will likely experience: drops, spills, and electrical shortages.

If you feel you must buy an extended warranty

For consumers who want peace of mind and don’t mind paying for an extended warranty they’ll probably never need, or for those whose chosen brand is repair prone, we offer this advice (source: ConsumerReports.org):

First check your credit card.
Before you say yes to an extended warranty on any product, see whether your credit card provides similar coverage. Such plans, most often found on gold and platinum cards, typically lengthen the original manufacturer’s warranty by as much as one year.

Shop around.
Extended warranties vary in length and terms. Don’t pay more than 20 percent of the purchase price of the product for one. Always try to negotiate a better price.

See what the retailer offers.
Some retailers might extend a warranty as well. Costco, for example, extends the manufacturer’s warranty on televisions and computers to 2 years from the date of purchase, at no cost to you.

Beware of hidden “gotchas.”
For heavy items such as large TVs or major appliances, ask whether the extended warranty includes in-home repair or pickup. For TVs, who reinstalls it and reconnects it to your audio-video setup? And if the product will be repaired, is there a lemon clause such that after a few repairs the product is replaced?

Keep in mind that an extended warranty usually begins the day you purchase a product, so it overlaps with the standard warranty for a year (assuming that’s the term of the standard coverage). So a three-year policy gives you only two years of additional coverage.

For more info:

http://www.consumerreports.org

http://www.apple.com/support/products/

http://www.shopping.hp.com/product/esp/Notebook/1/storefronts/U4821A

http://www.consumeraffairs.com/news04/2005/extended_warranty.html

http://www.thestandard.com/news/2008/11/10/would-you-buy-circuit-city- extended-warranty

The Problem:

My brother and I like to ‘freestyle’ travel.

Once a year we choose some spot on the globe, buy roundtrip tickets, and explore the place without any preparation.  No hotel reservations, no guided tours, no one to escort us around town.

Just show up and survive!  As you can imagine, our trips are full of unplanned adventure.

The difference between a good vacation and a great one is usually determined by one important variable:  how quickly we meet someone in-the-know.  Guidebooks are informative and useful, but meeting a local who can recommend things to do and places to go is infinitely more productive.

So how can we leverage technology to improve our travel experience?

The Solution

Before you purchase your tickets, check out Kayak.com.  It will run your itinerary through all the major travel engines, ensuring you get the best price.

If I’m headed to a large city in the USA, I usually try PriceLine.com for discounted pricing on five star hotels.  Go straight to the section for naming your own price and bid ridiculously low.  It works well in places that are undersold, like LAX.

CraigsList.org is a good place to search for vacation rentals.  For example, hotel prices in New York start at about $200 for a night for a depressed property.  On CraigsList, you can get a clean, fully furnished, one bedroom condo for just $150/night.

TripAdvisor.com is a good site for getting feedback on places to stay and things to do.  I also like the ’36 Hours’ section of The New York Times (nytimes.com).  Be sure to drill down into the readers’ comments.  You will find good insight there.

Lately I’ve become a fan of Yelp.com – especially on my iPhone.  Yelp provides user generated reviews of everything from best place to get a sandwich to finding a gym for a quick workout while on the road.

The iPhone has a built-in GPS, so after choosing Yelp’s recommended place for breakfast, iPhone will display your real-time position on a nice little map, helping you navigate to the target destination.  It works very well.

The main difference between http:// and https:// is security.

HTTP stands for HyperText Transport Protocol, which is just a fancy way of saying it’s a protocol (a language, in a manner of speaking) for information to be passed back and forth between web servers and clients.

The important thing is the letter “S” which makes the difference between HTTP and HTTPS.

The “S” stands for “Secure”.

If you visit a website or webpage, and look at the address in the web browser, it will likely begin with the following: http://.   This means that the website is talking to your browser using the regular ‘unsecure’ language. In other words, it is possible for someone to “eavesdrop” on your computer’s conversation with the website. If you fill out a form on the website, someone might see the information you send to that site.

This is why you never ever enter your credit card number in an http website!

But if the web address begins with https://, that basically means your computer is talking to the website in a secure code that no one can eavesdrop on.

Bottom line:
If a website ever asks you to enter your credit card information, you should automatically look to see if the web address begins with https://. If it doesn’t, there’s no way you’re going to enter sensitive information like a credit card number.