• Category Archives Windows
  • Technology » Windows
  • A small DNS experiment.

    I was board for a minute and I thought to myself; wouldn’t it be cool to have DNS records that were required for administrators hidden from the rest of the company? OF course, it is an add on to the not so useful security through obscurity policy that a lot of companies develop but it would be an interesting exercise none the less. So, I thought to myself, hey active directory is integrated with DNS so maybe if I set permissions on a test zone to limit access I’d be able to verify my theory that DNS addresses could be hidden to users based on their group membership.

    So this is what I tried:

    1. Create a zone in DNS.
    2. Create a record in that zone.
    3. Set permissions on that zone and the record so that a test user didn’t have access to it.
    4. block inheritance so that permissions provided to the parent zone wouldn’t be propagated to my new test zone.
    5. Open up a command prompt with the credentials of the test user so that only the authorizations provided to that test user is provided.
    6. Run nslookup
    7. Use the server you want to query. Type


      replacing the IP with the IP of your DNS server.

    8. Look up the address to your new A record located within your test zone.


    That’s about it. I proved to myself that when your client looks up an address from DNS it doesn’t pass any security credentials. Or more accurately, the server side doesn’t respect any credentials that may or may not be passed to it. The permissions are set on the records to delegate permissions on an administrative level.

  • Creating a table of countries.

    This is actually really easy but now that i’ve done it, I thought you might want a copy. So. Here goes. Just create your countries table, create a row for id and name, modify the below script to match your details and away you go.
    This script to generate a countries table is written for SQL 2008.

    USE [YourDatabaseName]

    INSERT INTO [dbo].[countriesTable]

    (‘American Samoa’),
    (‘Antigua and Barbuda’),
    (‘Bosnia and Herzegovina’),
    (‘Bouvet Island’),
    (‘British Indian Ocean Territory’),
    (‘Brunei Darussalam’),
    (‘Burkina Faso’),
    (‘Cape Verde’),
    (‘Cayman Islands’),
    (‘Central African Republic’),
    (‘Christmas Island’),
    (‘Cocos KeelingIslands’),
    (‘Cook Islands’),
    (‘Costa Rica’),
    (‘Czech Republic’),
    (‘Dominican Republic’),
    (‘Easter Island’),
    (‘El Salvador’),
    (‘Equatorial Guinea’),
    (‘Falkland Islands Malvinas,’),
    (‘Faroe Islands’),
    (‘French Guiana’),
    (‘French Polynesia’),
    (‘French Southern Territories’),
    (‘Heard Island and Mcdonald Islands’),
    (‘Hong Kong’),
    (‘Libyan Arab Jamahiriya’),
    (‘Marshall Islands’),
    (‘Netherlands Antilles’),
    (‘New Caledonia’),
    (‘New Zealand’),
    (‘Norfolk Island’),
    (‘Northern Mariana Islands’),
    (‘Palestinian Territory’),
    (‘Papua New Guinea’),
    (‘Puerto Rico’),
    (‘Saint Helena’),
    (‘Saint Kitts and Nevis’),
    (‘Saint Lucia’),
    (‘Saint Pierre and Miquelon’),
    (‘Saint Vincent and The Grenadines’),
    (‘San Marino’),
    (‘Sao Tome and Principe’),
    (‘Saudi Arabia’),
    (‘Serbia and Montenegro’),
    (‘Sierra Leone’),
    (‘Solomon Islands’),
    (‘South Africa’),
    (‘South Georgia and The South Sandwich Islands’),
    (‘Sri Lanka’),
    (‘Svalbard and Jan Mayen’),
    (‘Trinidad and Tobago’),
    (‘Turks and Caicos Islands’),
    (‘United Arab Emirates’),
    (‘United Kingdom’),
    (‘United States’),
    (‘United States Minor Outlying Islands’),
    (‘Vatican City’),
    (‘Virgin Islands’),
    (‘Wallis and Futuna’),
    (‘Western Sahara’),

    One quick note: when creating your table, I suggest that you make the ID column an integer and under identity you set it to increment. That way, you won’t need to worry about generating ID’s while adding the countries. Why bother!

  • Jaws 14 now requires Internet Access to run.

    I have encountered a problem with using Jaws on servers since the release of Jaws 14.

    fsbrldspapi.dll is loded by Jaws during Installation if your installing it while standing in front of the server but if your installing Jaws remotely using the /type remote switch the installation doesn’t speak or provide Braille output. Therefore the fsbrldspapi.dll file will be loded when you run Jaws for the first time.

    When you are installing or running Jaws on a system be it a server or workstation running on Windows 2008, 2008R2, 7 or 8 without Internet access you will encounter the following error message:

    JFW.EXE. Referral returned from the server.

    It would appear that this issue began popping up around April with an update of Jaws 13 that was released around that time.

    The problem is that the Jaws driver signing program requires trusted certs that are downloaded from Microsoft on an as needed basis.

    More details about how trusted certs are downloaded in Windows 2008 and 2008R2 can be found at the following Microsoft KB link:

    In previous versions of Windows up to XP and 2003 Windows updates included these certs.

    However, it would appear that it is all but impossible or at best very difficult to apply these certs to servers that are off line. The only way I can see of doing it at the moment is to find the required cert and install it on each system. Probably through a SCCM advertisement.

    I have asked FreedomScientific to get back to me on this but although I know that a lot of their staff are on vacation this week due to the thanks giving holiday I have no confidence that they will resolve this new dependency.

    In my opinion this is a bug that should be resolved. At the very least, a specific error message should be provided when Jaws cannot start due to this issue. What really should happen is that when certs can not be used Jaws starts as much functionality as possible without loding this DLL. In other words Braille wouldn’t be available.

    I know that some users really need braille and I’m being a bit selfish here so I’m really sorry.

    I have reported a large number of bugs to FreedomScientific since the release of Jaws 14. I am hoping that they will be resolved however I get the usual answer of “No one else has reported this” and “We cant reproduce that problem here”. I feel like i’m fighting an up hill battle.

    If anyone has any suggestions then I’m all ears. Otherwise, if you could Email FreedomScientific support with any problem your having with Jaws 14 we might get some pressure put on the developers to prioritise a bug fixing excersize.

  • Mixing the old with the new. Nokia C5 and iPhone 4S.

    I’m sure you couldn’t care less what phone I’m using or why, but I want to explain something to you.

    I am now using a Nokia C5 for day to day phone needs. I haven’t completely moved away from the iPhone but for making and receiving calls and sending text messages there’s just no beating the convenience of a classic mobile phone. When I want to dial a number I simply key it in on the numeric key pad. When I get a text I can respond to it with one hand if I want to. When I’m looking for a contact I dial in the first few letters and it searches for it. Finding Frank for example takes me less than two seconds. Finding frank on the iPhone takes a lot longer.

    That’s not to say that I have anything against the iPhone or I have gone away from Apple products. I just got sick of fluffing around with a phone when all I wanted to do is answer or hang up a call. In fact, I’m going to get my frustrations out here by listing some of the things that are driving me crazy about the iPhone. Read on though. I’m going to also tell you why I carry an iPhone around with me as well.

    • When I hang up a call I should be able to press the power button but this only intermittently works. It is fixed in some updates but breaks again with the next.
    • Taking the iPhone away from my ear causes it to go to loud speaker. I know this is by design but it’s irritating.
    • A bug that has been on the iPhone since IOS4 has caused Voiceover users to encounter an issue where while on a call the phone intermittently switches back and forth to the loud speaker.
    • Texting on the iPhone on-screen keyboard is horribly slow, cumbersome, unproductive and difficult. Even Flexy isn’t great if you’re in a noisy area and you can’t hear the phone. Also, it’s badly designed when you’re holding it up to your ear to hear the text to speech synthesizer.
    • Bugs are frequently not caught or not fixed. For example, in IOS 6, Voiceover should speak new notifications when the screen is locked if the option is enabled but this no longer works. This senseless disregard of simple bugs has turned me off Apple to a large extent. In fact, because of this I recently sold my Mac book air.
    • The battery life is absolutely terrible. I charged my Nokia C5 on Sunday evening and I won’t need to charge it until tomorrow night. Imagine that. Three days of phone usage on one charge!
    • The iPhone is too big and it’s getting bigger! I don’t like the extra bulk of the iPhone 5. I also don’t like having to put a case on my phone. If it is vital to have a case on a phone to stop it from becoming easily damaged then the phone is badly designed.

    The iPhone is still brilliant. As I said before, I don’t want this post to seem like I’m gone against this product. I still carry one around with me and I use it when in range of wireless networks. I know you might think this is crazy and I would ordinarily agree with you but access to the Internet and apps simply can’t be rivalled by any other phone. The iPhone has more apps than any other platform and with thanks to the voiceover screen reader as blind people we have the benefit and luxury of having access to the vast majority of these. It’s a fact that I simply wouldn’t want to do without the connectivity provided to me by the iPhone however again, as a simple phone and text utility the iPhone has a long way to go before it is efficient in comparison to classic mobile phones. In fact a few people have commented that call quality is clearer when I speak to them from the Nokia C5 and I also find that I can continue a conversation for longer when traveling home by train than I can when using the iPhone.
    I have examined other platforms however although I think they have a lot of merit for most mobile phone users, they unfortunately can’t compete with the accessibility of the iPhone. Specifically Android, Blackberry and Windows phone. The Android platform has a screen reader and it is making slow and steady progress. I would like to see this reach the point where it can meet the expectations of usability and efficiency set by the iPhone. The Blackberry platform has also improved recently but the stability of the screen reader on this platform doesn’t seem to have lived up to the hype. Finally Windows phone. Ah, good old Microsoft. No accessibility for blind users at all. There’s absolutely no screen reader on this platform. I can only hope that they’ll fix this soon because I actually like what I’ve read about this platform so far and I have really enjoyed using previous versions of Windows mobile. I know that since 7.5 the platform has changed substantially but I loved the interconnectivity between the mobile and desktop platforms.

    I want to say something to you about Windows Mobile for a second. In the nineties Microsoft launched a mobile platform. The user interface was based on the PC desktop. This idea was a complete disaster. Microsoft had to completely change their approach to Windows mobile to win any kind of market share. It was acknowledged that the expectations and requirements of users were vastly different for both platforms. This bought about the lovely idea of the today screen that we have enjoyed on Windows mobile for about ten years. In Windows 8 and Windows mobile 8 this today screen has become much more powerful with its evolution into the start screen. In 2012 Windows 8 for the desktop and laptop has taken on a look and feel similar to Windows mobile. About twelve years on from the catastrophe that was Windows CE for mobile devices with its user interface based on the desktop version of Windows we now have Windows 8 for the desktop based on the user interface on mobile devices. So, I have two questions for you. Is Microsoft looking at another disaster or do users really want this new and improved today screen on their desktops. I’m not sure. For me, I wasn’t too happy with Windows 8. I found that even after customization of the environment it was still trying to push its own objectives onto me. Use Microsoft services for sign on, cloud storage, search, mail and chat. Of course they can’t be anti-competitive so alternatives are available but it’s easy to see what the preference is. Your thoughts are welcome.

  • Resync time with NTP server after system restore.

    I just wanted to write with a really simple solution to a very simple problem.

    You have just restored a server from a backup or a snapshot taken a day or two ago and now when you try to log in through remote desktop you get a message saying that because the time difference on the server is greater than a certain amount unable to authenticate.

    It’s quite a logical problem.

    Simply go into a command prompt on the server using a physical connection or if it’s a virtual machine, connect to the console. Then run this command:

    w32tm /resync

    That’s all there is too it. assuming your network is set up to use an NTP server your servers time will be updated and you can log in right away.

    Of course, if your patient, you could just wait for this to happen automatically after some time but I hate waiting for things to just happen.

  • Dell XPS13

    I gave the Mac book air a fair shot. I lasted two months but when with every update, problems weren’t fixed and bugs seemed to get worse, I decided enough was enough. So, two weeks ago I started looking around for alternatives. I’ve decided, I’m sticking with Windows for the foreseeable future but the size of the Mac book air was still really appealing because of its keyboard and its size. Comparable systems on the Windows platform are called Ultra books. There are a few good names in this area. Acer, Toshiba, Sony, Samson and Dell. In fairness to these companies, they are pretty much neck and neck with their offering. They are governed by the limitations of the hardware in the form factor of ultra-books so there aren’t major differences in the specifications. Weight, size, processor, RAM and storage is all very equal among these systems. It wasn’t easy to make a choice based on website specs.

    Fortunately, I was very lucky to know several people who could let me spend some time trying out some of the ultra-books from the main providers. HP, Toshiba and Dell were definitely the winners of the bunch for what I wanted. Unfortunately, almost all of the ultra-books I tested felt very flimsy and cheap. Maybe it seems silly, but I want a laptop that’s going to feel and look great. It doesn’t matter that I can’t see it, when I walk into a meeting with this, I want people to know that I take computing seriously and I take care in what I choose. The feel of it is hugely important. A laptop with a spongy keyboard is uncomfortable and sloppy. If it has a big boxy body then it’s just not sexy. Let’s face it; I spend more time on a computer than most. It’s important that I’m happy with everything when I finally settle on buying a laptop.

    I finally decided on the Dell XPS. The keyboard is incredibly comfortable, it is very light, the front has a lovely shape, my wrists don’t hit off the touch pad when I’m typing, it has just enough USB ports, the battery life is just about adequate, it’s very quiet and it performs well. Of course, it goes without saying that it has a solid state disk and four GB of RAM.

    I put Dell through hell while buying this laptop. The machine I tried out was six months old and it had a number of annoying problems. The wireless adapter frequently dropped the connection and the fan would spin up for absolutely no reason and remain on at full throttle for ages. These were recognised defects in the first model of the XPS13 however from only a day of using this one; it would appear that they have been rectified. I certainly ensured that I got confirmation in writing that the issues had been resolved in the unit I was about to purchase before I made any decision. I was torn between the XPS13 and the XPS14. The extra inch allows Dell to cram a lot more power into the laptop but in the end I decided that portability was a little more important than power at the moment. Plus, although the XPS13 isn’t as powerful as the XPS14, it’s by no means weak. It easily handles Windows 7 and Windows 8, Office 2010, Visual studio, the VSphere client and a plethora of other applications. Also, for the past few years, I find that I spend most of my time on system administration so I don’t need a huge amount of power to get my job done.

    So, there you have it, I’ve given up on the Mac. I don’t mind telling you, I’m relieved. If you like, I can go into all the reasons at another stage but for now, all I’ll say is, it’s nice to be more efficient while out and about again.

  • Window Eyes verses Jaws?

    It’s that time again.
    Do I spend €445 on a Jaws upgrade and another SMA or do I move to a rival screen reader. Really, Window Eyes is the only application that comes close to competing with Jaws in my experience so it is the only one I am considering. Hal by Dolphin is just so far behind that I haven’t given it a second thought. This is just my opinion though. If your going through a similar decision then I encourage you to keep all of your options open.

    I’ve downloaded a demo of Window eyes and I’m currently running it through it’s paces. I’ll have to blog about this in more detail but right away, I miss some of the more advanced features of Jaws that don’t just make applications accessible, they make applications more intuitive and more efficient. When I talk about access, I don’t just need the basic screen reading functionality, I need an application to assist me in accessing data as quickly as possible.

    I like some features of Window eyes though. For example, the open scripting framework allows for standard development languages to be used. This is a major selling point.

    I’ll write about this in a little more detail over the next few days I hope.

  • The accessibility of virtual desktops.

    This probably could be a much more scientific approach to a review or analysis of the accessibility of a Windows guest running on the ESXI hypervisor however, I don’t really have the time to write such a document at the moment. However, this will serve as verification to some that access to this environment is possible all be it in a limited way.

    For the less technical people out there, basically what I’m talking about here is running a Windows computer inside a virtual machine.

    You need a more basic description? No problem. Try this. Let’s say you have one large computer. Virtual machines are machines that run inside this big computer. Think about it as if it was a building. This building might have ten different companies. True, each company could probably have its own building but there’s no need. It only needs a certain amount of space. An entire building would be over kill. So, the one building hosts all of these guest companies. Just like one large server can host dozens or hundreds of virtual machines be those workstations that users work with or servers that run the companies IT systems. Having one building hosting all these smaller companies cut down on the space required the cost of maintenance and the cost of power. When you hear the word hypervisor, I am basically talking about the building or the large server that hosts all the virtual machines or companies. When I talk about a guest, I am talking about the companies in the building i.e, the virtual machines. Get it?

    • Building = Server / Hypervisor
    • Company = Guest or virtual machine

    Ok. I’m glad we have all of that cleared up. You can take a break for a few seconds before I move on to the next part because it’s going to get a little technical again. Don’t worry. You’ll understand it now that you have a grip of the basics.

    For one reason or another, I spent some time yesterday tackling the problem of how a blind person can independently and efficiently access a Windows 7 PC that has been virtualized using a thin client. A thin client for those of you who aren’t aware of the term is a basic PC. It has very limited storage, limited RAM and a low power processor. The idea of this machine is to give a user a platform from where they can access a virtual computer. All it does is start a cut down version of Windows and provide the user with a log in box to start their virtual system.

    There is one barrier to accessibility when using thin clients. No additional software can be installed ordinarily as there isn’t enough space to facilitate it. This means installing a screen reader isn’t an option. Even a pen drive version of Jaws won’t work because it requires the installation of a mirror driver. Fortunately, NVDA will work very well. Just download the portable version and run it. If I was to make one suggestion it would be to put NVDA to sleep automatically when the PC over IP or the RDP client started as it can get a little confusing when modifier keys such as caps lock are pressed. I know this can be done using scripts though and it is something I would look at doing if I was using this as my workstation every day.

    So, you can now use the thin client to log into your workstation. That’s the first hurdle out of the way. Now what?

    With VMware you can log onto virtual machines using two protocols. RDP which is Microsoft’s remote desktop protocol or PC over IP which is the protocol used by VMware. PC over IP is more efficient for a number of reasons but in later versions of RDP Microsoft have gained some ground. I won’t explain the benefits over PC over IP in this post but very quickly, PC over IP is less bandwidth intensive so the experience of remotely using a virtual machine is a little smoother.

    You’ll be happy to know that relaying sound back to the thin client is supported by both of these protocols however you won’t get instant feedback like you would if sitting at your own PC. The delay is in the realm of about fraction of a second but if like me you expect instant responses from a screen reader this fraction of a second may as well be an eternity.

    Relaying sound back to the thin client is very important. Jaws, my preferred screen reader crashes every time it is started in a virtual machine using the PC over IP protocol. Without fail, it refuses to run. NVDA on the other hand runs very nicely in a virtual machine using the PC over IP protocol. Of course, using NVDA sound mapping to your thin client is vital which is why I made the point earlier.

    Unfortunately, there you have it. What I’m saying in a very long winded way is, yes, you can access a virtual machine using a thin client if you’re stuck but I wouldn’t think it’s usable every day. The sound lag is just too pronounced. NVDA’s ability to work in this environment should however be recognised and commended. Jaws, a leader in screen reading software seems to fail badly.

    Please don’t’ take this as an endorsement or a criticism of any screen reader. I am simply stating what I have found to be the reality here. I have written this post to highlight this area and to show that improvement is required. More and more organizations and companies are moving to virtual desktops to replace physical machines as they provide significant cost savings. I have a genuine fear that assistive technology companies are not aware of this trend and blind computer users such as me will be left clambering to keep up with my sighted colleagues. I strongly believe that it is vital that companies such as Freedom Scientific, NV Access and GW Micro listen to users and when possible, utilize their experience and expertise. I for one offer it freely.

    Systems used are:

    • ESXI 5.0
    • VMWare view 5.0
    • Windows 7 X64 and 32 bit.
    • Thin client running a cut down version of Windows XP.
    • 1GB network connection.
    • Virtual machine had two processors and 4GB of RAM.
    • Thin client had 1GB of RAM and 1 processor at 1.5GHZ.

    I should finally note that I do not see RDP as a viable solution for accessing virtual machines using a thin client. Especially for screen reader users. If by some stroke of luck you get Jaws running on your thin client, you would then use Jaws on your virtual machine to tunnel the data back to your locally running instance of Jaws on the thin client. That’s fine, however, what if like me your a system administrator and you will need to establish connections to other remote systems from your virtual machine. You will not be able to use Jaws to establish a second or third connection as you are already using jaws through one RDP session. Drawing on an article from IBM this seems to be a viable solution for some researchers however from the perspective of someone who both administers and uses a virtual environment every day, I would not be able to depend on RDP due to this limitations. PC over IP is a protocol designed and optomized for he VMware virtual platform. We should be able to use it.

  • Risky Trojan doing the rounds. Please read this.

    A script has been found on a number of websites that when run will attempt to install a trojan onto a PC. This script is usually sent by Email and in fact you may find that it origionates from Glynis Bradbury Of course, I have motified that Email address slightly for security. The script redirects you to a site with the domain name agentcleanerrescue.info.

    For some reason, Proxies and anti-virus applications are not yet detecting this threat even though it has been out there for four days now. To protect against this, do the following:

    If you have a proxy on your network, blacklist the domain: agentcleanerrescue.info.
    If you are a home user, you can block this domain as well. Just do the following.

    For Windows 7 or Vista

    1. Click the start button.
    2. Type notepad into the search box.
    3. Right click the notepad
    4. Click run as administrator.
    5. When prompted to confirm that you want to run as an administrator click the Yes button.
    6. Click File in the menu.
    7. Click Open
    8. In the file name box paste the following line:


    9. Click the Open button.
    10. Scrole to the bottom of the file.
    11. Paste the following line: agentcleanerrescue.info

    12. Click the File menu.
    13. Click Save

    For Windows XP

    1. Click the start button.
    2. Navigate to All Programs, then Accessories
    3. Click Notepad
    4. Yes button.

    5. Click File in the menu.
    6. Click Open
    7. In the file name box paste the following line:


    8. Click the Open button.
    9. Scrole to the bottom of the file.
    10. Paste the following line: agentcleanerrescue.info

    11. Click the File menu.
    12. Click Save

    Of course, it should go without saying that in addition to letting your system update software automatically in the background, you should regularly fource a manual update of your AntiVirus application and perform Windows updates.

  • Please use strong passwords.

    I go on and on about security and specifically password complexity but I should probably write something specifically about the strength of complexity of the passwords you choose.

    Lets first look at passwords you shouldn’t use: people, pet, book, film and place names are a massive no no. In fact, just don’t use any name. Their exceptionally easy to guess or obtain. Do not use dates of births, you’re lucky lotto numbers, your phone number or your house number. Again, you don’t want to make it easy for someone to guess your password. Even if they can guess some of it it will still make it considerably easy to hack. Finally, unfortunately, it’s no longer enough to just replace letters with special characters when writing words. For example, you cannot write the word Dublin as Dubl1n. Look up dictionaries are used by automated password hacking programs to check for this type of thing.

    There is one form of brilliant password but I’ll explain that to you in a moment.

    For a traditional password I suggest you use the following rules when creating one.

    • The password should be a minimum of 9 characters. Notice it’s not 7 anymore? Unfortunately, as password hacking programs evolve, the complexity and strength of passwords must evolve faster.
    • A password should contain a minimum of 2 uppercase letters, 2 lower case letters, 2 symbols and 2 numbers.
    • You should never write down your password.
    • You should change passwords every 30 to 90 days depending on the importance of the data or system you are protecting. For example, I change my main password manager’s password every 14 days. This protects my other passwords so it’s important that it’s regularly updated. I have a password that I use for my test Linux virtual machine. This is updated every 90 days because it’s not protecting any important data and it’s only connected to a hand full of systems.

    An example of a secure 9 character password is:


    I try to stay away from using symbols such as the at sign and the quotation mark because these can symbolise the end of a password in some systems so they may cause conflicts. Of course, I choose the characters in my password based on the application it’s protecting so that I have some way of remembering them. This might mean that for a Linux box running Fedora I start the password with a capital F. Of course, it goes without saying that I’m giving misleading information here as I’m not going to be stupid enough to give you a hint that would empower you to hack my passwords but the policy I follow helps me to remember my various passwords while being completely obscure to everyone else. The skill of creating highly complex passwords is something you learn over time. Everyone has their own technique, their own standards and their own way of remembering passwords. On the point of remembering passwords, remember there are applications out there specifically designed to help with this.

    Taking a step forward away from passwords, we have pass phrases. What most people don’t realise is that standard password fields generally don’t have a maximum limit. Or, if they do have a maximum size it’s about 250 characters. Why not use sentences or phrases instead of passwords. Of course, these phrases can’t just be words and names. That would become equally easy to hack all be it over a longer duration. That’s something I should probably mention. The longer your password, the longer on average it takes for a password hacking tool to determine what it is. Therefore a pass phrase should cause password hacking tools to take much longer to hack your account. The longer it takes to hack an account the more likely it is that the systems intrusion protection system or firewall will recognise the attempts and block the offending systems IP address.

    Good pass phrases will be a sentence that include as many letters between A and Z as possible. Of course, like passwords, it’s great if you can add in a few capital letters, numbers and special characters.

    For example, a great pass phrase is something like this:

    The big brown dog jumped over the lazy fox.

    Written in a strong pass phrase this would become something like:

    Th3 b!g Br0wn D0g Jump3d 0v3r Th3 l@zy F0x.

    Ok. I’m replacing letters with symbols and numbers here. That’s not always a good idea but it at least gets us started.

    I use a pass phrase like this for almost every important system that requires a password. So should you!