Free Webinar: Assessing Your Needs to Help You Choose Smart Home Technology

Wednesday, June 30, 2021

1:00 – 1:45 p.m.

Please contact us if you have any difficulty accessing these materials or to request materials in a different format.

Description: Smart home technology can increase your independence, autonomy, and safety at home – but how do you know what device will work for you?

In this webinar we will provide a framework to help you match your needs with different types of smart home technology. Join us to learn what questions you should ask yourself when assessing your needs, such as: What am I trying to do? What supports do I already have in place? What does my environment look like? You will leave this webinar knowing the steps you need to take to prepare to choose the device that is most suitable for you.

Attendees will leave this webinar with:

  • A basic understanding of how people with disabilities can use different types of smart home technology,
  • Questions to consider when choosing your smart home devices, and
  • A sample self-assessment tool.

Speakers:

  • Jeremy H. Boothe, Assistive Technology Professional (ATP)
  • Kirby Smith, President and Founder of SunKirb Ideas and Consultant for Smart Homes Made Simple

—–
This webinar is hosted by Pennsylvania Assistive Technology Foundation (PATF) as part of the Smart Homes Made Simple project. Learn more about the project at SmartHomesMadeSimple.org.

This project is supported by a grant from the Pennsylvania Developmental Disabilities Council; in part by grant number 1901PASCDD-02 from the U.S. Administration for Community Living (ACL), Department of Health and Human Services, Washington, D.C. 20201. Grantees undertaking projects with government sponsorship are encouraged to express freely their findings and conclusions. Points of view or opinions do not, therefore, necessarily represent official ACL policy.

What We’re Reading… June 2021

Generic (off-the-shelf) smart home technology has taken off, and we’re seeing more and more people writing and talking about how this technology can benefit people with disabilities – and we’re here for it!

Below are a few of the articles that have been making the rounds amongst the Smart Homes Made Simple team and advisory committee members over the last several weeks:

Removing Barriers and Promoting Independence with Assistive Technology

Originally published by JEVS Human Services, February 25, 2021

JEVS Independence Network members Chrissy and David use their Echo Show to find new healthy recipes and cook more meals at home.

Read about how people with disabilities who are clients of JEVS Human Services are using assistive technology (including smart home technology) for greater independence, connection, productivity, and joy!

“After performing AT assessments with some members of JEVS Independence Network, [Madeline] Schlusser found they too could benefit from the use of smart home technology like Amazon Echo devices. ‘They’re great because they are commercially available and low cost. One member is using her Echo device to develop a morning and nighttime routine to improve her health and wellness.’

“‘It has changed my life,’ said Independence Network member Chrissy A. ‘The Echo device reminds me to leave for work on time.  Now I am trying new recipes for dinner. The Echo Show makes it easy to look up new recipes.'”

Read more on JEVS Human Services blog.

Amazon’s Alexa calls attention to Global Accessibility Awareness Day all month long

Written by Dale Smith, originally published by CNET, May 27, 2021

This article reviews some of CNET’s favorite accessibility features available with Amazon Echo including Amazon’s Care Hub, Alexa’s speech-to-text feature, smart displays that swivel to track you as you move, and more!

“Alexa’s accessibility features are designed to help people with specific needs, but anyone can take advantage of these Amazon Echo shortcuts, tips and tricks.

“…As Global Accessibility Awareness Day, to which Amazon dedicates the entire month of May, comes to a close, we’re taking a look at some of the latest accessibility features Amazon has implemented in its Echo line of smart speakers and displays. Here are a few of our favorite innovations.”

Read more about Amazon Echo accessibility features from CNET.

The Best Smart Home Devices to Help Seniors Age in Place

Written by Rachel Cericola, originally published by Wirecutter, updated March 4, 2021

Photo: Amazon

This comprehensive guide was developed for older adults who wish to age in place. The guide covers Wirecutter’s picks for devices to meet almost any need you can imagine, with a section dedicated to security and privacy, as well as details about how each device was picked and tested. With increasing discussion around using smart home technology for remote monitoring, we especially applaud the upfront disclaimer that “the decision to install any devices should be made with the consultation and blessing of the senior in question.”

“As people age, many may need a support system, including family, caregivers, and a residence that has been outfitted to accommodate the common frailties of age: reduced vision, decreased mobility, increased risk of falls, and more. Smart-home devices can help you care for seniors as they live independently.

“…This guide is for the family member, friend, or caregiver who is supporting a senior person’s decision to live independently.”

Read the full guide to smart home devices for older adults from Wirecutter.

Amazon Sidewalk will create entire smart neighborhoods. Here’s what you should know

Written by Ry Crist, originally published by CNET, June 5, 2021

This article explains how Amazon Sidewalk works, what you need to know in terms of benefits and risks, and how to opt out if desired.

“Launching June 8 on Echo speakers, Ring products, Tile trackers and more, Amazon’s low-bandwidth internet-of-things network lets your smart home stretch beyond Wi-Fi range.”

Read more about the benefits and risks of Amazon Sidewalk from CNET.

Have you read anything interesting lately about smart home technology? Particularly, about people with disabilities using smart home tech? We want to know! Send us a link to what you’ve read/watched/heard.

Free Webinar: Are They Always Listening? How Secure is my Smart Speaker?

Photo of Google Smart Speaker Device on a shelf in a home

Wednesday, June 2, 2021

12:00 – 12:45 p.m.

Please contact us if you have any difficulty accessing these materials or to request materials in a different format.

Description: This presentation will answer questions related to privacy and security with smart speakers such as Amazon Alexa and Google Nest.

Attendees will learn:

  • How smart speakers work;
  • How their security compares to other everyday devices like cell phones;
  • How smart speakers “listen” and “understand”;
  • What information speakers retain; and
  • How you can protect yourself.

Speakers:

  • Kirby Smith, President and Founder of SunKirb Ideas and Consultant for Smart Homes Made Simple

—–
This webinar is hosted by Pennsylvania Assistive Technology Foundation (PATF) as part of the Smart Homes Made Simple project. Learn more about the project at SmartHomesMadeSimple.org.

This project is supported by a grant from the Pennsylvania Developmental Disabilities Council; in part by grant number 1901PASCDD-02 from the U.S. Administration for Community Living (ACL), Department of Health and Human Services, Washington, D.C. 20201. Grantees undertaking projects with government sponsorship are encouraged to express freely their findings and conclusions. Points of view or opinions do not, therefore, necessarily represent official ACL policy.

Guidelines for Eye-Gaze Technology for People with Cerebral Palsy

Eye-gaze control technology for people with cerebral palsy CLINICAL GUIDELINES 2021 is available as a free download by registering at https://redcap.sydney.edu.au/surveys/?s=EDC7P4E3TP. Smart Homes Made Simple Advisory Committee member, Sandra Masayko, was a contributing editor for this publication.

Published by Cerebral Palsy Alliance Research Group, the Clinical Guidelines are designed to provide information to assist decision-making. They are based on consensus of 126 respondents including clinicians, educators, families, people with cerebral palsy and others from 17 countries.  The topics addressed by the Clinical Guidelines include unique features of eye-gaze control technology, initial assessment, trial, learning, support, follow up, outcome measurement, and funding considerations.

For additional information, contact Dr. Petra Karlsson at Cerebral Palsy Alliance Research Institute, The University of Sydney, 88 Mallet Street, Camperdown, NSW, 2050, Australia
Email: pkarlsson@cerebralpalsy.org.au

6 Ways to Use Your New Smart Speaker for Greater Independence

Smart home technology is earning an important place among the ranks of assistive technology. There are a variety of devices and seemingly endless configurations that can increase independence, productivity, safety, and health both at home and elsewhere. People with disabilities and older adults are using these technologies to control their environments (lights, fans, and thermostats), access entertainment (TV, music, and internet), monitor their homes (video doorbells and video services), and control who can enter (smart locks and door openers).

But, while complex smart-home setups with multiple devices are impressive, don’t forget that the humble smart speaker can be powerful all on its own. These little virtual assistants – such as Amazon Echos, Google Nests, or Apple HomePods – can help you stay organized and connected. And, with all of us spending so much time at home these days, what better gift this holiday season than one that makes day-to-day activities at home easier?

Photo of Google Smart Speaker Device on a shelf in a home
Google Home Mini

Whether you are the lucky new owner of a smart speaker for the holidays or you have had one for years, here are six ways you can use your virtual assistant to improve your life without any extra “smart” equipment:

1. SCHEDULING

Imagine you are in bed about to fall asleep and suddenly remember you have an appointment first thing in the morning… or was it the next day? With a smart speaker, all you have to do is ask “What’s on my calendar tomorrow?” You can also add appointments to your calendar, change them, cancel them, and even reply with calendar invitations to other people all with your voice. Check your device’s instructions for details on how to integrate it with your calendar. Note: Amazon Echo can integrate with most calendars, including Google, Microsoft, and Apple, while Google Nest and Apple HomePod currently only integrate with their respective calendar apps.

Did You Know? Amazon Echo, Google Nest, and Apple HomePod are all capable of learning different people’s voices and linking each individual with their own account, making it easy for multiple people to control their personal calendars, make and receive phone calls, play their own music, and shop from their own accounts all through the same device.

2. REMINDERS AND ALARMS

Whether you want a daily reminder to take your medication at a certain time or a one-time reminder to take the chicken out when you get home, your smart speaker has you covered. Reminders and alarms can wake you up in the morning, help you stay on schedule, and make sure you don’t forget something important. Using Amazon Echo, Google Nest, and Apple HomePod, you can set a reminder by time of day or by location (for example, set a reminder to check in with your boss when you arrive at work). You can also set reminders to be recurring or one-time-only, and you can select which device you want to play the reminder.

3. EMAIL

Just as easy as accessing your calendar with your voice, you can listen to and reply to emails using your smart speaker too. Amazon Echo has this functionality built in, all you have to do is connect your device to your account (Amazon currently connects with Gmail, Microsoft Outlook, Hotmail and Live.com). Google Nest, on the other hand, doesn’t officially offer this feature yet, but there are a few possible workarounds.

4. NEWS, WEATHER, INTERNET SEARCHES, AND MORE

Whether you want to know what the weather forecast is for the day, what the score was from the game last night, or how to spell “quarantine,” your smart speaker is ready to find the answer and report back to you. What’s even more impressive? You can teach your Amazon, Google, or Apple device more about your preferences and you’ll get more personalized information when you ask.

Did You Know? You can set up routines with most smart speakers to combine several actions together. For example, if in the morning you always ask to hear the weather, then your calendar appointments for the day, and finally a certain radio station, you can link these actions together with one verbal cue such as, “Alexa, what’s my morning update?” Read about routines for Amazon Echo, Google Nest, and Apple HomePod.

5. COMMUNICATION

Perhaps one of the most powerful features of your smart speaker is its ability to help you communicate with others by making phone calls. If you use Amazon Echo you must associate your calls with your mobile phone for contacts and caller ID purposes. However, you are technically making the call through Amazon’s free Internet cloud services for the connection, not your phone, so your minutes are spared. Google has various methods to use phone numbers for caller ID and, like Amazon, there is no charge. A story from Suria, a member of our Smart Home Technology Advisory Committee who has a spinal cord injury, demonstrates just how impactful this can be:

“This morning I was in the shower chair and about to fall off – I can’t move, I can’t grab the phone, it won’t hear me – Echo was the only one there. All I had to say was, ‘Echo, call Kirby.’ It dialed his Echo and his cell phone and I was able to tell him, ‘Come back! It’s an emergency.’ I almost fell to the floor, but thankfully I have a superhero,” Suria said, “It’s my Echo!”

Did You Know? There are two other communication features you should know about: Announcements and Ask My Buddy. Amazon Echo and Google Nest both have an announcement feature that makes it possible to broadcast a message via multiple devices throughout a home at one time – anything from “Dinner’s ready” to “Help, I’ve fallen!” Ask My Buddy is an independent service available for both Amazon and Google smart speakers that lets you create a personal alert network. If you have an emergency, all you need to do is ask your smart speaker to “Ask My Buddy to send help” and a notification will be sent by phone, text, and/or email to a list of predesignated contacts. Ask My Buddy also has a way to contact emergency numbers like 911.

6. CHECKING IN ON A PERSON OR A LOCATION

Before we dive into this topic, let us be clear: it is PATF’s belief that monitoring should only be pursued after receiving full, informed consent from the individual who may be impacted. While some people find the idea of monitoring to be invasive, others have expressed that they appreciate giving another person – family member, caregiver, or friend, for example – the ability to check in on them using their smart speaker. With Amazon Echo’s Drop In feature, another person can listen in from afar to make sure everything is OK. This feature is even more powerful if you have a smart display like an Amazon Echo Show with its built-in camera and screen. Please note that before connecting, an Echo Show will blur the screen and play a notification which allows the person receiving the Drop In to cancel it by saying “Alexa cancel/stop/hang-up/reject” if they do not want to accept the Drop In. You can also turn on Do Not Disturb to temporarily block Drop Ins on a device.

Note: Smart displays, such as the Amazon Echo Show family of products or Google Nest Hub, are smart speakers with the addition of a camera and touch screen. If you have one of these, here are a few extra things you can do with your device:

Show and Tell feature with Amazon Echo Show – If you are blind or have low vision, you need only hold up an object in front of your device’s camera and ask “Alexa, what am I holding” to find out what it is.

Make video calls – Just like you can use your smart speaker for phone calls, you can use your smart display for video calls. Stay connected with your friends and family, access your physician for telehealth, or give a loved one the ability to check in on you from afar with video calling on the Amazon Echo Show line of products.

Entertainment – Connect your smart display with a streaming account to watch TV shows, movies, and online content. Just check your device to see which content providers it can connect with: Amazon and Google.

Interested in getting some smart home technology? Pennsylvania Assistive Technology Foundations Mini-Loan program can help you cover the cost of purchasing smart home devices as well as the cost of installation. We can also help you determine if you are eligible for other funding resources that might cover the cost entirely. Apply for a loan or contact us to learn more.

Smart Home Subscription Fees and The True Cost of “Free” Services

By: Kirby Smith, Smart Homes Made Simple project consultant, and founder of SunKirb Ideas, LLC

Person sitting at a desk with a tablet and smart phone. Behind the desk is a TV and a smart speaker.
Image: Person sitting at a desk with a tablet and smart phone. Behind the desk is a TV and a smart speaker.

This article is written in response to popular smart home platform Wink’s recent announcement that they will begin charging a monthly $4.99 fee for their services starting July 27th.

First, a (slightly technical) History of the Universal Hub (e.g., Wink)

Smart home devices that are easy for the average person to install and manage started to become popular in 2014. This was driven by startup companies collaborating with mainstream companies to release affordable, easy to set up equipment and devices for the home. Starting with thermostats, cameras, smart doorbells and lights, the movement has since expanded to include many other home appliances.


Because of the popularity of smart phones and tablets, nearly everyone who purchased smart home products already had a centralized control system they conveniently carried with them. People liked the idea that with their phone they could control their home, answer the door, or change the temperature in their house from anywhere in the world.

The Dilemma: How to Connect a Network of Smart Home Devices

For a person to control a smart home device from anywhere, the device needs three things to work:

  1. The device must have electronic chips in it to communicate and physically control its function;
  2. The chips need a way to reach the Internet; and
  3. There must be a service operating on the Internet to receive and send information and commands to and from the chips in the device. Typically called cloud services.

Back in the early 2000’s, manufacturers struggled to find the best way for smart home devices to communicate between one another. We are all familiar with two communication standards used for things like our laptops, tablets and phones to connect to each other. Their brand names are WiFi and Bluetooth (FYI: WiFi is short for “Wireless Fidelity” which people agreed sounded silly, so it was shortened to WiFi). WiFi and Bluetooth use radio signals that send information around.

The electronic chips that use WiFi can send signals very far, but the chips back in the early 2000’s were comparatively large, used a lot of power, gave off a lot of heat, and they were costly. Also, we have all experienced how WiFi signals can drop. Almost every home has a spot where the WiFi stops working.

Bluetooth electronic chips are very small. So small that they can fit in earphones. They use very little power, don’t give off heat, and are very cheap. However, the range of Bluetooth is very short, only about 30 feet and the signal can’t travel through objects like walls and people’s bodies.

ZigBee and Z-Wave Offer a Solution

Two new electronic communication standards, ZigBee and Z-Wave, were adopted in the early 2000’s to solve the problems manufacturers were having. The electronic chips that communicate using ZigBee and Z-Wave are extremely small, energy efficient, and are cheaper to manufacture.

ZigBee and Z-Wave solved another big problem — signals being dropped or lost. Every device that uses one of these radio transmission protocols both receives and broadcasts, allowing each device to act as a relay. If we could see ZigBee and Z-Wave connections, they would look like a web, where everything is connected to each other. This is called a mesh and mesh systems have far better performance because of their dependable redundant connections. In fact, the more devices that are added, the faster and better the connections become unlike WiFi which slows when too many devices are added.

There was still one issue remaining: how the smart home devices reach the Internet. Something local was needed to receive the ZigBee and Z-Wave signals, convert the signals, and connect the devices to WiFi in a home in order to connect to the Internet. Devices that performed this function were called smart home hubs (hubs for short).

The problem was that each manufacturer created their own hub for the devices they made. For example, smart bulbs used a proprietary hub created by the manufacturer that made the bulb, while smart bulbs from another manufacturer used a different one. Smart locks had their own hubs, as did the smart light switches and plugs. Also, each hub used a different app that was installed on phones and tablets. It was normal for some people to have 5-10 apps to control their smart home. If someone wanted to set up a smart home, they encountered chaos and a lot of costs.

A New Player in the Game: Wink

Things changed in 2014 when small startup companies began manufacturing hubs that could communicate with multiple brands of home automation devices. These centralized hubs could talk to a wide range of home automation devices from multiple different manufacturers. This highly simplified the install process when using devices created by multiple companies. Also, for the user, you could use one app to wirelessly control your devices. If your WiFi changed, and if your hub was plugged into your WiFi router, you didn’t have to worry about setting everything up again. And, if you changed the router then you just plugged the hub into the new router, and you were done.


In a two-year period starting around 2013 through 2015 many companies released centralized home automation hubs and almost immediately went out of business because of the tremendous challenge of supporting the vast number of new smart home products that were being released. Companies that got a foothold included SmartThings, Insteon, Staples, Lowe’s and professional firms like ADT and AT&T. One company, Wink, took a different approach.


Wink simplified life for those who were not very technical. When putting new devices on the hub, the Wink app included videos of how to install the products for a vast range of manufacturers. Their support call center was also readily available to assist. From my personal experience, hold times were rarely over 5 minutes. Further sweetening the deal, unlike other manufacturers, Wink did not charge additional costs after the initial purchase of the hub which cost less than $100.

Wink starter kit with HUB, devices, and home automation app
Image: Wink starter kit with HUB, devices, and home automation app

For six years, people could use the Wink hub and its app for free and enjoyed:

Centralized installation
• Centralized management of devices from various manufacturers

• Continual updates for new features
The ability to create smart routines (called robots): One could click one button to dim multiple lights and bring the thermostat to a comfortable temperature to settle down and watch a movie
• Easy dependable security
• Excellent customer support
• Voice control of products on the hub using Amazon Alexa or Google Home

Wink Moves to Subscription-Based Services

Wink users received a shock in May of 2020 when Wink announced they were moving to a subscription service and users had to pay-up in one week or lose access to the hub and app they had used for years. The following is part of their statement:


“Since 2014, Wink has grown to support more than 4 million connected devices. During this time, Wink has relied solely on the one-time fee derived from hardware sales to cover ongoing cloud costs, development, and customer support. Providing users with local and remote access to their devices will always come at a cost for Wink, and over the years we have made great progress toward reducing these costs so that we can maintain that feature. Wink has taken many steps in an effort to keep your Hub’s blue light on, however, long term costs and recent economic events have caused additional strain on our business. Unlike companies that sell user data to offset costs associated with offering free services, we do not. Data privacy is one of Wink’s core values, and we believe that user data should never be sold for marketing or any purpose.”

This move infuriated users, forcing them to drop the product (and thus abandon or rebuild their smart home setup) or pay up. With the change announced during COVID restrictions, the short notice and lack of warning, users were justified in their frustration. The common question was, why should I have to pay for something that was free for so long?

In Favor of Fees

Because of popular free sites and services such as Google, Facebook, Instagram, and others, we have grown to believe we have the right to these services and that they should be “free”. However, if Wink is still committed to privacy, their original model was not sustainable and it was only a matter of time before they would need to make a change.

Companies have costs: staff, buildings and equipment, commerce and a host of other services for which they incur expenses. Also, they must return a profit. For a product to be reliable and worth investing in, the company’s operation must also be reliable and worth investing in. Over the past six years, a long list of companies have released great products, but due to poor management they went out of business. They left their customers with unusable devices and dead apps. These users received no reimbursement. I, myself, lost at least $2,000 worth of devices when Lowe’s shut down their Iris hub. The product lasted for less than 5 years. There are three ways companies cover their costs.


1) Target Marketing. If we look at Amazon and the Alexa Echo, there is the initial purchase that can be as low as $30. Each month there are new features added which have included free video and audio calling, home automation control, music, and other services. Alexa now performs almost all the functions of a central smart home hub.


How does Amazon cover the cost of this? The speakers give them insight into your home and how you use and consume things. In short, our use of the device tells them what to advertise and sell us. Also, many people, including myself, use the Alexa Echo to make purchases directly from Amazon. My family uses a good quantity of AA batteries and when we run low we say to the Echo, “Alexa, order more AA batteries.” It responds, “Based on your last purchase, is this what you want?” A picture of the last order appears, and we respond with, “Yes.” We like the convenience and have safely used our Echo for years.


2) Selling Your Personal Data. The second way companies make money, and the most insidious in my opinion, is they sell everything about you to other vendors and advertisers. They take the Amazon model one step further. For example, Google purchased and recently took complete control of the Nest company, which manufactures some of the most popular smart home products.

In 2019, Google created a new requirement: in order to use the products and all the features you must use a Google account and email. In fine print they state they will be linking your email, calendar, and document information to a pool of information about you. They also link your account to your Google Home account and smart speaker. This means they can sell information about how you use your lights, security, email, events, how you react to weather, etc. to anyone willing to get that information about you. In short, you are paying Google with information about everything you do.


Companies like Google and Facebook are so pervasive in our lives, we never stop to ask how we are getting all their services for free. As we click through the online agreements, we do so not realizing we are selling our privacy and giving them personal information to use any way they choose.


3) Subscription Services. The third and final way companies make money relates to subscription service. This method is typically used by smaller companies than say Google or Amazon. Wink is one of these companies. For Wink to continue to support their products and the users of their products, they must either: 1) receive a payment from companies like Google who pay smaller companies for specialized information about you; or 2) keep your information private but charge you a fee to provide their service.

At the end of the day, nothing is free and we will either pay with our money or pay with our privacy by sharing personal information about how we live.

What will you choose?

Smart Homes Made Simple presentation at Disability PRIDE Virtual PA 2020

Today Pennsylvania Assistive Technology Foundation (PATF) presented on Smart Homes Made Simple as part of Disability PRIDE Virtual PA 2020. Susan Tachau, PATF Chief Executive Officer, and Kirby Smith, Founder and President of SunKirb Ideas, talked about the ways people with disabilities can benefit from the use of smart home technology, smart home devices that offer control and increased independence, things to consider when selecting and installing your smart home technology, and how to fund the assistive technology you want and need.

Download the “Smart Homes Made Simple” presentation slides (PDF)

Coming soon! Check back for the recording of the presentation which will be posted here in the coming days.

Click to access Smart-Homes-Made-Simple-DisabilityPRIDE-7.1.20-Final.pdf

New Video on Generic Smart Home Technology

Pennsylvania Assistive Technology Foundation (PATF) is pleased to announce it has produced a new video funded by a grant from the Pennsylvania Developmental Disabilities Council.

Full transcript available at https://patf.us/wp-content/uploads/2020/03/MeetSuriaVideoTranscript.docx

Suria Nordin is a member of PATF’s Generic Smart Home Technology project Advisory Committee. As part of the Generic Smart Home Technology project funded by the Pennsylvania Developmental Disabilities Council, PATF visited Suria and her smart home with film students from the Academies at Roxborough to create this short video showcasing how Suria is using her technology to increase her independence at home and at work.

In 2017, PATF launched the Smart Homes Made Simple campaign to help people with disabilities who want to live more independently and with greater autonomy using new types of smart home technology. You can learn more about smart home technology at Smart Homes Made Simple and then connect with PATF for information and assistance with funding the smart home devices you need and want.

This project is supported by a grant from the Pennsylvania Developmental Disabilities Council; in part by grant number (1901PASCDD-02) from the U.S. Administration for Community Living, Department of Health and Human Services, Washington, D.C. 20201. Grantees undertaking projects with government sponsorship are encouraged to express freely their findings and conclusions. Points of view or opinions do not, therefore, necessarily represent official ACL policy.

Treating Your Passwords Like the Keys to Your Home

By: Kirby Smith, Founder of SunKirb Ideas, LLC

No one is too busy to protect their passwords

My entire career has been involved with computer technology and digital devices. My past profession was as senior vice president of information technology for a mid-sized national company and now I own a business where I automate houses and set up smart homes. Both jobs have required me to set up and manage devices and network security for individuals and organizations. One area that has always stunned me is how lightly people treat the importance and protection of their passwords. Disproportionately, people live in ever-increasing fear of “hackers.” Just the mention of the word can cause people to rise up in outrage against companies blamed for not stopping the hackers. Before looking at why better password management should be higher on your list of online security priorities, let’s look at the reality of hackers and passwords.

What exactly is a Hacker?

Ironically, the word started off as something of a compliment. In the early days of computers, during the late 60s and 70s, computer technology started to move out of the military and corporations and into the hands of youthful people. These young pioneers could for the first time afford the technology to do something different. Many of these people would go on to form companies based on their creativity and perseverance. Some of these became familiar: Apple, Microsoft, Adobe, Intel, IBM, HP, Samsung (reborn 1960), Oracle, and Dell. When programmers would look at the accomplishments of others, knowing how much work it took to create something new or simplify something complicated, they equated it to cutting through a thick piece of wood or clearing a way through jungle growth. “They hacked away until they got through it!” If you developed a reputation for solving tech problems, you became known as a hacker.

Thieves followed the money

As the 80s rolled in, and more people started to use computers in the office, certain people found ways to exploit the system for personal gain or notoriety. The early 90s introduced the public to the Internet. Once the 2000s arrived, and people started to own more personal electronics, attention shifted to consumers instead of corporations to drive the economy. With the rise of Internet commerce, thieves adopted the tools and attitude of early developers. They used the same creativity and skills from the past to build theft technology and hacked away until they found cracks. For the first time, people started to think about internet security, and the word “hacker” entered the lexicon.

Years later, what is our primary means of identity security on the internet? Usernames and passwords, the same system we had in the 60s. For organizations and companies, it is the easiest and cheapest solution… if it is used effectively. Better systems involve biometrics. Biometrics use sensors or cameras to measure people’s unique physical characteristics, analyze them, and create a unique key based on the data. For example, one can log in to a Windows 10 computer using their face, iPhones use fingerprints and face measurements, and some banks use speech patterns to identify you when you call in by having you speak random phrases. However, these systems are costly and to be cost effective they would require all companies to standardize on one method. For the time being, passwords will continue to be the primary identification system.

Imagine your online identity is like your house

If you are trying to secure your house, you wouldn’t only look at the lock and key on the door. You would look at every way one could enter the house. Are the windows left open? Is the door securely on its hinges? Perhaps most importantly, you would consider who is being invited in. Do you invite just anyone to come into your home? Is there ever a circumstance where you would simply hand your key to a stranger?

Easy to guess passwords: The equivalent of hiding your key under the doormat
Online thieves take the path of least resistance when they “break in.” They are not going to invest hours of time hacking into individual accounts (unless they personally know you). If one is going to hack in, they are more likely to go after large organizations holding the information of 100,000s or more users (such as the recent Wawa, Capital One and DoorDash breaches). This allows them to sell that information, make a quick profit, and reduce their risk of being caught since they haven’t directly stolen goods. Online thieves do know people’s habits. A large number of people have the following passwords, which don’t take a lot of hacking:

Top 10 Worst Passwords 2019 – (Read the full list)

  1. 123456
  2. 123456789
  3. qwerty
  4. password
  5. 1234567
  6. 12345678
  7. 12345
  8. iloveyou
  9. 111111
  10. 123123

These passwords are ranked as the worst because they are the most commonly used – making them easy to guess! Other common password mistakes include using your close family member’s name, your birthday, or names of things like your boat, team, or other information readily available on Facebook and other social media apps.


A simple trick for hackers is to go to a popular site like Facebook, scan for people who post pictures that practically advertise they have good income, pull their email from their site, and then run a program using that email to log into Facebook. The program will try common passwords, and if there is a hit, the program (often called a “bot”) will add the valid email/password combination to a list. This technique is called “Brute Force” hacking, and it is one of the least efficient methods for a hacker to use, but it works. For a hacker that knows who you are personally or is aware of your history, you are more likely to come under this attack.

Phishing

Another method for online thieves that doesn’t take much effort on their part is to drop some bait and let people come to them. This is called Phishing (a twist on “fishing”). One of the most prevalent methods of phishing is to blast out emails that look like they are from a person, an online store or financial institution you know or have done business with. See the example below.

Phishing_scam_example_email

This is a classic example. At first glance, the email looks like it is from service@intl.paypal.com. Between the email address, logo, and similar font and format of legitimate emails from PayPal, one may feel a sense of urgency to act quickly by clicking on the links. However, take a closer look at the email address. When you receive an email, it is displayed in two parts: the actual email address and a display name. Most people are familiar with the actual email address layout, such as JPSmith@gmail.com. However, to make it easier to be recognized, the sender can supply a display name. So, the “From:” line in your email will often show “Johnny Smith < JPSmith@gmail.com >”. Online thieves know most people do not fully read the “From” line, so in our email example in the image it is actually showing “service@intl.paypal.com < service.epaiypal@outlook.com >”. Few people notice that the display name and actual email address don’t match – the actual email address uses the name “epaiypal” and is an Outlook email address (outlook.com is a free email service provider), not a PayPal email address (paypal.com).


If you click on the link, you will end up at a fake website which might have the address “HTTPS://epaiypal.us/user-login”. The site will look exactly like PayPal, except for the web address. It will likely ask for your login and you might type it in thinking the information is being sent to PayPal. After the login, it may have a pop-up that says, “Thank you for securing your account,” and you will go away thinking you stopped someone from hacking your account, when in fact you actually provided the thief with everything they needed to open your account and seize control.


Another insidious Phishing method used by online thieves involves social media, especially Facebook and LinkedIn. Often, this method is specifically designed for mobile users. For example, you might get a Facebook message from someone you know saying something like, “OMG…you’ve got to check out this hilarious video of a baby tasting ice cream for the first time!” Attached to the message is what appears to be a link to a YouTube video. You click on it and you may see a pop-up that appears to be from your phone (iOS or Android) which say, “Please confirm your intent to use Facebook to log in.” A box appears with an Apple logo and asks, “please provide your Apple login.” Not thinking about it, you provide your Apple login. A pop-up appears that says, “Error in display, please log back into Facebook”. You log back into Facebook and you are back to where you started. You give up and forget about it. Here is what happened:


Despite this appearing legitimate, almost everything is fake. You provided the thief with your Apple or Android login as well as your Facebook login. You also may have executed what is called a Trojan App that will log in to your Facebook, scan your contacts and friends, and send them the same message you received. Your friends will get a message from you and will likely fall for the same stunt.


While there are other online theft methods, Phishing is becoming the most prevalent because online thieves can get your passwords, use your credit cards, and spread malware to you at the same time.


Let’s go back to thinking about the security of your house. Imagine you are careful to lock the doors and windows. However, a stranger knocks on the door and when you answer, they tell you they are checking the neighborhood safety and want to borrow your key to inspect it. They wear a tag that says, “Neighborhood Security.” Because of the tag you feel safer and you hand them the key. They turn their back and do something then turn and give the key back to you. Neighborhood Security says thank you and leaves. It is highly unlikely you would do this in real life. However, people do this online every day.


With all the methods online thieves are using, and the fear they generate, we can go back to the original question, why aren’t more of us taking more care in choosing and guarding our login credentials? Sometimes it’s a lack of information, sometimes it’s about convenience, and other times it has to do with misplaced trust. Even internet-savvy people can make mistakes and overlook things. And with so many accounts to manage these days, the challenge is magnified because each one needs a unique password and security settings. Unfortunately, according to a recent study, 83% of users surveyed use the same passwords for multiple sites.

So, if the odds are that some of your credentials have been stolen (remember, many thieves sell the data before using it directly), and are floating around on the dark web, then why do we persist in using the same combination for almost all our personal, confidential, and financial accounts? The Wall Street Journal published an article with research about this:


…[I]n my research with Robert Otondo and Merrill Warkentin of Mississippi State University, we discovered there’s something else happening here: People have an emotional attachment to how they create their passwords. To most people, passwords aren’t just random. They’re personal.


The article goes on to point out two insights:

First is the “endowment effect.” It turns out that when we own things, we get attached to them. This, in turn, leads us to overvalue the owned item. My coffee cup is worth more than your coffee cup, simply because it’s mine. We become unwilling to swap it for another item with the same functionality, even if the replacement is superior to an unbiased observer. The second factor is what economist Dan Ariely calls “the IKEA effect”: We become inordinately attached to the things we create and, again, we overvalue them.

There are tons of websites and publications that recommend how to create passwords. However, we all resist the advice to some degree. Beyond crafting a better password (and making sure each account’s password is unique), there are two other simple things you can do to at least improve your online security:

  1. It can’t be emphasized enough to use what is called two-factor authentication (2FA). It is based on three generally recognized factors for authentication: something you know (such as a password or detail from your past, something you have (such as a cell phone for text/email, a computer you are already logged into, or a device/app called a token that creates random numbers and is synched to a service)), and something you are (such as your fingerprint). Two-factor means the system is using two of these options. For tokens, you may get it through text or Google or Microsoft Authenticator (free on Android and iOS). Twilio Authy, Duo Mobile, SAASPASS, and LastPass Authenticator, among others, all do the same thing on mobile and some desktop platforms, and most popular password managers all have 2FA by default. Watch this video to learn more about two-factor authentication.
  2. Use password storage apps, or at the very least a written list (kept in a safe private place), to note and manage your logins. I personally use the app called Keeper. Other top managers are 1Password, Dashlane, LastPass, and RoboForm. Most of the top ones run on all platforms (phones, tablets, and computers) and synch all your information between them. They have multi-levels of protections and can even create and manage passwords for you. They also integrate with biometric login systems including Microsoft, Apple iPhones/iPads and Droid. Read the list of the best password managers of 2020 with descriptions and ratings.


Phishing has become an industry where hackers now sell their services and tools. There is just too much money, vulnerable people online, and low risk for thieves to ignore the opportunities available to them. It might feel like experts are nagging you, but the danger is very real. Your best defense is to protect your passwords the way you would protect your physical keys. Below are links to other articles explaining how to protect yourself.

List of state by state cyber crime

How to recognize and avoid phishing scams

Passwords dos and don’ts

How hackers use emails to fool you with detailed examples and pictures

 

Smart Home Tech Spotlight – Meet Suria!

Suria Nordin is a member of PATF’s Generic Smart Home Technology project Advisory Committee. When Suria was injured a few years ago, her husband Kirby Smith began researching ways to adapt generic smart technology to give Suria more independence in their home. They were so successful that they launched SunKirb Ideas, a company that focuses on identifying, adapting, and installing affordable products that make people’s homes “smarter” and provide them greater independence. As part of the Generic Smart Home Technology project funded by the Pennsylvania Developmental Disabilities Council, we visited Suria and her smart home with film students from the Academies at Roxborough to create this short video showcasing how Suria is using her technology to increase her independence at home and at work.

Full transcript available at https://patf.us/wp-content/uploads/2020/03/MeetSuriaVideoTranscript.docx