Monday, August 15, 2011

// // 2 comments

Getting Hacked & Online Security – Part 2

by Reb Akiva @ Mystical Paths

Part 2 of (probably 3 or 4 parts) on online security after having my Google accounts stolen by a hacker…and I’m a computer expert!

Part 1 here.

The agony of passwords. 

Passwords are annoying and it’s very common for people to use simple passwords.  Some people do have their accounts stolen by “brute force attacks”, meaning the hacker uses a password guessing program and just keeps “guessing” until he wins.  This works if you have a single word or any of a list of very common passwords.

Over the past years security experts have tried to train us (and many systems require us) to add numbers, upper and lower case, and even symbols to our passwords.  This means getting stuck using passwords like “haha12=+”.   What a pain!

Because computing power has increased, even these mixed passwords are now less secure and guessable in a weekCurrent recommendations say: use 4 word passwords - length is the key.  Meaning a password like this: “correct mystical rabbinical paths.” is EXTREMELY secure and easy to remember.  That last part is probably the most important.

This means we must change our passwords to LONG passwords. Four word passwords are easy to remember, particularly if you include non-simple or personal words (such as a spouses middle name or the type of car you drive… “mazda matilda maximum multiple”.)

Even worse, many of us use the same password at multiple sites.  WE ALL DO IT, but if our password is stolen (from somebody watching us type it, having it written down where someone can find it, having a spyware program on our machine, or having an online service we use hacked with emails and passwords stolen from them) the e-thief instantly has access to everything we do online.

The best solution to avoid this is to use a different password everywhere.  But that’s humanly impossible without using password management software.  Here’s a free and good password management program, though it is a bit complicated to use and you have to backup the password data file in case your computer hard disk crashes.  A good free and automatic way to do this is with this online backup service with 5gb free and automatic backup-sync.  That “automatic-sync” is the key, anytime you update the password list it get’s automatically backed up off your computer (and 5gb is plenty for a password file and other basic stuff).

A weaker solution is to use at least 3 passwords.  One for email and Facebook, one for banking / credit cards / financial stuff, and one for any other internet services you use (travel, gaming, blog commenting, etc). This limits damage to one “area” of your life if a password gets stolen.

To avoid this problem complete (having your password stolen by being watched, read, spied upon, or the problem of a guessed password) Google and Facebook have recently added “2 step authentication”.  This means IF you get your password right, THEN you still have to do something else to log in.  The something else for Google and Facebook is to SMS your pre-registered cell phone with a secret code that you then have to enter.  This is a major pain in the rear-end but is complete protection against password theft or guessing.  (Unfortunately there are still other ways to steal your account, more on that after this.)

Here’s how you enable 2 step authentication on Google and Facebook – (both require you to provide Google and Facebook with either a valid cell phone number or a valid home phone number, or both)

Google

imageimage

Facebook

image image

(for the next steps, you first hit Edit next to the item displayed, then the extra things below appear)

image

image

This is not how my account was stolen but is good practice that I’ve now activated personally (and had not before this e-theft affected me). 

In the next post on this topic we’ll really get into it, how my and my wife’s Gmail accounts were stolen from a clean non-infected non-spyware’d computer on a secure network – and how you can avoid it happening to you.

2 comments:

CD said...

Thank you so much for this information, I'm looking forward to the next post on the topic.

josh said...

It is not hard to have a different password for each site and it is easy in addition to the previous tip to use multiple words.

Let's say you do decide on mazda multiple (etc...) for all your passwords. All you have to do is add one letter inside and this changes the password as well as how the password looks encrypted as well.

for gmail: mazda gmultiple
for linkedin: mazda lmultiple
for your mastercard: mazda mmultiple

etc... You can add this one letter to the beginning, themiddle, or the end of your password string.

Related Posts with Thumbnails