Simple tips for dealing with spam, Part 2

18 January 2012

Dear URI Community,

Several of you expressed appreciation for the practical tips I shared with our URI community yesterday. I will try to send these kinds of tips as issues come up in our everyday URI communications. While I can't be your personal communications technology advisor, I invite you to send me your questions. If it seems that the whole community could benefit from some guidance, I will create a new tip. I will also collect these tips in my blog at for future reference.

Three follow up questions to "Simple tips for dealing with spam":

I was able to gather most of my responses from existing tips I shared previously with my colleagues in the Global Office. I'm happy to have them reach a wider audience.

  • What about spam filters and folders? The major web mail applications (Gmail, Hotmail, Yahoo Mail, Apple's iCloud, etc.) offer the ability to filter spam and store those messages in a folder or delete them automatically. The services maintain a database of known spam offenders and can weed out those messages for you. You can also mark messages that arrive in your inbox as spam, so that your account learns what you don't want to receive. Explore your the spam related settings and set it to a level that's comfortable for you. Personally, I do not allow my Gmail account to automatically delete spam. Periodically, I would look at my spam folder to see if anything was incorrectly filed there. My personal Hotmail account, which I use for newsletters and commercial communications, I do have set to automatically delete since it's unlikely that I'll want to retrieve any messages from that spam folder.
  • What makes a strong password? I mentioned two key elements for strong passwords already: 1) Upper- and lowercase letters, numbers and special characters should all be part of your password and 2) make your password as long as possible. With those two criteria, anyone trying to access your account with a "brute force" attack would wait several years until they discover your password. If you use the same password everywhere, you run the risk that all your accounts could be vulnerable if anyone were to discover your password. So, I offer you a third criterion. Make your password unique every time. How could you do that and remember every password? Memorize a standard formula, a pattern of 7 varied characters and decide on a maximum length. Consider this example: My password formula might be: [the first 3 characters of the main website address] + [!9zY&8] + [zzzzzzzzzz]. For signing into, I would enter my username, then for the password I would use uri!9zY&8zzzzzzzzzz. This way, my password has all the kinds of characters represented, is long (20 characters in this case) and is different than my password for any other site because it begins with uri, the first 3 characters of As long as I remember my formula, my 7 varied characters and maximum length, I will always remember my password for every site where I have an account. Note: Some sites may have a limit on the number of characters that can be used, so you might set 25 characters as your maximum, then if that fails you can fall back to 20 and then 15 characters. Some sites might lock you out after 3 failed attempts.
  • Any tips for remembering passwords? As I suggested in my previous response, using a formula that only you know is a great way to remember your password. Still, you may not trust yourself and you may want to safely store other kinds of personal information, like account numbers and your true birth year (haha), somewhere that is not your own brain. I like two password management tools out there, and I invite you to explore them for yourself: LastPass and 1Password. I use them both and they are regarded highly. They both have options for storing your information on your local computer or in "the cloud" (non-local) depending on your comfort. They integrate well into web browsers on computers and smartphones so you can access your online passwords easily. And your data is strongly encrypted--so strong that even the people who store and maintain your data on non-local servers can't access your information without your key or master password. The only thing you need to remember is your master password, which should still meet the first 2 criteria that I mention above.

Online security is always changing, and I do try to stay abreast of the changes that could affect everyday people like you and me. Should any of these tips fall out of date, I'll let you know. For now, these are solid tips that will help you manage and protect your identity and information on- and potentially off-line.

Until next time… 

Be well,