Tech Talk #100 – Mar 30, 2019

Chrome password checkup

Every time we hear about a data breach somewhere, we know that a new bunch of usernames and passwords were just stolen and are about to be used against us. Somehow, and by somebody.

But how do you tell if YOUR email address and or password was stolen?

You can always check by going to https://haveibeenpwned.com/ and enter your info, but wouldn’t it handy to have something that could check for you, as you log in to a web site?

Google has an extension for the Chrome browser that will alert you if you enter a username/password combination that Google “knows to be unsafe.” Google’s database contains 4 billion credentials that have been stolen in various data breaches. If your credentials are “known to be unsafe,” the extension will show a red dialog box that lets you know you should change your password for that site.

But doesn’t that mean Google can “see” your passwords?

Well, sort of. Google says the extension never reveals any personal information and that all queries are anonymous. Here’s what Google has to say about how it’s done:

At a high level, Password Checkup needs to query Google about the breach status of a username and password without revealing the information queried. At the same time, we need to ensure that no information about other unsafe usernames or passwords leaks in the process, and that brute force guessing is not an option. Password Checkup addresses all of these requirements by using multiple rounds of hashing, k-anonymity, private information retrieval, and a technique called blinding.”

The extension won’t nag you about weak passwords or let you if any of your other information has been compromised (which it probably has,) it’s only a username/password checker.

If you use Chrome, it’s a good tool to have. Get it here: https://chrome.google.com/webstore/detail/password-checkup/pncabnpcffmalkkjpajodfhijclecjno?hl=en

If you use Firefox, Mozilla similar feature called Firefox Monitor that checks your password, but Firefox Monitor uses the haveibeenpwned (HIBP) database for checking.

Many paid versions of password managers also query against the HIPB database.

Why “ji32k7au4a83” is a common password

“ji32k7au4a83” looks random, yet it has shown up in nearly 150 data breaches so far.

But why? Stupidly, but in a foreign language.

To type in the Mandarin language, you need a keyboard capable of typing the 37 characters and tone marks used in Mandarin Chinese, this keyboard is commonly called a Bopomofo keyboard. No, I didn’t make that up.

The word Bopomofo comes from the first four ordered syllables of Mandarin Chinese. A Bopomofo keyboard lets you type something in Mandarin that comes out as if you had typed it on a standard Western “qwerty” style keyboard. There are different layouts for Bopomofo keyboards, and the most common one is the Zhuyin Fuhao layout.

Some common passwords are “password” and “12345678,” because they are easy for people to remember. If a person in Taiwan uses the Zhuyin Fuhao layout on a Bopomofo keyboard and types in “mypassword,” the keyboard turns that into “ji32k7au4a83.”

And so now you know. Everybody is lousy at passwords.

12-inch extension cords

If you have (as I’m sure you do) your computer, router, monitor, printer, cell/tablet chargers, pencil sharpeners, and calculators, all plugged into a good surge protector or an uninterruptible power supply (UPS,) you know what a pain it can be getting all those wall warts, power bricks, and transformers plugged in. Not only do warts, bricks, and transformers come in different sizes and prong orientations, but most of them are also so big they cover up the outlet next to them.

The best way to get everything plugged into a one surge protector/UPS is to buy a pack of 12-inch extension cords. The cords will put those bulky and weird prong orientation warts/bricks/transformers things a foot away and let you plug in everything neatly.

Check online or at a hardware store for 12-inch extension cords and get a multi-pack.

Show some respect

A guy at a funeral is looking at his phone, frustrated, He whispers to the priest sitting next to him, “Do you have the wifi password”?

The priest looks at the man, shocked. “Respect the dead, sir.”

Looking at his phone, the guy replies, “All lowercase?”

Do you have a computer or technology question? Greg Cunningham has been providing Tehachapi with on-site PC and network services since 2007. Email Greg at greg@tech-hachapi.com.

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.