Google Search

Sunday, September 9, 2012

How To Keep Your Passwords Secure

My Facebook account was hacked this week.  Again.  That’s the third time now.  This time someone posted some rather rude comments about the size of certain female body parts.  Which isn’t like me.  Though I do appreciate the female body, and all its parts, I specifically like them on MY WIFE, and find it very rude when people talk about them in public.  So my password was definitely hacked.  And trust me, I use very secure passwords.

So I decided that, in all probability, this post is justified.  Here are a few ways to make (and keep) all of your online accounts secure.

  1. Don’t “Keep me logged in”.  EVER.  Most sites have the ability to do that these days, which could be very convenient.  It uses cookies on your system that “remembers” your username and password and the fact that you’re logged in, so the next time you connect it automatically takes you into your account.  The problem is, many people tick that box out of habit, and then they tick it at work, at school, at a friend’s house, etc.  Quite a few people have found their Facebook statuses changed to “I’m gay” because of this…
  2. Always log out.  This is just an extension of the first tip.  If you are no longer logged in, people can’t gain access to your account to manually reset your password or change anything.
  3. Don’t use the “Log in using Facebook / Twitter / Google / Whatever” feature.  Many websites allow you to log into their own sites using your social networks’ login details, saving you the trouble of creating yet another account (9gag.com, for example, does this).  But this is a big security risk.  Do you really know who the people at the other end are?  Or how secure their server is?  You can never be too safe.
  4. Create a secure password.  Make your password as long as you can, with a combination of letters, numbers, and other characters.  This doesn’t have to be as complicated as it sounds.  You can take a word or phrase and make some subtle changes to it.  For example, let’s say you use the phrase “Lourens is an awesome guy” (yes, I know, I’m incredibly humble).  Change that slightly and make it “l0ur3n5!5@n@w3s0m3guy”.  There’s a 21-character password that won’t be too difficult to remember, but a nightmare to hack!
  5. Remember that no password is ever 100% secure, so change it regularly.  How regularly?  That depends.  My previous Facebook password was 16 characters long and very strong, a combination of letters, numbers and characters.  It was hacked after about 12 months.  So don’t EVER think that you’re safe!  The hackers are always working, so to quote Alastor “Mad-Eye” Moody: “Constant Vigilance!!”

There you go.  Five very simple steps to keep your online accounts and profiles safe and private.  A secure password is the first step to a secure online presence.  Make sure that you’re safe!

Until next time, BE the miracle.

1 comment:

  1. 1 and 2: I'd use 'keep logged in' on very secure computers, such as my home PC. But even then, it can be a harmful feature if overused. It generally has a terrible effect on people: they forget their most valuable passwords because they rarely use them. The more important a password is, the less you should be inclined to use this feature.

    3: that crap is one of the things I hate Facebook designers for. Also, most sites with facebook 'widgets' (comment and like sections) on them get you automatically logged into Facebook on their site if you ticked 'keep me logged in'. Yey, now Facebook, and who knows what else, can track me all over the bloody internet and maybe even randomly post things on my behalf. So awesome. It would still have been OK-ish if the network protocols for that crap weren't so insecure. This was probably how your account got hacked to begin with (though I'm no expert on this).

    Also, I wouldn't trust most of those Facebook (cr)applets that float around. More importantly, nobody /actually/ needs them.

    4: akshully, I disagree with your idea of a strong password. Automated brute force attacks generally are only countered by password length. Overtly cryptic password are usually a one-way ticket to forgetting your password. How about phrases, and sentences? http://xkcd.com/936/

    I'd go out on a limb and say your password wasn't ever guessed or brute forced, but rather intercepted at some point with the help of 9gag.

    ReplyDelete