Check Your Inbox, You May Not Be As Safe As You Think You Are.....

Even if you aren't a Playstation junkie, you probably read something about Sony's network getting hacked last year. This exploitation of an international company with a massive user base made for headline grabbing news for several weeks. In fact, it took Sony months to harden its Playstation architecture and fully restore the all network functionality. As recently as October, 2011, Sony admitted its network was compromised again and it closed over 90,000 user accounts.

Why am I writing about this "old news" today? Because another major company database was recently compromised and if you didn't check your inbox carefully you may have missed it! Zappos, the very popular online shoe service which a little online retailer called Amazon acquired in 2009 for 1.2 Billion dollars sent this message out to its customers yesterday (January 16, 2012):

First, the bad news:

We are writing to let you know that there may have been illegal and unauthorized access to some of your customer account information on Zappos.com, including one or more of the following: your name, e-mail address, billing and shipping addresses, phone number, the last four digits of your credit card number (the standard information you find on receipts), and/or your cryptographically scrambled password (but not your actual password).

THE BETTER NEWS:

The database that stores your critical credit card and other payment data was NOT affected or accessed.

SECURITY PRECAUTIONS:

For your protection and to prevent unauthorized access, we have expired and reset your password so you can create a new password. Please follow the instructions below to create a new password.

We also recommend that you change your password on any other web site where you use the same or a similar password. As always, please remember that Zappos.com will never ask you for personal or account information in an e-mail. Please exercise caution if you receive any emails or phone calls that ask for personal information or direct you to a web site where you are asked to provide personal information.

PLEASE CREATE A NEW PASSWORD:

We have expired and reset your password so you can create a new password. Please create a new password by visiting Zappos.com and clicking on the "Create a New Password" link in the upper right corner of the web site and follow the steps from there.

We sincerely apologize for any inconvenience this may cause. If you have any additional questions about this process, please email us at passwordchange@zappos.com

If companies the size of Sony and Amazon are vulnerable to these intrusions, imagine what companies with fewer engineering resources, or less ethics, may be experiencing. Resetting a single password isn't overly time consuming and I am thankful that Zappos proactively took the step of forcing a reset. 

How many of you still use the same, or very similar, passwords across your digital universe!? I bet there are more of you raising your hand in the privacy of your home than not! My father who was a brilliant attorney and wise in so many ways, struggled with authentication issues at work and home. Part of his "solution" was to keep passwords "simple" and I mean this literally! I warned him of the folly of this approach, but it fell on deaf ears. He passed away amazed at how pervasive computers and the internet had become in his life. (Less than twenty years ago, he stated that he would finish his law career using the same two fingered typing style which worked during his time at Harvard Law School. He thought he would practice law without having to personally interact with computers on a consistent basis! By the time he left us, he had multiple computers in his personal office-- and rightly considered the law firm's complex telephone system, which was tied to billing, a "computer" in its own right. Pop had a computer at home with data he considered so critical that he (again literally) ran into a burning house to rescue "the brains" as he called it which contained his Quicken file with over a decade of transactions. (Yes, until the house burned he also ignored my admonitions for both on site and OFF SITE backups!)

Pop's "simple" password unlocked the door to all of these systems and were he to receive the notice from Zappos, it would be critical that he change all of his passwords immediately!!! (If you relate to my father's approach to computer security, you may want to stop reading and start changing all of your passwords starting with your bank account(s).) Of course the problem for my father, and myself, and most likely the vast majority of my readers, is secure passwords are by definition, all but impossible to keep track of and remember! 

Periodically, you will see an article attempting to simplify the creation of complex passwords (or better,  passphrases!!!) but I don't find any of these solutions to work for me. One idea is to shift your fingers on the keyboard one row and/or key while typing a common word. So, "simple" could become, "WIJ0O3." or another nonsensical term. This is too hard for me and it still doesn't prevent you from replicating this new password/passphrase across multiple sites which is half the danger!

The only solution I have found is to use Roboform (or Roboform Everywhere; $9.95/year) or Last Pass (free). But don't just use these to help you remember passwords and fill in forms (which are wonderful time savers in and of themeselves) but use the programs' password generator feature! That is the real beauty of these programs, you aren't remembering the actual passwords, so who cares if your bank password is "bf6s71tD" ? In fact, you should care because it is unique, totally random, and not based on any term found in a dictionary (which is important if you want to foil some hacking attempts).

Unless your computing environment supports biometric authentication you will still have to remember one master password and it probably shouldn't be "simple" (sorry Pop), but creating one master password to unlock and protect your online world is a very  small price to pay! If you aren't using one of these programs and its password generating feature, why not?

One more thing, once you have all of your authentication securely updated using Roboform or Last Pass, be sure to either save a digital version of your password file and master password (or even print it out if you must) and place it in your safe deposit box or pass it along to your attorney,  Executor, or trusted family member. If something happens to you, accessing your account information will be critically important to those left behind. 

Buying shoes, and everything else, online is wonderful! It isn't easy to drag me out to a store for any reason these days (just ask my daughter, step-Mother, or girlfriend). Just be sure that the hacker reading the Zappos database doesn't learn anything more about you than your  shoe size!

I currently particpate in the Amazon Associates Program and certain item links included within this post may tie to this affiliate program.

I hold a long position in  $AMZN

Companies:  Amazon, Last Pass, Roboform, Zappos

This commentary is not meant as an endorsement of any company or to provide financial advice.  If the author has any financial interest in any company mentioned at the time of this article’s posting, it will be explicitly noted. I welcome feedback and comments. 

All rights reserved @2012, Music Row Tech (MRT). Any reproduction without the author's consent is prohibited.

Is Apple Losing Its Mojo? The iCloud Has At Least A Few Raindrops....

Apple’s once seamless experience, the “it just works”  mojo which every fanboy has waved in front of Windows centric guys like me for years like a red cape in front of a bull,  is being bloodied of late. In many ways, it pains me to write about these missteps. You see after decades performing network support, coding for, and proselytizing the merits of the Wintel ecosystem (particularly for mainstream businesses of all sizes), I have embraced the Apple Kool Aid. For the past six years, I have advocated that Apple’s walled garden approach is a “better mousetrap” for many, especially for individual users and smaller businesses.  The  lack of mainstream malware issues alone more than offsets the TCO (total cost of ownership) equation for virtually this entire, massive, user community despite the premium you pay for that stylish Apple packaging and logo  on the front end.

The tipping point for me, and many others, has been the undeniably joyous mobile experience of the iPod, iPhone, and iPad.   I have used every iteration of iPhone and iPad on a daily basis and have been accused of working for Apple, or at the very least being a shareholder (which sadly I am not, then or now!). I have happily related the personal and professional productivity these tools have added to my life on hundreds of occasions since the earliest days of the iPhone’s debut.  My tales and ad hoc demonstrations are responsible for “selling” dozens and dozens of iProducts to family, clients, and even passing strangers.

So why do I sense the winds may be changing…? Let me cite this recent, “unApplelike” experience:

Authentication!  With the addition of iCloud and its at times confusing subsets—Photo Stream; iCloud Music/Match—Home Sharing and of course the Apple Store, log in issues are surfacing with great frequency and causing (real losses of productivity, not to mention frustration). Ironically, in many instances, it is the long term Apple faithful, experiencing the most frustrations.

If you happen to be beginning your trip into Apple’s garden today, authentication can be administered in a straightforward manner. Sign up following Apple’s rules for user name and passwords when you register your first Apple Product. When you purchase your second (and Apple hopes your third, fourth, ….) use the same user name/password log in combination. When you add a new service to your personal ecosystem such as iCloud, iCloud Music (and yes they are different), Photo Sharing, Home Sharing, use the same authentication!  Adhere to a few more caveats which are known issues but aren’t highlighted in Apple’s many getting started videos and tutorials.

 For instance, don’t try to share your devices and content libraries with your family members.  Think you and your daughter should be able to listen to each other’s music while sitting around the house through your family iPad or through the family iTV? After all, you (Dad) in all likelihood paid for all that great “99 Cent” song content no matter what Apple ID your kid was signed on as when s/he hit that all so easy, “Buy Now” button! No way, Pops! Not if you (very rationally)  gave your kid their own Apple ID to say keep track of  their online spending (after all what Dad wants to give their kid unrestricted “Buy Now” rights to their Apple tied AMEX card at age eight???) or for any of number of other valid reasons. Multiply this several fold if your nuclear family (and number of Apple Accounts) is  larger than my little two person household (discounting the dog who to date hasn’t gotten into this circus beyond chewing on an Apple charging cord several years ago). Or how about reading an eBook and wanting to share it with your family member? Not likely (this one you can assign blame to the print publishing world who is even further behind the twenty-first century curve and the folks down the street from me on Music Row  many of whom still are living in denial of the “new” digital music world in which they live. But this is a topic for another post.)

Don’t travel internationally (you can’t use the same credentials in Apple’s Japan iStore, as well as several other countries,  and in America). Again, certain legal issues make this separation necessary, but we expect Apple to solve these logistical hurdles for us, or at the very least make them well known "potholes," and not let us fall into these problems unwittingly!

You think everything you buy from Apple is yours to use on any device? You have to understand, it is your authentication, now really a verified email address, not your AMEX number, not even your Social Security Number, which is the glue holding your iCloud world together (or will tear it apart).

Problems, some severe, arise if you have multiple Apple IDs; happen to have an Apple ID which is not a fully qualified email address (such as “rwachs”) or have at one time accepted an Apple email account tied to the soon to be jettisoned, Mobile Me experience….?  If any of these situations applies to you, the promise of putting your life in Apple’s hands and servers can be filled with stormy iClouds….

Reports of “losing” access to at times years of paid content; improperly or non-synching of important, critical, calendar and contact information, and more have resulted from these issues. Add imposed DRM (digital rights management) constraints imposed by book and music content providers (and yes there are still plenty of hoops to jump through!) and the problems simply multiply! Even after sorting through the various user name/passwords governing:

•          Apple Store
•          iCloud Data (Contacts/Calendar/Bookmarks/etc.)
•          iCloud Music/Match
•          Home Sharing

across multiple devices including iPhones; iTvs; iPads; iPods and computer systems (including a Windows box running  the now aging iTunes software which remains the chief local “meteorologist” for this new iCloud  vision of your digital life), and I have vexing problems. After more than thirty days of “experimentation” with these services My iPad2 still insists that, “This Device is Already Associated With an Apple ID…. You can use iTunes Match on this device with just one Apple ID every 90 days. This device can be used with another Apple ID in XX days.”

Of course my iPad is associated with an Apple ID! Ironically, until very recently, you couldn’t even use an iPad2 without tethering it to an iTunes enabled computer and “phoning home” with an Apple approved account! I don’t even know which ID my iPad2 is unhappily tied to (when I purchased this unit the first day it was available almost a year ago I only had one Apple Account to associate)...  Frankly, I stand a very real chance of typing the “wrong” ID again when my 90 Day penalty box finally expires (which will put me into the summer of 2012 before I can play music or  synch a book or app, off this device again)! By the way, the iCloud process kindly erased all my existing music on this device before telling me it “isn’t eligible” for the newly purchased iCloud Music Account or other iCloud synching benefits!

To be fair, authentication issues aren’t “easy” to fix and merging accounts on the backend of complex databases can be a challenge. Google (I am currently  hold a long equity position in this company) struggled to get Google Docs users onto Google+ for several months (during this product’s beta period which is the time to explore these problems!) But Apple certainly has the engineering resources to resolve these issues and should have every motivation to do so as it is its most loyal base of long term users that are bearing the brunt of these problems.

I spent several hours sorting through these problems. I resorted to creating simple spreadsheets to identify and isolate which devices and log ins might be causing the problems I was experiencing. I even contacted Apple Support in an effort to “merge” my user name with the verified, primary, email address tied to this account, thinking this would solve some of the issues. After an hour’s conversation and some internal discussion I wasn’t privy to, I was able to make my primary email, rwachs@musicrowtech.com my default Apple ID—my ten plus year, “rwachs” user name was not accepted by one or more new Apple services which require a fully qualified email address. This did resolve some, but not all, of my connectivity/synching issues.

All told, I spent about eight hours troubleshooting, researching, and contacting tech support on these issues alone. The $25 annual iCloud Music charge, bandwidth, upload time, and other costs are strictly incidental to my time and yes, “frustration.”  If these inconsistencies between new Apple products  prove vexing to someone with nearly thirty years of IT experience, I can only imagine what some of the less computer savvy—including  many of those I have encouraged to move  to Apple’s ecosystem through the years!—must be experiencing. Judging by Google searches and support forum posts I have read in an effort to understand my problems, I am far from alone.

Apple, with Steve Jobs at the helm over the past couple of decades, has built what is arguably the premiere technology company, not to mention the most highly valued worldwide corporation, by building wonderful products which “just work.” Whether it is reaching for the next new thing (e.g. cloud computing), pushing a product out the door prematurely (with the exception of Siri, Apple is not known for releasing products into “the wild” in beta), or simply striving to appeal to an ever growing audience beyond its core constituency Apple fan base, iCloud seems to be the first major endeavor in quite some time to leave Infinity Loop not quite ready for prime time…. Stay tuned for more.

How has iCloud impacted your life?  Have you had a smooth transition? Can you not live without the cloud in your life? Not live with it!? Please share your thoughts….

This commentary is not meant as an endorsement of any company or to provide financial advice.  If the author has any financial interest in any company mentioned at the time of this article’s posting, it will be explicitly noted. I welcome feedback and comments. 

Follow me on  Twitter! You may also contact me directly.