With the recent hacking of Google's gmail accounts and Citibank's credit card accounts, the issue of security looms again. While there is little one can do about the accounts themselves, it becomes more important than ever to exercise good password security so that, at least on the consumer's end, the accounts are difficult to breach.
While most are aware that password security is important, there is still some confusion about specific ways to safeguard that security in an efficient and effective manner. And, too, many people feel lost with the amount of online activity that now requires sign-ins and passwords, all of which should be unique. Everything from email to forums to the bank represent some kind of potential threat to personal information.
High-Risk Sites
While all logins guard against unauthorized access to accounts on a given site, accessing a high-risk site must be guarded with extra care. But some are confused as to which sites are high-risk. The best rule of thumb is whether or not the site is related in any way to money-- that is, any kind of e-commerce site. This means email accounts (the files of which often contain passwords), banks, payment processors, auction sites, direct order sites (such as Amazon) and high-profile social sites, such as Facebook, are all high-risk targets. For website owners, their own hosting is considered high-risk at the cpanel admin logins and blog logins, both of which can be used to store unauthorized [sic] virus files.
Because hackers are always looking for weaknesses in the systems, the only thing the average consumer can do is make their login passwords as strong as possible. But, if the passwords are too hyper-glyphed, it becomes necessary to store each password and that represents a second security problem when silent viruses can scan your computer for such information and return it without any knowledge or alert from most firewalls or anti-virus programs. The only real answer is to manually and carefully select and store passwords.
Below are seven specific pre-cautions to guard against password theft, along with alternative solutions. Following that are additional tips for the best method to create, store and manage passwords, as well as username tips.
1. Don't Use Roboform
While Roboform is a trusted and usually recommended method of storing multiple logins, the fact is, because it is a site that so many people use -- for so many sites -- Roboform itself becomes a primary target for theft. So, while it is fine for low-risk sites such as forums, it should never be used for high-risk sites.
2. Don't Store On A Browser
Some browsers also offer password storage. These passwords are actually stored on your computer but, as mentioned above, that makes them vulnerable to silent viruses that retrieve this information.
3. Don't Store As Part Of A Bookmark/Favorites List
Many store their passwords by editing the bookmark/favorite for each site and adding their login info to it. The trouble is, that login information is stored in a file-- one that is easy for a virus to find and retrieve. So, again, not a good place.
In fact, never store a high-risk password anywhere on your computer or online. Not in a txt file, not in a Word file-- nothing. Do not send it in an email to yourself and if you recieve a password in an email, copy the password, delete the email completely (empty trash) and, as soon as you login, change the password.
4. Unique Passwords
Never use the same password for more than one high-risk site. The only thing worse than losing all the money in a bank account is to then lose all the money in a payment processor account, an eGold account, and then find your email addressed being reported for spamming people. This is another reason email accounts are at risk; because spammers will use a dummy address for the return address and, if it is a real address (like yours), the spam may be delivered into mailboxes. But then you are marked as a spammer-- which can have dire consequences of its own.
5. Never Use Your Name
Never use your name or any other words commonly related to you as part of a password. This may seem obvious, but it is common for people to use variations of their own name, their birthday or some other word directly related to them, such as a website name, street or town name. Even a unique nickname is risky. A program can scan the entire contents of your computer in seconds and will use the common words it finds there as the first possible passwords.
6. Never Use A Series of Related Passwords
Using a series of passwords (such as BigDog23, BigDog24, etc.) is also a bad idea because, again, the hacker need only discover one and they have access to all your passwords. Remember, it is relatively easy to write a program that deciphers passwords.
7. Change Passwords Regularly
One of the biggest mistakes people make is to keep using the same password forever. All high-risk passwords should be changed at least once per year, if not once a month.
Safer Storage Today
So, with all those safeguards in place, you may be secure but -- now, how do YOU remember all your passwords and access your accounts? The stupid-simple answer is to write them down. While that flies in the face of what has traditionally been the standard security method for passwords (i.e., "never write down your password") it has become the opposite.
In this day and age the chances of a hacker accessing your password remotely is much more likely than someone in your office or home. So writing them in a notepad becomes the preferred alternative. Plus, keeping critical passwords accessible to your colleaques or family may be the only way they can access your accounts should something happen to you.
Create Bullet-Proof Passwords
Before you begin find a special notepad/notebook and decide on a good place to keep it that is both accessible and secure. I keep mine innocuously enough among a pile of notebooks-- only I know which one has my passwords. Then, while creating a password, write it down. Treat this notepad as you would your wallet or credit cards. It is just as important.
A bullet-proof method of creating a good, strong password that is both unique and easy to remember is to take two to three seemingly unrelated words, randomly switch out several of the lower case letters for uppercase and add several numbers or symbols (!@#$%, etc.).
For example, take the phrase "diamondtemperdog"
This phrase, alone, would be a relatively strong password just because of the length. But replace two or three of the lower-case letters for uppercase (though never the first letters of the words).
Now you have: dIamonDteMperdoG
That's still pretty easy to remember, yet would foil most hacker-programs. But take it a step further. This is to secure your money and your accounts, remember. Add a few random numbers and symbols to the mix.
Now it looks like this: dI@monD23teMp&rdoG$451
And you have a bullet-proof, hack-proof password that is virtually impossible to crack. By the way, this particular password is not used by the author and it is not recommended to copy this actual password. Rather, this only serves as an example of how to create a good, strong, yet memorable password. Your own passwords should begin with your own unique phrases, etc.
A Few Tips For User Names
Also, if a program allows a choice of the username (many do not or require an email address), never use just your name: always add a word and numbers to it. So, instead of Elizabeth, for instance, make your username "PrettyLiz351" or some similar distinction. While many hackers focus on passwords, few bother to develop programs that crack user names, too. Therefore, if the username is not obvious, the program will be easily defeated.
To go one step further, when a high-risk site uses an email address for a user name, create a unique email address just for that site, either by creating a special email account on one of the free email sites or, if you have a website, by creating a unique POP3 account just for payments. While this may seem like a lot of trouble, again, this is securing your money from theives.
While some of this may seem extreme, remember that hackers spend their days doing nothing but trying to gain access to other people's money-- YOUR money. While many high-risk sites make every effort to keep their sites secure, ultimately it is up to the individual to guard their own account from unauthorized access.
Now that you've read this article, make a list of all your high-risk accounts and CHANGE those passwords!--mo
No comments:
Post a Comment