Sunday, February 28, 2010

Don't Get Hacked!

My husband is an information security manager, so over the years I have received many lectures about strong passwords. At least three of my friends' twitter accounts have been compromised in the past week, so now is a good time to share with you about how to create a strong password (with a little help from my husband). Here are nine points that, if followed, will ensure you have a strong password.

1. If possible, your password should be a combination of letters, numbers and special characters.
2. Do NOT use a dictionary word or common name.
3. Do NOT use social security numbers, anniversary or birth dates, addresses, etc.
4. Don’t use anything that can be associated with you from other public data.
5. And make sure that your password does not contain part of your username.

Here’s a great example of a phrase turned into a strong password with the use of special characters and numbers:

32$izmyn (32 dollars is mine)

But be careful. Here is an example of a very weak password that the common person would think is strong:


I’ve just spelled “password” with special characters and a number. And I’ve also just typed a password that’s in every hacker’s dictionary.

Acronyms are useful as passwords, especially if you throw in special characters. Take a favorite line from a book or movie and use the first letter of each word, then throw in a few numbers and special characters. For example, let’s take that most famous of all movie lines, from Gone With the Wind: “Frankly, my dear, I don’t give a damn.” Here’s an acronym of this phrase:


Okay, so now we have a string of letters that doesn’t appear in hacker dictionaries (until hackers see this blog post and add it, so DON’T use it). Let’s make it stronger by substituting numbers and/or special characters:


Now you have a useful password.

Now, some websites don't allow special characters in their passwords, which always annoys my husband. But in that case, just make sure you use numbers and don't spell out any dictionary words.

6. And don't be mistaken: a firewall is a great thing, but it won't protect you from viruses that you or another family member unknowingly download. Make sure you have antivirus software and updated definitions or subscription. Your computer may have come with it pre-installed when you bought it, but unless you are paying a yearly subscription fee, your computer is not protecting you from the latest viruses—and there are new ones written every day. One friend changed her password when her twitter account was compromised, yet it was hacked again within hours. How did this happen if she changed to a strong password? She had unwittingly downloaded a keystroke logger—a virus or trojan that records your passwords.

7. Be wary of clicking on website links in emails. If a friend sends you an unexpected link via email, twitter, facebook, or even a chat window, check with them first.

8. If possible, put your kids on a separate computer. Kids are notorious for downloading all sorts of extraneous software, which often contains malware. Malware includes viruses, adware, spyware, trojans, key loggers—all the stuff you don't want on the computer you use to manage your finances.

9. One more thing—and this is probably the most important thing of all for protecting your identity—make sure that you keep financial passwords different and separate from ALL OTHER passwords. That way, if your facebook or twitter account is compromised, the hacker can't turn around and use the compromised password to hack into your banking or credit card account.

No comments:

Post a Comment