Introduction Series Part 3: User Name and Password Protection
Protecting yourself on the Internet should be at the top of the to-do list of every computer users these days, yet so many people are careless when it comes to computer security It is easier than ever for hackers to break in and get all of the personal information from your computer as many computer users fail to follow simple rules such as keeping their system up to date or installing security software on it that protects them from these attacks.
User accounts on the Internet are one area where users often fail to take the necessary precautions and security measures. This can not only be seen in the many hacks that get reported by individual users day in day out, but also when hackers manage to download password databases from servers. Sometimes, lists of decrypted passwords get released to the public and those lists highlight that many users select insecure passwords for their logins.
User accounts are used to identify users, often to provide them with customized information only available to them. This can be messages for example or access to a list of friends. The password is used to protect the account from unauthorized access. Selecting a weak password can lead to accounts being compromised quite easily, more about that later on in the guide.
Selecting a secure unique password for every Internet site and service you are subscribed to is of utmost importance. A weak password often allows attackers to hack it in no time at all, and if you are using the same password on several sites, attackers may gain access to those sites as well if they try popular ones or know that you are also a member of other sites.
A popular solution for all these problems is the KeePass password manager that stores passwords and other information for you so that you do not have to remember them by yourself. It ships with a password generator that you can make use of, and supports plugins that you can install to add support for various web browsers and third party programs.
If you prefer to select your passwords manually, make sure you follow these simple rules:
- Make sure it consists of upper- and lower-case letters, numbers and special characters if supported by the site.
- Make sure it is reasonably long, I suggest at least 12 characters in total, the more the better.
- Never use personal information in the password (e.g. your favorite sport's team, your wife's maiden name, the car you are driving, your workplace).
- Never use the same password on more than one website.
Selecting a secure password prevents most brute forcing attempts from being successful as it will simply take too long to brute force a 32 character password, at least for regular attackers and not national intelligence agencies.
Many sites asks you to select a security question as well and enter an answer for account recovery options. My suggestion is to never answer security questions truthfully as it is often very easy to find those information out about you.
You need to make sure that you do not hand over your password to anyone. Not directly in face to face conversations, not over the phone, and certainly not in emails or chat programs. No legitimate website or service will ever ask you for your account password.
- If you are ever in doubt that someone may have gained access to your password, change it immediately on the site it has been used on.
- Make sure you do not check the "stay signed in" or "remember me" checkboxes on sign in pages if you are working on public computer systems or third party systems that you do not have full and single control over.
- Several services, Google, Facebook or Microsoft, offer something that is called two-factor authentication. This adds a second layer of protection to your account and I highly recommend that you activate it for your accounts.