Trusting First Instinct and The Complete Menu

Happy rainy Friday.  Just want to let everyone know that I don’t have any classified documents in my garage, in the trunk of my old Camry or otherwise.  I didn’t tell anyone to lie about it [wagging finger] not even one time.

Biz Briefing:  Trusting My First Instinct

I got involved with a new (business) client over the past 2 months.  One of my business advisors told me not to get involved.  I didn’t listen.  I knew from the get go it was going to be a combative, if not hostile situation.  I then thought I am going to ask for a $1500 non refundable retainer and a few other conditions.  I didn’t listen to myself.  I got talked out of it.  99% of my client interactions are wonderful and warm situations.  My loose, warm, no hard line policies have worked for me for years.  However, the hard core business world isn’t always meant for teddy bears.  I don’t have contracts or service agreements. I don’t even think I would have the resources to pay someone to draw them up.  I ended up getting $burned$ by this situation. Lesson learned  I have got to stick to those warm and friendly encounters and trust my instinct on negative vibes that I get. Not every potential client is a match.

The Complete Menu

So now I want to talk about many of the services I can offer for you….

1. Comprehensive pre-purchase consultations for computers, iPhones, iPads — I will provide these services at no charge, including help with ordering if a client is going to have me set up their device for them.   If the client wants to set it up themselves or just wants a report to contemplate for later — I simply bill for my time.

2. Set up of computers, smartphones, tablets, printers.

3. Set up of TV’s that don’t need to be mounted — including setting up streaming services (Netflix, Amazon Prime, Hulu, Apple TV +) and streaming players (Fire Stick, Roku,  Google TV, Apple TV)

4.  Virus / Malware / Adware — computer security mitigation — including reports for your bank when required

5.  Freeze Credit Reports  – give yourself the ultimate protection

6. General computer / technology troubleshooting  (note – I do not personally replace screens on iPhones or laptops, but I can take your devices and get this done for you)

7.  Back Up —  backing up your data and establishing a backup plan

8.  Computer / Technology Training — Whether you are staying for extra-credit or sitting in the back of the class — I believe you have the power to learn

9. Set up new WiFi routers — especially the newer mesh WiFi systems (ie. Eero)

10.  Computer updates and resets — upgrade an existing operating system or wipe and reinstall

11.  New E-mail address / custom private email address — Whether you want to start fresh with a new free address or you want a custom e-mail like you@yorudomain(dot).com — I can help you get this done.

Updated Thoughts On Last Pass Breach

I just want to let you know my updated thoughts on this — now that I am more fully aware of what is going on.   Some of you I have helped move to another password manager 1Password or Bit Warden.  It’s entirely possible that you may want to stay with Last Pass and while they are not a company I would continue paying $36 a year to — it’s not the stupidest thing I’ve ever heard of (better then keeping passwords in an unprotected Word document on the computer, as some of my clients do.) 

If I were to give this situation a score I’m giving it a 5.5 out of 10, with 0 being nothing doing – walking to the sidewalk is a risk and 10 being nuclear disaster, call the lawyers. (However, I’m sure Last pass will be sued.)

Up until Thursday 12/22, Last Pass was a very respected commercial password manager, seen as an industry leader and widely praised among security experts — FOR YEARS.  Other competitors include 1Password, Dashlane, and Bit Warden.  In addition to personal use, Last Pass had a lot of corporate customers as well.  It’s estimated that there were as many as 37 million Last Pass accounts, just to give you an idea of their reach.  I had been a paying Last Pass customer since 2013. I think I first got started with formal password managers with 1Password back in 2010.  Back then I was primarily a Mac user.  I wanted to become fluent in both systems, so what I did for several years was keep my personal and business passwords in 1Password but keep all passwords related to my Master’s degree and the industry I was exploring in Last Pass.  Eventually around 2016-2017, I moved all of my passwords into Last Pass.  It wasn’t a better or worse situation, but since I was already paying for a Last Pass subscription and 1Password moved to a subscription model — I didn’t want to pay for a subscription to both.   The way I used to see things, I would recommend 1Password if a client was all Apple and and I would recommend Last Pass if there was a Windows device involved.  However, out in the wild there were plenty of Apple-only geeks out there that used Last Pass.  Today, it really doesn’t matter — both managers work fine on Windows and Mac interchangeably. 

Ending my story and back to the matter at hand — about a month ago Last Pass revealed that they discovered a minor security breach from back in August where no sensitive (ie. un-encrypted) data was revealed.   Companies are attacked all the time — insurance companies, the state government, etc, etc.  We never hear about it.  It’s like a vandal who breaks glass in a store but doesn’t steal locked goods.  It happens all the time.  Technically under the GDPR (European privacy laws, which are stricter than US), I believe notification is not required if ENCRYPTED data is stolen.  In general if data is truly well encrypted, it could take hackers multiple lifetimes — 1000s of years — to crack the data.  No one thought much of Last Pass’ previous announcement.  It’s nice that they let everyone know.

Then they made an announcement on 12/22.  Now that I have clarity on the breach, I want to be very specific.  These evil hackers did not have an active intrusion into Last Pass servers where they were running amok through customer data at the present time — like active shooters running through a mall — pardon the analogy.  The hackers breached a backup of Last Pass customer data that was connected to an employee’s computer in August 2022.  It all goes back to that breach.  It was an incident more than 4 months ago isolated to that point in time.

BUT BUT BUT — Last Pass’ claim to fame all these years was its ZERO KNOWLEDGE policy.   All customer data is locked with the Master Password right?  So the hackers got a big lump of coal, right?   Sadly — not true!!

While customers’ Master passwords and password data and secure notes WERE encrypted – customer names, email addresses and URL’s (meaning each website address they had a password for) WERE NOT encrypted.  Last Pass never let customers know this.  They certainly implied otherwise with that Zero Knowledge policy. 

It has not been revealed how many of the 37 million accounts’ data was stolen.  Logic would lead one to believe that this one employee did not have a backup of all of these accounts, but conservative estimates are perilous.  All customers should assume they were in the batch of stolen data.  The other key thing to remember is that this breach happened over 4 months ago and there haven’t been massive, widespread attacks against Last Pass customers.  According to experienced IT security professionals that I have interacted with over the past few days, this would indicate some sort of nation-state actor, likely looking to target specific individuals, such as their citizens or enemies. 

I think Last Pass failed on the communication front.  What did they know and when did they know it?   I do believe them that password data is secure if those passwords were protected with a secure Master Password. HOWEVER, some customers may have had WEAK master passwords. Uh-oh. Last Pass also failed in not having ALL data in a customer profile be encrypted. 

In conclusion, whether you are staying with Last Pass or moving to another password manager — you need a new master password and also the specific password for ALL SITES (all logins) need to be changed.  This will take you some time.  Do it deliberately and patiently.  Password managers like 1Password and Last Pass have a random password generator if you do not want to create your own.  I believe in also keeping a hard copy in a notebook as well.   I also like this tool for creating random passwords  https://www.random.org/passwords/  — your new passwords should be at the very bare minimum 12 characters long and ideally 14 to 16 characters plus, compliant with the website itself.  Some sites will not let you do 20 character passwords.

If there is any more help I can provide on this  — please let me know.

PS.  In case you are wondering — what password manager do your clients use the most?   They use the very limited password managers built into Safari, Firefox, or Chrome.  They are fraught with their own peril, in my opinion.  Frankly, many of my customers have dozens and dozens of insecure passwords.  So they have their passwords stored in a “manager” they don’t really use or maintain. 

Done With Last Pass and Two Holiday Gifts

Before I get to the holiday cheer — i need to tell you about a serious SECURITY INCIDENT.  I’m just going to get to the point.  I can no longer faithfully recommend Last Pass as a password manager.  Never putting all the eggs in one basket, I have recommended Last Pass and 1Password over the years as paid password managers to manage your treasured credentials.  Last Pass has now suffered its 2nd security breach in about a month.  The first one was minor, however in the latest incident customer credentials were accessed.  I can’t sugar coat this.  As of right now your passwords were not breached but user names, e-mail addresses,  billing addresses were.  So if the bad guy has  your user name and e-mail address — while they can’t get into your accounts necessarily just yet — they are a lot closer.  Last Pass was a great company when Joe Siegrest ran it.  He sold it about 7 years ago to Log Me In.  They were still good for a while.  It’s gone really off track.

I really haven’t publicized it, but since February I have used a password manager called Bit Warden.   If you are using Last Pass, your credentials can be exported to either  1Password ($36 per year) or Bit Warden ($10 per year).  Don’t make the decision based on price either.  You will want to choose one of these and then delete your info off of Last Pass as soon as possible.  I am available over the weekend, Monday or Tuesday to help you with this.

Happy Holidays Everyone!!!

Here Are My Holiday Gifts For you

#1 Alternative Electric Supplier — Look at your last Eversource electric bill.  If you are using 400 + kwh (kilowatt hours) per month right now, you will save money by changing electric suppliers  via the website energizect.com  .  You will still only get one Eversource bill per month.  

– Effective Jan. 1 — the Generation charge portion of your bill will double.  No joke  12 to 24 cents per kwh.

– Eversource does not profit off of generation.  They don’t care if you use an alternate generation company. 

– Unlike the “bad news” you might have heard about alternative suppliers 3 to 4 years ago, it’s a totally different ballgame now after laws were changed in 2020.  We the consumers are in control

-Best rates I was able to find right now are in the 16 to 17 range per kwh with 2 to 3 year guarantees on pricing.   It’s really a 1 way contract with the supplier guaranteeing you.   6 month, 12, or 18 months from now — if you want to change to another supplier or back to Eversource as your supplier — NO PROBLEM.  No penalty.

Examples of savings:

* I’m going to be saving $38 per month (use gas heat) by choosing Xoom as my supplier.

*My brother is going to be saving $50 per month (gas heat) by choosing Direct Energy as his supplier

*A client with electric heat in her condo (yikes!) is going to be saving $120 to $140 a month by choosing Xoom

*Just today – I saved a client $41 a month (oil heat) by choosing Xoom as his electric supplier.  This client’s annualized savings today paid for his Apple Watch. 🙂

And if Eversource’s new rate stays the same or goes up starting on July 1st — you could save even more in the summer months with that AC blasting.

No fees to switch  — one Eversource bill  — energizect.com  – you can do this!!

#2 Gift:  Some of you guys think this is funny or do not cut this page into strips to put on your fridge, near your phone and on your computer.  Please do.  I had several clients  get ripped off this year or near ripped off with infected computers.    Do you think you are so smart that you wouldn’t fall for a scam e-mail or phone call?  Think again.   I am an expert in helping older adults learn.  Older adults need reminders and reinforcement.    I have attached a 1 sheet document to print out — my $1000 Holiday Gift.   Use it  — pass it on.  It’s been updated for 2022 with some newer scams that I’ve dealt with.

In closing….

This may be my last update of the year — so I’ll close with this.   We need to take a lesson from Actor Tim Robbins and simply be kinder to each other.   The past 3 years have been a hyped up, hopped up time with a lot of division and demonization.  We do business together, we shop together, we exercise together, and attend events together.  I don’t exclude clients because of medical choices, politics, signs in the yard or whatever.  Co-existence does not confer agreement, but what I am really saying is everyone around here should do a better job of tolerating others.   Paraphrasing health guru Max Lugavere — eat more protein, less sugar, exercise more, and turn off the news.

Those are my new year’s resolutions!!

Have a joyful Christmas and Hanukkah!

Time To Update Your Mac–12.6.1

I just spent some time with a client on Saturday and the primary issue was — even on a current model M1 iMac — the software (mac OS) needed to be updated and it hadn’t been updated in months.  The system was on mac OS 12 but it was an older version  12.4.  The latest installment of 12 is 12.6.1.    As much as I say — leave things to the automatic updates — sometimes it doesn’t go that way.

I don’t want anyone updating to mac OS 13 yet (perhaps a few months later would be fine), but Apple does give you the option of just updating to a newer version of OS 12. 

Doing the Update

Some of you can probably do this on your own.  Others, like my 94 year old client on Saturday, will want my help.  Although this was not a brand new OS version, it was a significant update and took 1 hour. 

1. Click on the Apple Menu in the top left of your screen

2. Click System Preferences

3. On the window that appears, click Software Update

4.  On the next screen you will probably see a big button to upgrade to OS 13. YOU DON’T WANT THAT.

5.  Right below in smaller font there will be a section allowing you to do other updates — that’s what you want.    Therein you should see the opportunity to get 12.6.1

Make sure your Mac is plugged in (laptop) and backed up before any updates.  Go for it!!

Make Sure Your System Works

Make Sure Your (Password) System Works

Some clients along with yours truly use a sophisticated password manager. At the bare minimum you should have a paper notebook.  And then you should start new notebooks when they get all messed up and full of cross-outs.  However, whether manual or electronic, your system of password keeping is not good unless you regularly test that it works.  It’s just bad data if it doesn’t work.  So I’m suggesting that quarterly (if not more often, with banking and sites you frequent) — you should log into every website you have a password for.   Make sure you have WORKING PASSWORDS.

Common websites you need to check are —

https://my.xfinity.com/

Gmail.com

mail.yahoo.com

ATT Yahoo / att.net, sbcglobal, snet e-mail  https://currently.att.yahoo.com/

You should also try

-Microsoft Office subscription / Microsoft account  https://account.microsoft.com

iCloud.com 

-Your banking / investment websites

-Shopping websites

-Newspapers and publications

**It’s really really bad form to keep passwords in an unencrypted Word or Excel file stored on the computer.  You are setting yourselves up for theft.   Modern versions of Microsoft Office will allow you to save PASSWORD PROTECTED Word and Excel files.  These are somewhat encrypted and the encryption improved in Office 2016 and later.   Still not my favorite – but better than naked files.

Best Tip I Could Give On AOL Mail

(The 1990s is calling and they want their e-mail back.  HA HA.)

All kidding aside for some reason — you may still be using AOL for email.  I had a client last week who got scammed by a bogus e-mail that got through to his AOL account.  3/4 of his messages are SPAM.   His computer ended up being taken over by hackers.  It required a 3 hour appointment with me (and 1 hour follow up today), a complete erasing of the computer and setting it up again.

AOL Mail does not have customizable Spam settings where you could tell it for example to be Stricter about filtering spam.   However…….. we discovered there is a VERY powerful feature in the Options / Mail Settings.    If you are highly bothered by Spam in your AOL account — I strongly suggest turning it on. 

The name of this feature is

Block All Senders Except Contacts

It does exactly that.  Senders who are not in your Contacts will not be able to email you.   If you want to receive email from a particular person — add them to the Contacts.  People whom you’ve previously e-mailed are already in your contacts. 

This feature is in

Options  >> Mail Settings>> Block Senders

*My client is thrilled now as his Spam volume will be cut down by 90% or more.  This will save him from costly mistakes and the hassle of having to close his checking account and re-open a new one. 

Our Leaders Failed Us

#NeverForget

All the warnings and information were readily available to anyone paying attention.

Solid Steel Real Deal

Biz Briefing:  Quick Note about Quick Books

Several of my clients are in business for themselves. You may know someone in the same boat whether they run a small office or are more of a self-employed consultant.  Quick Books basically has a monopoly on the market for small business accounting software.  I use it and you probably do too.  Quick Books has grown increasingly unfriendly in recent years.  Business owners used to upgrade their Quick Books about every 4 years.  However, their real goal over the past couple of years has been to push customers into their new Quick Books Online offering.  A functional subscription is about $60 a month (and pricing has gone up on that too).  The desktop or regular Quick Books program (Mac and Windows) was $200-300.  In 2020, it went up to $349 per year.  Next year — wow [ouch] Quick Books desktop is going to be  $799 / year.  I know people holding on to Quick Book Pro 2016 for dear life.   Hold on if you can.  That version of Quick Books (any prior 2020) is considered insecure.  PROTECT THE COMPUTER IT’S ON LIKE FORT KNOX.  The future is QB Online. It’s been great for their bottom line, not ours!

Sad ending to the season for the Mets.   Yankees and Dodgers World Series anyone?

30 Second Tip

When you are having an issue or quick with your devices, try a Restart.  You probably know how to  restart your computer.  However, there is not true restart on the iPhone / iPad.  So, you must Shut Down and then turn it back on.  Settings >> General >> Shut Down.   Then hold the big button on the right side of the iPhone (or top for iPads) for 5 seconds to turn it back on. 

Solid Steel Real Deal

I’ve begun setting up iPhone 14 Pro models for my clients.  So far the ratio is all iPhone 14 Pro and no regular 14’s (but remember I am not down on the plain old 14, having just at 13 myself).  However, there is something special in the hand when I hold the 14 Pro.  The weight and the feel of the stainless steel case is so apparent.  It reminds me of when I hold one of the cheaper Timex watches.  It’s light and made out of brass.  An aluminum watch would feel the same way. However, then think back to the feeling of a watch made out of all stainless steel (or mixed with some gold).  Think of that bracelet with all solid links.  There is precision engineering at work.  It feels like a significant object.  That is my tactile perception of the iPhone 14 Pro.  I haven’t even addressed the camera yet.   The difference between the 14 and the 14 Pro is like really good vs. a knockout. It’s still a bit shocking to me that the price difference is only +$200 for the Pro.  I see value in the $999 price point, especially when the carriers or Apple are willing to give interest free financing. 

Song of the Week

I haven’t done one in a while, so how about a tune you probably haven’t heard, from my favorites.  “More to Life” by Stacie Orrico.   Stacie was a known pop singer in that late 90’s early 2000’s era when Brittney and Christina were the MTV stars.  However, she had a marketing problem.  She wasn’t Christian enough for Christian music, but she was too squeaky clean for the predators of the pop music industry.  So — she ended up becoming a big hit in Japan and Malaysia around 2003 where they valued a singer with high morals.   Sadly, Stacie quit the business.

https://m.youtube.com/watch?v=mRLkwwNb9js

There is a happy ending though.  Today, Stacie is living her dream playing in clubs as a blues singer in the Atlanta area. 

There’s got to be more to life…. than wanting more,

Windows Users–Benefits Of Using One Drive

Though some of you are the exception — the easiest way to make sure you don’t lose files on your Windows — is to have One Drive for Desktop and Documents turned on so it backs up and synchronizes your files.    If you are not using One Drive for your files — maybe it’s time you start.  $6 per month — and it gets you Office 365 (and the latest Word, Excel, etc).  (If I already have you using Carbonite or BackBlaze — you are probably the exception to the rule but we can talk about this next time).  Saving a spreadsheet to One Drive that went missing today saved my client from catastrophic data loss. 

Mac Users–Benefits Of Using iCloud

Though some of you are the exception — the easiest way to make sure you don’t lose files on your Mac — is to have iCloud for Desktop and Documents turned on so it backs up and synchronizes your files.    If you are not using iCloud for your files — maybe it’s time you start. 

(If I already have you using Carbonite or BackBlaze — you are probably the exception to the rule but we can talk about this next time)