Thoughts on creating more secure passwords

After recently spending time creating an application to take words or phrases and turning them into password suggestions, I thought I would share.

Long passwords are in general more secure than short ones. However, it all depends on the composition of a long password. It is much easier to remember a long phrase than a short, random password.

It turns out that most computer users have been taught to use passwords that are hard for them to remember. But, those types of passwords are actually easier for programs to figure out. So, why bother with random passwords at all?

Take the following password phrase and change it up a few ways:

This is a test – plain text
Th1s1s@t3st – change i to 1, a to @ and e to 3
testisThisa – shuffle the phrase
#06Thisisatest17* – add #month and year* to the phrase
#06Tiat17* – first letter of each word

What we find, is that the first and fourth passwords are the strongest and are easy to remember.
Using a password strength tool like zxcvbnthe results are below. This tester checks the characters in the password and also looks up words in a large dictionary. In the first example, a computer would have to check up to 1,000,000,000,000 (10^12) different guesses to find the correct phrase.

This is a test = 10^12 guesses, score 4 of 4 (14 characters)
Th1s1s@t3st = 10^9 guesses, score 3 of 4 (11 characters)
testisThisa = 10^8 guesses, score 3 of 4 (11 characters)
#06Thisisatest17* = 10^16, score 4 of 4 (17 characters)
#06Tiat17* = 10^10, score 3 of 4 (10 characters)


You can see a direct relationship between the length of the password and how hard it is to guess.

Microsoft limits passwords from 8 to 16 characters.
Yahoo use to allow really long passwords but now 32 characters is the maximum.

So, the recommendation is to use a phrase you can remember easily, but, not one that others would know about. For Microsoft logins or emails, you will have that 16 character limitation but you can use a long phrase and just pick the first letter of each word, then add text to both ends of the result. If you use something like month and year above then your phrase can be up to 10 words long. Be sure to include upper and lower case words.

For more information on zxcvbn which was created by a programmer at DropBox, click here.

For another password test page, click here.

Popup Info – Displaying popular quotes and other information

  • v1.03 update. Corrected the number of Christian Quotes to 1,750.
  • v1.02 update. Adds menu options to display popups on left or right side or the center of the main monitor window.
  • First Public Release v1.0 is now available.

Over a year ago, I added some popup information to my Ready Bible Study program. It took some time to get the lists together and learn how to present them in a simple, attractive way.

Late last week I decided that I would split off those lists, add some more and create a separate, much smaller program called Popup Info. I added a list of 160 general quotes, 100 motivational quotes, 50 computer programmer quotes and 65 workout quotes which makes a total of 8 different lists. As I run across more, I will add them in the future.

The current version 1.03 is about 900kb and may be downloaded here. Just place it in any folder and run it. PopupInfo

Program Info:

Program Menu options:

Sample popups are easy to display with Demo Mode:

Users can set the number of minutes between popups and also turn off any lists they are not interested in.

Setting any Interval to 0 will turn that list off. Setting the Display Time to 0 will display each popup until you click on it.

You may click on the program tray icon to Pause or Resume display of Popups.

PC Monitoring and Remote Administration

So, over the last two years, I have written some scripts or apps that were ultimately used at work. One was a response to the malware family called ransomware which gets onto a computer, encrypts the user’s files and then gives them instructions on how to pay to have them unencrypted.

DocWatch

Our antivirus software, at the time, did not prevent this type of activity and we had a couple of attacks and a lot of files encrypted. Fortunately, we have good backups, so the files were relatively easy to restore.

I found a directory watcher routine that miraculously would notify me of changes to any number of files and folders on both local and network shared folders. It was written in AutoHotkey, which I was unfamiliar with. But, I put on my thinking cap and created my first app in that language and called it DocWatch. It basically lets users add folders to a watch list and only looks at business documents for either rapid changes or certain filenames. Most crypto malware or ransomware programs use specific filenames and are easy to detect after they start their damaging encryption. DocWatch alerts on both activity levels and filenames, both of which are configurable. It will email an administrator and, if running on the infected computer, it can shut it down automatically. Below are a couple of screen shots.

The PDF Manual is here DocWatch Manual.
For those who are interested in this feel free to contact me.

PC Dashboard

Another application we use frequently brings a lot of separate PC utilities under a single program. We regularly work with lots of computers, installing software, troubleshooting issues, inventorying, etc. So, I embedded many small applications into a common interface shown below. Again, if anyone is interested in adapting the program to their network, please contact me. The PDF Manual is here PC Dashboard 2



Click Eye Reminder v1.29

v1.29 – fixed audio volume issue
v1.28 – added AutoStart, For Audio Only it uses two beeps for Right Eye, one beep for Left Eye
v1.27 – fixed accidental lowering of system volume by the program
v1.26 – added Timer Only Audio if you want to use sounds only to signal switching eyes. Chimes Up for Right Eye, Chimes Down for Left Eye.
v1.25 – added different times for Audio feedback when using Timer Only

For people who predominantly use one eye while reading, this program periodically displays a small prompt to switch from Left to Right eye after a user chosen number of mouse clicks. I use my Right eye much more than the Left, so I wrote this hoping to help my vision.

It can be customized by font, size, display time, etc. For multiple monitor users, it can be set to use one eye for each monitor.  In Clicks Only mode, after 5 minutes of no clicks, the prompt to switch eyes will be displayed at twice size, centered with audio. I have only tested multi monitor support with my three monitor setup at work.

Users may also Pause / Resume the program from the menu or by clicking on the tray icon. If they choose Use Audio then every visual prompt is preceded by a beep.

Just open the download and copy the file to any folder and run it. No install is required. The program download is here Click Eye Reminder


   

 

 

Get Exercise 1.7x – Exercise Dashboard and Timers added

Version 1.74 of Get Exercise may be download here GetExercise or from this page http://michaels-tech-notes.info. The latest additions are below.

v1.74 – 01/10/17  Add left click tray menu, shorter, more context sensitive than the right click menu.
v1.73 – 01/06/17  Added ability to click on Tray icon to Start, Stop or Switch Pomodoro timers, Pause/Resume Exercises, exit the program. Made the Stretching timers owned by the current exercise window so it only stays open for one exercise.

   

A lot has happened since the last update to Get Exercise. After noticing that there were a lot of windows and prompts on my computer after I had been away from it for a while, I decided that a central window to hold exercise reminders was needed. I have called it an Exercise Dashboard for lack of any better name. Below is an example of the Dashboard with sample reminders. It displays up to 6 reminders, each one can be for Stretching, Aerobics, Circuit training or Eye exercises.

The parts of this window are: 1) Instructions – Left clicking on a button acknowledges that you have or will do it and displays any associated picture instructions, Right clicking a button skips that exercise, 2) The button area, 3) a motivational quote areas which changes upon receipt of a reminder or by clicking a button and 4) a status bar that shows the totals for each type of exercise.
If you click on the status bar you will see a summary and the option to zero out all the totals.
You may close this window without taking any action, but, every time a new reminder occurs, you will see the window and a new reminder button.

I hope everyone will agree this Dashboard approach provides a much more convenient and less cluttered approach than the previous versions of the program.

The other big additions are Timers for both the stretching exercises and the 1 Minute exercises. It dawned on me that these should have been included a while ago. Now you can start a timer, do your stretching or 1 minute exercises while waiting for a beep. Screen shots of these timers are below.

Clicking the TIMERS button displays:

When you reach 3 counts of stretching the color turns green.

The timer itself looks like this.

The 1 Minute exercise window also has a timer preset for 60 seconds.

 

When you Exit or Restart the program, you are prompted to Save the checked 1-minute items and the Dashboard totals. When you make changes to Setup, these are automatically saved since the program needs to restart after those changes. This makes is a lot easier to experiment with settings as you won’t lose the exercises you have completed for the day.

Right-clicking on the program’s tray icon to reveal its menu. The new additions are Display Exercise Dashboard and Pomorodo Timers.

After you select either the Standard or Longer Pomodoros you will see a taskbar message as below. This means for 25 minutes you are to work diligently on a task. This will be followed by a 5 minute break. You will see these prompts once per minute while Pomodoro is running. You can stop it at any time. Also, notice that the program’s icon will turn Green during Work and Red during Break. I am very visual and threw this in just as another reminder that Pomodoro is running. You can also select the longer 48 minute version with 12 minutes of break. Traditionally, Pomodoro cycles are counted and after 4 of them you can take a 15-30 minute break. I may add that in the next release. You can see how many have counted off by the #number in the minute prompts.

When you exit or restart the program, you are now given the opportunity to save the number of Dashboard exercises that you have completed and also which 1 Minute exercises you have completed for today. At the start of a new day you may need to reset the 1 Minute list and click on the Dashboard status bar to clear its counters. Or simply exit the program without saving these. Also, when you make changes to Setup, these are automatically saved for you so you won’t lose your counts or check list for today.

These are the additions to the Get Exercise program. I am hoping all of my testing is complete. I’ve been quite ready to upload this new version as it is much more complete than the previous release.

Please leave comments on any issues or future features you would like to see in the program. I will be giving it a break for a while until some more ideas come my way.

Get Exercise v1.4x – freeware program to remind computer users to stretch and to exercise

[Dec 26th Update – New features coming soon. See this new post http://s355751075.onlinehome.us/get-exercise-1-7x-exercise-dashboard-and-timers-added/]

Get Exercise is a small application that, once setup, reminds you to do stretching exercises (with pictures), aerobics (walking, jogging, etc.), circuit training (multiple exercises during a less than 10 minute time period) and a series of 1 minute exercises every hour. Everything is configurable by you. Download the ZIP file from here. getexercise

Many, many pictures (about 36) are used with this program, some are below.

       

 

Memory Hogs v1.45 – A PC performance activity monitor and alert system

[Note: v1.45 is online.  Fixed a couple of typos. Fixed window sometimes popping up dead center instead of chosen corner. Added popup menu when left clicking on Tray icon. Download from here MemoryHogs]

While noticing how slow my browsing sessions at home could get, I thought it would be nice to try and monitor the situation and ‘diagnose’ what is going on. I use Firefox routinely, It is a one process browser and can grow to use a lot of RAM. I’m talking 900 megabytes, 1200 megabytes or more. And sometimes when it gets that high, it is a runaway process that needs to be killed. I highly recommend an add-on called “YouTube – Flash HTML5.” With it, you switch between Flash videos and HTML5 videos. Sometimes Flash just goes wild and crashes Firefox.

While searching for clues on writing an application to monitor processes, I came across the basic code for getting a list of process names, RAM usage, Path, etc. I created the basic program around that. I later saw some AutoHotkey code for a CPU Load graphical monitor. And I also read up on Win32_Process more. I filtered the list on only processes that have a window associated with them. Other processes are service or ‘background’ processes, for lack of a better word.

Currently, users can choose how many processes to display, the RAM and the CPU Thresholds, over which the Memory Hogs window will be displayed.

Memory Hogs can alert users of the following:

  1. When any process uses more than a certain amount of RAM.
  2. When any process is ‘Not Responding’ a Tray Tip window will be displayed.
  3. When the CPU Load is over a certain percentage.
  4. When free Disk space is below a certain amount.
  5. When Used RAM is above a certain percentage.
  6. When Used Pagefile is above a certain percentage.
  • Item 1 will be checked if a process is over the threshold.
  • Item 2 will be displayed at the bottom right corner if a process has been Not Responding for at least 9 seconds. This value can be changed in the settings file.
  • Item 3 will flash the CPU Load when threshold is reached.
  • Item 4 will only be displayed when the computer name is added to the settings file using the ShowDiskSpaceForPCsNamed variable matches the current computer. (Since fixed disk space is rarely an issue today this alert is not enabled by default.) [For some systems like Virtual Desktops, the amount of disk space may well be 10gb or less and free space would be important to track.]
  • Item 5 defaults to Used RAM greater than 90% and will flash an alert.
  • Item 6 defaults to Used Page File greater than 90% and will flash an alert.

Double-clicking a process will allow it to be killed. Right double-clicking will display the process folder in windows explorer. It can run in Stealth Mode and log these events for you to check later on.

Some screen shots and more information are below.

Main Window showing 10 Top Processes, 800mb Process alert and 90% CPU Load alert.

Setting Process Threshold to 150mb shows two processes over the limit

General Program Info

Program Icon right-click menu

Mouse over the Program tray icon to see current settings and CPU Load / Top Process at the bottom.

View Settings File

View Logs for Not Responding, CPU load and Free Diskspace

Double-click a process to Exclude it from the Not Responding tray alerts. Excluded processes will be highlighted like you have clicked them in the list. This is just a quick visual indicator.

Later on you can double-click the same process to Include it in alerts again.

The help instructions from the program are below.

v1.29 –
Pressing ALF-F at the Main window will Freeze it so you can make changes to the numbers and double-click any processes to Exclude them from or Include them into the Not Responding alerts. Click Update then press ALT-F when you are finished to “Thaw” the display.

v1.28 –
Added two more Memory alerts to the main window, Used Physical RAM percentage and Used Pagefile percentage.

v1.27 –
Create a shortcut for the program with parameter, either s or S, and it starts in Stealth Mode with no visible output. (i.e. command line is memoryhogs.exe s)

v1.26 –
Changed Refresh button to Update. Now you can change the values then click Update to see the effect without the program restarting. Pressing Escape key hides the window and set AlwaysShow OFF.

v1.25 –
For processes that frequently go Not Responding you can Exclude them from showing alerts by double-clicking them and choosing EXCLUDE. They will be displayed as gray or highlighted color to denote Excluded. If your double-click them again you can choose INCLUDE and they will alert on Not Responding. Processes that go over the RAM Threshold displayed with a checkmark.

v1.24 –
Users can click on the Tray icon to Show or Hide the main window now.

v1.23 –
Added a limiter for Not Responding processes called aProcessSeconds. It defaults to 9 seconds a process has to be hung to display an alert. This is three times through the normal 3 second scan interval. This can be added to MemoryHogs.ini and changed there (i.e. aProcessSeconds=12 would be 12 seconds before an alert). This is to cut down on very brief Not Responding periods for processes which caused a lot of flashing popup messages in the system tray area. This number should be a multiple of 3 since the refresh cycle is 3 seconds between re-displaying the processes.

Memory Hogs v1.22:

A small program that lists processes when one or more of them are using more memory than a desired threshold. If the process is run away or frozen, left double-click it to close it. Right double-clicking will open the folder the process is running from. You can set the number of processes to list, the memory threshold then Refresh the window. The Home, End, Page Up and Page Down keys may be used to move the window quickly to any corner. You may also right-click on the program icon and choose Always Show to have the window remain visible even when no processes are over the threshold. The processes are updated every 3 seconds.

Recent changes:

v1.22 –
Added auto updater code

v1.21 –
Added Stealth Mode to hide the program completely but log all types of activity. Previous Alert statuses are saved when going to and from Stealth Mode. You can type @mhoff to turn off Stealth Mode.

v1.20 –

Added Hotstring commands to augment right-click menu for keyboarders.

@mhs    – Show On/Off
@mhh    – Hide (Show Off) or press ESCape
@mhi    – Show Program Info
@mhr    – Restart/Refresh
@mhca   – CPU Alerts On/Off
@mhda   – DISK Space Alerts On/Off
@mhra   – Used RAM Alerts On/Off
@mhpa   – Used Pagefile Alerts On/Off
@mhnra  – NOT Responding Tray Tip Alerts On/Off
@mhvl   – View Logs
@mhvs   – View Settings
@mhas   – AutoStart On/Off
@mhex   – Exit/Quit Program
@mhon  – Stealth On
@mhoff – Stealth Off

v1.19 –
Use View Log Files to pull up each file into Notepad

v1.18 –
Added Log All Alerts option to the menu. If selected, then CPU, Disk and Not Responding Alerts are logged into three separate files under c:\temp.

MHOG-CPU.csv
MHOG-Diskspace.csv
MHOG-NotResponding.csv

v1.17 –
Program always alerts on Memory Hog processes but now has a menu for CPU, Disk and Not Responding Alerts that can be turned on and off.

v1.16 –
Program has an AutoStart menu option now.

v1.15 –
Some menu item name changes.

v1.14 –
Optionally, if you set a PC name in the MemoryHogs.Ini file, the program will track free disk space and alert when it is too low. Set or add ShowDiskSpaceForPCsNamed to your computer name and you will see the window displayed if your PC has less than the desired diskspace.

v1.13 –
Process Status is now displayed. Background (window less) processes are no longer shown. Active is good, Not Responding is bad if it persists.

v1.12 –
The program starts in Always Show mode to set your initial values.

v1.11 –
An additional alert has been added for CPU. If the CPU is 90 percent loaded then the window will be displayed and the CPU percent will flash. You can set the CPU Load as you like. Some text formatting changes have also been made. CPU Load is shown when the mouse is over the program tray icon.

Still under development! hogversion hogchanges

Process Monitor / Window Logger – AutoIT scripts

WINDOWS LOGGER

In late summer of 2015, I was looking at some programming videos and ran across one showing how simple it is to run a script in the background that grabs keystrokes. This type of application is called a key logger and are usually used for “up to no good” activities. I was interested in whether I could apply this to logging how much time users spend in each application and log that information when they switch from one program to another.

My daughters are older now, but, this type of program could be used to monitor where young people (or old :-)) go on the internet, for example. Still, I thought I would pursue writing a script that I call Windows Logger. The basic theory is that the script grabs the current program name and window (document) title. It starts a timer and when it detects a different active window, it saves a log entry with the last program used and the time spent there. Some hotkeys control various features of the script as it runs unseen in the background. The program can be set to run on startup. If users request it, I can make the function key assignments changeable.

A couple of screen shots are below. The PDF documentation and executable are in here. windows-logger

process-monitor-help

windows-logger-2

 

PROCESS MONITOR

At work, we sometimes have users whose computers are very slow or have applications that frequently are hung or “Not Responding.” I felt it could be good to have a program log those events for the purpose of knowing which application(s) are misbehaving. Process Monitor is very similar to Windows Logger but it only logs entries for processes that are frozen, hung or “Not Responding” for say 20, 30 seconds or more. Many, many programs go unresponsive when computers start up or when programs are loading the first time for the day. By looking only at process that remain hung for a while, one knows that they are not working properly. Some hotkeys control various features of the script as it runs unseen in the background. The program can be set to run on startup. If users request it, I can make the function key assignments changeable.

A couple of screen shots are below. The PDF documentation and executable are in here. process-monitor

process-monitor-help

process-monitor-stats

 

 

process-monitor-csv

Simple Work Timer

While reading an online article I found a program that would total up the time spent in up to 3 applications. I thought it was worth exploring so I added the ability to track as many programs as is needed. I also added two timers, one for Slack time, one for time spent in any program in the saved list. Users can see the total time spent in each program, make the window semi transparent, etc. When you are in a program that is not being tracked, the window will be orange. Once the program has been added to the menu and you are using it, the window will be blue.

A download is found here. worktimer And screenshots are below.

The initial window
work-timer1

Choose App 1 (Not set)
work-timer2

The program is now waiting for you to click inside one of the applications you want to track time.
work-timer3

In this example, I clicked on a program called Greenshot and it is now tracking time for it.
work-timer4

Do this for each program you want to track time on. If you have more than 12 programs then click on Program Items and bump up that number.

work-timer9

work-timer5

After some time, I click on the menu and choose Timer Summary to see work-timer6

16 seconds in Greenshot, 1 second in Windows explorer, almost 5 and a half minutes of Slack or uncategorized time.

You can set how many seconds of inactivity before Idle time is counted, the number of items in to track (always make it more than you have already entered), and an optional transparency value.

work-timer7

When you are done with today’s summary then select Restart Timers to zero every one and begin tracking again.

work-timer8

Diary Assistant v1.16 for Stickies 9.x

[Diary Assistant v1.16 is available here.  stickiesdiary]

While researching software for saving daily notes and other information, I have run across several free applications that are noteworthy.

For a couple of years, I have used RedNotebook to save daily notes at work. It works pretty well but occasionally doesn’t “close right” and tells me that the next time I run it. It allowed me to quickly search for any text in any daily note. Very handy.


Recently, I moved to a similar program called CherryTree with which you can store notes in a tree with any level of subordinate tree note that you desire. And it had the awesome press F8 key which either creates a note for today or takes you to an existing one. This feature made it very handy as a daily journal and it is more flexible than RedNotebook. A couple of screen shots are below.


CherryTree did most of what I want in a note taking application. At least until I found a couple of long available Sticky Note applications. PNotes and Stickies 9.0c are venerable sticky notes freeware programs. I had seen them a couple of years ago but didn’t pay close enough attention to a breathtaking feature — attaching notes to documents, web pages and/or other active programs.

I always felt that having half a dozen, a dozen, or more notes on my monitors would just be too much clutter and too distracting to use comfortably. But, when you can create a note and attach or pin it to a specific document, then the usefulness is greatly multiplied. The original PNotes is smaller and lacks a crucial feature when pinning a note to a document. It can only pin a note to a specific document or web page. That works well, but, I wanted to pin notes to programs also. Their newer program, PNotes.NET has the ability to use wildcards when pinning notes and is much more flexible. Their dark theme leaves a lot to be desired though. Below is a screenshot from PNotes.NET showing a sticky note for December 5th.

PNotes creates a Diary group and creates a daily note when you press Ctrl+Alt+D. You can hide the note and return back to it any time. If the day has changed then just look under Diary for daily entries. PNotes does a real fine jobs of managing sticky notes but it also requires Microsoft .NET 4 Framework, hence the name PNotes.NET.  While .NET has been around for a long time, it is quite a bloated piece of programming, in my opinion. And there are usually many security updates for it every year.

In order to hopefully stay away from needing .NET, I took another look at Stickies 9.0c from Zhorn Software. It is a very small application at less than 2mb download. It has pretty much the same features as PNotes with some functions named differently. With Stickies 9.0 you can create the following: 1) Desktop Notes which are always visible until you are done with them, 2) Stored Notes which are saved until you delete them, 3) Attached Notes which are only visible when a specific document, web page or application is visible (yeah!), 4) Sleeping Notes which reappear after a designated time and 5) Recurring Notes which popup at intervals and days you choose. Below are some screenshots.

Attaching a note to a window, in this case, a web page, makes that note appear when the web page is browsed to as shown below.

As soon as I click on another web page or program, the Freeware Files sticky will disappear. This makes having lots of sticky notes easy to manage and make much sense in a computer setting. Otherwise, they are not much more than physical sticky notes. I realized that one feature was missing in Stickies 9.0c that was in RedNotebook, CherryTree and PNotes. The Diary or journal feature was nowhere to be found. Having been writing some script and freeware applications the last year and a half, I decided to see if I could program this feature or bolt onto Stickies 9.0.

What I came up with is a script that allows users to add and update Diary notes via either short text commands or a right-click menu. Users can also search Diary notes for the month and the year. I called the add-on “Stickies Diary Assistant” and here are some screen shots.

By using and manipulating the Manage stickies window, I was able to create and search on diary notes. If you choose Add Diary Stickie or type @dt in an editing window, you will be asked to create a note for today. Or you’ll be taken to that note in the Manage stickies window.

create-diary-sticky 

The program starts with a rather plain design or skin like a paper sticky, but, allows for sophisticated stickies with toolbars just like mini word processors.

sticky-skin1

sticky-skin2   sticky-skin3

In order to add another entry choose Add Diary Entry. This will add a separator to today’s note.

The other features of Diary Assistant are for searching notes.

 Month search

Year search

Any text search

When you are done with today’s note you need to Store it. I created a Diary group to put mine in, but, you can categorize it any way you want.

   

At any time you can press Ctrl-Alt-M to display Manage stickies then search on your notes. Or choose Search All Stickies from the Assistant’s tray menu, enter your text then click OK.

For now, I will be using CherryTree and Stickies 9.0c to manage a lot of different information at work and at home. Yes, I know I could use MS OneNote, but, I have a predilection for small, portable software programs.

One or more of these program could benefit you in your work or home office, you should give them a try.