With the increasing number of accounts we all hold across the Web, it’s critical to be vigilant in protecting yourself and/or your company’s digital assets. This post won’t be the end all, be all of how to secure yourself online, but a nudge to get you thinking about it and be more aware of how your habits and actions can affect you and your online security.
There have been numerous high profile attacks and break-ins across the Web in the last year, one of which being the Twitter employee accounts attack. You can read all about it and even the details of how the hacker was able to work slowly and surely through a string of online accounts and finally found several private documents regarding Twitter’s business model and plans for the future and access credit card information of one of Twitter’s founders. The major break the hacker used was reinstating the back-up e-mail account (through Hotmail, which allows old lapsed accounts to be reactivated easily) that the employee had setup for his password to be e-mailed to in case he forgot his Gmail password.
This highlights a key strategy to keep in mind about your passwords: How do you retrieve them if you forget? Try and think strategically about the path you have to take to get your password back and then evaluate if it is too easy for someone to do the exact same thing. Is the personal question used to verify that you are you something no one else should know? Like your pet’s name that you just Twittered about being sick? Or is it the same college you went to with a girl you never called back after dating for six months? Sarah Palin’s Yahoo E-mail account being hacked highlights this particular weakness with our online accounts. People know more about us in the hyper-connected world where we over-share details of our lives and are less worried about what that information sharing can lead to.
Pick the toughest security question you think you can remember and pick a secure password. An example using different cases, alphanumerics and a personal detail would be Smi#8321, if your mother’s maiden name was Smith and your favorite number is 83 and you made the password when you were 21. This may not be a perfect example, but it combines upper and lowercase letters, numbers and a # sign, and has personal details that make it slightly easier to remember. All verification systems should rate something similar to this as a “strong” password since it cannot be randomly guessed and the computations required for that combination to come up by a brute force attack numbers are quite high.
An additional suggestion for your personal habits online, pick one password for your e-mail, bank account and bills (water, gas, electric) accounts and another for all those other accounts you sign-up for (Twitter, Facebook, Fuel Frog, etc.). This allows for your ancillary accounts to be compromised, but your most private of information to remain protected. Security experts recommend not using the same password everywhere, even though human nature dictates that you very much want to, so this can be one way to compromise and be more secure.
Another recent attack that highlights a key issue to keep in mind is the WordPress security hole exploit. An older version of the WordPress software for self-hosted blogs allowed for a hacker to enter the backend, create an admin-level user and begin to spam your posts. What is the solution for this problem? Simple, keep your software upgraded! WordPress recommended that you do it immediately to keep your installation of the program secure. Microsoft releases almost weekly upgrades to Windows XP and Vista with the same purposes in mind. Hackers are extremely interested in gaining access to private data and release patches and upgrades to keep your data safe. These could save you a very long weekend of frustration, or worse, a loss of personal data and identity theft.
If you’d like more tips on how to protect yourself online, check out this great article on Arstechnica: Learn how to protect yourself from identity theft.
Your three key take-aways:
- Choose a secure password and don’t write it down in a readily accessible place.
- Keep your products upgraded, such as WordPress, as there are active communities in the open-source world striving to make the product as secure and safe as they possibly can.
- Login to any sites that you store personal information in with Https, where the S stands for ‘secure’. It encrypts the session, so if you are using public Wi-Fi (or even if you aren’t) you can be more assured that your e-mail password cannot be stolen/hacked that way. You can read more about https for your e-mail login and an old/patched Gmail security exploit and its workarounds, as well.
What are your security tips?
Thanks for reading!
