Thursday, October 23, 2014

A Physical Key to Your Google Account

Google says using a security key like this one in addition to a password provides a better way to secure an online account.

Opting in to Google’s latest security upgrade requires a spot on your keychain for a device known as a security key.

The small USB stick provides added protection for a Google account. Once a key is associated with your account, you’ll be prompted to insert the device into a computer each time you enter a password to log in—or, if you prefer, once a month on computers you use frequently. Touching a button on the security key triggers a cryptographic exchange with Google’s login systems that verifies the key’s identity. Security keys can be bought from several security hardware companies partnered with Google, for a little less than $20.

The new approach is primarily aimed at the security-conscious. But the technology involved lays the groundwork for physical devices that displace passwords altogether, says Mayank Upadhyay, a security engineer at Google. Google has been working on ways to replace passwords for some time, because stolen or guessed passwords are often used to take over accounts.

“This is a great first step that solves a problem today but also helps move the ecosystem toward that Holy Grail,” says Upadhyay. He has led work at Google to test whether other physical devices, like smartphones or even a piece of jewelry, could replace passwords (see “Google Experiments with Ring as Password”). This summer, Google announced that it will make it possible to have a Chromebook automatically unlock and log you in to a Google account when your Android smartphone is nearby.

A security key provides a more secure version of two-factor authentication, an approach already offered by some Web companies and many banks that involves logging in with both a password and a temporary code tied to something physically in your possession. Usually a two-factor code comes via a phone app, a text message, or a key fob.

That approach is designed to prevent an attacker from logging into your account remotely. If Apple had offered two-factor authentication for its iCloud backup service, for example, people using it would have been protected against the methods used by hackers to steal the celebrity photos leaked this summer. (Apple has since rolled out the technology.)

However, sophisticated attackers are capable of breaking two-factor authentication. They can steal or spoof codes by intercepting text messages, hacking a person’s smartphone, or breaking into the centralized database used to generate the codes. There is evidence an attack like that on RSA’s SecureID authentication system in 2011 enabled security breaches at defense contractor Lockheed Martin. Google has highly targeted users who may not be safe using existing two-factor authentication systems, says Upadhyay. “We’ve seen all kinds of attacks,” he says.

A security key, such as Google’s, is resistant to remote attacks, because the information needed to copy a key can be obtained only by physically attacking a security chip inside that key. Two-factor authentication is already widely used on corporate networks. Starting early next year, companies that pay Google for e-mail and office software will be able to have their employees use security keys to access these services.

Lorrie Cranor, director of the CyLab Usable Privacy and Security Laboratory at Carnegie Mellon University (see “Why Privacy Is Hard to Get”), says that a security key is unlikely to broaden the appeal of two-factor authentication beyond those who already use it. But the technology might gain wider use if promoted and packaged in the right way, she says. “Maybe it will make sense to some people who don’t know much about computer security but can relate to the idea of using a physical key to lock their account,” she says.

A security key bought today could be used with services other than Google’s, if other companies choose to adopt the technology. The device is built on an open standard called U2F, being developed by the FIDO Alliance, a consortium established to reduce reliance on passwords (see “PayPal, Lenovo Launch New Campaign to Kill the Password”).

Stina Ehrensv√§rd, CEO of Yubico, a startup that sells security keys, says the consortium’s technology creates the right incentives for widespread adoption. “It’s great for Google to go out and show that this works, and I expect many to follow because it’s easy and FIDO allows competition,” she says.

Future versions of the security key will also work with mobile devices, says Ehrensvärd, because the final U2F standard will specify that a key can include a contactless near-field communications chip that most new smartphones can read wirelessly.


A connection limit is not your problem because each member can have up to 30,000 1st level connections.

Instead, you have probably exhausted the 3,000 invitations afforded each member at the time they create their account. The 3,000 invitations is meant to be a lifetime supply of invitations.

However, you can send a message to LinkedIn Customer Service using the "Contact Us" link found at the top of every LinkedIn Help Forum webpage requesting additional invitations, but the granting of the additional invitations is by no means automatic. LinkedIn Customer Service staffers will look at the number of invitations you have sent compared to the number of acceptances you have received. If the ratio shows very few acceptances compared to the number of invitations sent, the conclusion will be you have been sending invitations to people you don't know, which makes it tougher for LinkedIn Customer Service to afford you more invitations.

In any event it might take 7-10 days for LinkedIn Customer Service to get to and process your service ticket. LinkedIn Customer Service staffers handle service tickets on a strict FIFO basis regardless of where the service ticket originated.

In the meantime you might want to consider developing strategies encouraging others to sent you an invitation.

By the way, your "profile photo" is non-compliant with the LinkedIn User Agreement (Section 10.2.6.), which stipulates a profile photo must be a personal photo or "head-shot". A logo is not appropriate, and LinkedIn Customer Service can and will remove the photo without notice.

LinkedIn Customer Service might otherwise have a difficult time finding such violations, but then most people don't expose their violations to the entire 235+ million members of LinkedIn in an open and public forum with active moderation coming from LinkedIn Customer Service staffers.

So whatever your rule for building connections in LinkedIn, I recommend some Tips for LinkedIn Professional Etiquette:
1. Never Go Generic
When sending invitations, always include a personal note in the invitation.  Answer the question: What is your connection to this person?  Go beyond something system-generated  like "Bob Smith has indicated you are a classmate at James Madison University" (when you know, if you did a little research, the person graduated 8 years before you).
For example, if you read an article the person posted on the alumni news section, be sure to mention that.  I also make a point to send a personal note back when I accept an invitation.  Never forget LinkedIn is about building professional relationships so start it off with professional courtesy.
2. Be Timely
When you meet other professionals in person (clearly the most valuable way to connect) and exchange business cards, get LinkedIn within 24 hours.  The other person will remember your conversation and appreciate your timeliness. 
3. Have a Goal in Mind
When you send a LinkedIn invitation to someone, what is your goal?  I find it refreshing when someone clearly states why she reached out.   I always try to follow this rule when I send invitations.  Is this someone I feel I can help his business or career through some form of collaboration?  Is this someone I just met and would like to get to know better?  
4. Stick to Your Guidelines
Be consistent with your personal guidelines for sending and accepting invitations.  Don't forget the other person has his own rules too.  Unless you are connecting to a LION, never assume.  Nobody wants to have his invitation rejected or ignored (archived).
So what are my 5 guidelines for getting LinkedIn?
1.       I accept/send LinkedIn invitations if I've had the opportunity to work with you
2.       I accept/send LinkedIn invitations if we have met in person 
3.       I accept/send LinkedIn invitations if we have spoken on the phone (and an in person meeting is not feasible)
4.       I accept/send LinkedIn invitations to initiate a professional relationship where online, phone and/or in-person collaboration is expected
5.       My goal in every LinkedIn relationship is to be able to recommend your services to other professionals who trust my opinion 
That’s it. Pretty simple.   I believe in quality of relationships, not quantity.   I believe in focusing on your needs, not mine. I believe in communication the old fashioned way.

7 simple steps to find keywords for your website

 Here are the 7 simple steps:

1. Brainstorm
You must know your target visitors while writing your post. Your target visitors in
  • Geographical region may be local, national or world wide
  • Demographics may be male or female, depending on their age, income
From this you can find out who is your best customer.

2. Categorize Them
Create a set of keywords based upon type of products or services. Before categorizing you must have to do research for the keywords.

3. Research
  • To find out keywords use keywords research tools like wordtracker, Google Adword keyword planner.
We will prefer you to use Google Adword keyword planner as it is a free and accurate tool.

4. Compile
Compile your research of keywords. You can make three spreadsheets as all keyword tools provide.
  • Download your keyword spreadsheet by clicking on CSV on your keyword tool. It is in Microsoft Excel format.
  • And you get list of keywords according to their monthly searches.
5. Winnow
Now remove those keyword which are not relevant and having very low global searches for your website. With this you get decent list of keywords.

6. Determine Competitiveness
Each keyword phrase can be divided or broken down into specific level of competitiveness
  • Highly competitive
  • Medium competitive
  • Non competitive when competition is less than 1000 websites
Here is the best way to determine the competitiveness:

If you to determine that how many website are using a particular keyword then open Google and type the following syntax

“keyword phrase” for example if you write “Sandhu brothers” on google search engine then you will get number of sites which are using the keyword sandhu brothers.

you can also check the competitiveness of keyword with the traffic travis.

7. Choose Your Keywords
Now select keywords for your post that you want to optimize.
  • You have to choose your keyword according to their number of searches.
  • Relevancy to your website
  • Level of competition
Now we think you know the process of finding best keywords. Which is going to help you to optimize your post better way.

Hope that you like our article on 7 simple steps to find keywords for your website If you find our article useful then please share it and don’t forget to leave your valuable comments and suggestions below.


About Dilips Techno Blog

A Daily Blog for Latest Reviews on Technology | Gadgets | Mobile | Laptop | Software and Hardware Reviews | Social Media | Games | Hacking and security | Tips and Tricks | Many more....

Dilips Techno Blog

Dilips Techno Blog