I read an article on Monday on how a tech writer had his online life literally destroyed in under an hour. Not for who he was, but because someone wanted his Twitter account handle. This could happen to any of us for the same reasons. The thing that was interesting to me about this hack was that the hackers didn't have to crack his passwords to gain access to his accounts. Apple and Amazon handed the information over. Amazon has already responded and has changed internal procedures. Still no word from Apple.
So, how do we stop this from happening to us? By making it as hard as possible to get in. If someone wants in and is willing to spend the time, they will most likely gain access thru brute force attacks. But you don't have to make it easy on them.
One of the most common mistakes people make is using the same username and password for every website. DON'T! If you already have, starting changing them today. I know, "How do I keep track of all the usernames and passwords? Writing them down isn't good either." One way is to use a password manager like LastPass. While browsers like Google Chrome have password managers built in, I prefer LastPass for a couple of reasons. One is that they have browser plugins to make it easier to access your information, and it goes with you. It's web based and can be accessed from any computer. I'm not going to get into all the features here. Go to their website and check it out.
Another thing people do is use dictionary based passwords. These are easily hacked with the power of today's computers. There have been many articles on what the best passwords are. I try and combine all possible combinations when possible. Short three or four word phrases will take years to crack with todays computing power. Phrases like "he likes pizza" is more secure than "helikespizza". When you throw in numbers, letters and special characters you have the making of a very good password "h3 Like$ pizz@". And the longer the better. Try to use the maximum number of characters the site will allow you to.
Lastly, use 2-step verification when possible. What is this? It's a security protocol that makes you have two steps to login. Some of you may use RSA keys at work. This is a 2-step verification product. Most of the time the second step requires the use of your cell phone. While this can add a few seconds to your login time, the security it provides is some of the best available. With 2-step verification hackers will have to have both your password and your cell phone to gain access to your data. If you have a Google account(either personal or business), they offer Google Authenticator. LastPass offers this as well. They have 3 different options to use, Google Authenticator is one of them. That's another reason why I like using LastPass.
More and more sites are starting to offer different 2-step verification options. Hopefully more will start using Google Authenticator. It's free for site developers to use. Everyone's favorite social site Facebook has "login approvals". Not everyone can use it though. I login into Facebook using the secure site(https:\\ not http:\\) and I keep my browser secure. Facebook won't let me enable it. Dumb. Hopefully they will change this in the future.
Please leave any questions and comments below and be safe online.
No comments:
Post a Comment