It seems like everyone’s getting hacked these days. Or, it’s just more visible that people are getting hacked with the increased number of access portals we’re allowing into our private information. In the past, it seemed perfectly fine to have one easy-to-remember password for all of one’s online accounts: an email account, an AIM screen name, a yahoo account.
But today, not only are we managing multiple social media profiles, we also use passwords to sign on to access secure information like banks and student loans, and are managing our own websites through a plethora of web hosting and CMS options. Gone are the days of the guru webmasters and in come pouring the potential security holes, each average user adding to the potential wormhole network. It it must all look like a giant block of swiss cheese to someone who can read it all.
So there are two questions. To help prevent these imminent disasters, how can we make sure our connections and passwords are more secure? And when these disasters occur, because they most likely will, how prepared will we be to resolve the issues as painlessly as possible?
A post like this could easily turn into a book. That, of course, would just be silly and also really boring. So what I’m hoping to provide here is an outline of basic recommendations, as well as additional resources to help you navigate around a potential security breach or attack.
Use https connections as much as possible. Facebook just recently gave people the option, and there are still many who think that Facebook should just make it mandatory across the board. Regardless, check the URL bar in your internet browser. If you’re anywhere where you need to log in, it should hopefully say https, rather than http, meaning that end-to-end encryption is being used, a more secure method of accessing information.
The Firefox plugin HTTPS Everywhere is a nice tool.
I’m still surprised by the ridiculous passwords some people insist on holding on to. Their pet’s name. Their favorite food. Even worse, “password” or “123456.” And, I’m surprised by how many people still use the single same password for ALL of their accounts. It’s like they’re sacrificing themselves to the hacker gods.
Password security is a complex subject, one that doesn’t necessarily have a single best practice. But yes, when they tell you to pick a password that has at least one letter, one number, one symbol, they’re on the right track. Even still, I see people with passwords like “Password&1” or “Kitty#12” which just don’t cut it.
This article [The Usability of Passwords] explains the ins and outs in much more detail, but some best practices include:
– Don’t use words that can be found in dictionaries. Think of phrases rather than single words.
– Don’t use the same password for all of your accounts. If they access one, they’ll be able to access the others.
One tip I give clients who want a password they can still easily remember and have trouble coming up with a more secure alternative, is to come up with a phrase ie. “pasta god,” and use the above guidelines to make it less visible to hackers, ie. p@$tA60d.
This is one way to have your passwords more secure and still memorable. Regardless, you should change all your passwords regularly, every 3-6 months. And if you have millions of accounts with millions of passwords, try using something like KeePass, a secure document that keeps all your passwords safe with you only having to remember a single master password.
Gmail now offers a 2-step verification process for log in. Use it. There’s no reason not to, and makes it significantly more difficult to hack your account. Read more here.
This seems like common sense, but don’t add friends or followers who are obviously scammers, phishers, generally fake people, or linked to some kind of scam or porn site. Who care if it boosts your numbers and makes you look more popular. It’s a security risk. And do you really want to be connected with these sorts of shady entities?
Monitor everything. Your social networks. Your email, for strange activity. And if you maintain your own website, extra vigilance. There are many popular hacks for popular CMS’s like WordPress. Your website code may have been hacked without you even knowing it. There are many types of malware or programs that run quietly in the background, without any visible damage on the public face. So keep an eye on your code.
Be careful with sensitive information, especially when browsing on a public machine (ie. at an internet cafe or library) or accessing a public wifi network (ie. at Starbucks). Delete your password and browsing history, and be weary of what kinds of information you’re sending over the wire. I wouldn’t process any financial transactions on a public network. Instead, use a network you’ve set up yourself ie. your home network that is protected with a good password.
If you do indeed maintain your own website, one easy way to help boost a little bit of security is to connect via SFTP rather than FTP. It’s not foolproof, but helps counter those listening in on the call.
Beware of pop-ups or windows asking you to download something, click a link that takes you to an external site, or to update software that you don’t even own. You don’t want to risk opening a gift-wrapped virus, so be careful what you click on.
Also, watch out for fake security experts contacting you about finding viruses on your computer, especially when they offer to remove the viruses for a nominal fee. Beware in general of anyone asking you for money if you don’t know who they are.
As well, be careful of emails coming from supposedly trusted sources like PayPal or your bank. There are tons of spoof sites and spoof email addresses that want you to follow links, exposing you to potential harm. Double check the email address these emails are coming from, and when in doubt, enter the URL yourself and check your account.
Ditch it. Ditch it now. Seriously. Shame on you if you’re using this flaw-ridden browser.
Back up everything. All your website files on your server: have them backed up on your local server. Just in case anything goes wrong or someone inserts bad code into your files, you can just wipe them and upload your clean, backed up files.
I’ve barely scratched the surface, but hopefully you’re already on the right track.
Security in-a-Box is a super resource for computer and internet security.
All their guides are great and really helpful. Here are a few I thought stood out:
– How to recover from information loss
– How to keep your internet communication private
– How to use mobile phones as securely as possible
– Plus check out all the hands-on guides for help on using specific tools & applications
[Notice, by the way, the “https” in your URL bar while browsing)
Browsing on a mobile device? Check out this great resource for information on protecting your security when browsing on a mobile device: Protecting Your Security Online.
Questions? Leave a comment with your inquiries & curiosities.