by Arkday Bukh in the Huffington Post
Can you read too many articles about password safety? We don't think so.
Failing to take normal precautions with cyber security can wreck your day -- and all of the days you have coming. All of the talk about cyber security, hackers and identity theft can leave the average person befuddled. Below are the tips, in plain language, which I collected throughout the decades of working with high-profile computer criminals. They can help protect your privacy and financial data.
Keep it to Yourself
Any time that you share a password you increase the risk that it might fall into the wrong hands. Your BFF today may be your WFF (worst friend forever), tomorrow. Even your Mom who loves you and has your back this week may have a change of heart somewhere down the road -- and by then you will have forgotten that you gave her the password to your bank account, movie site and maybe one, or more dating sites.
Be sure only to give out temporary passwords that are valid for a short duration for times when you may not have entree to the web and need someone's help.
Don't Use a Birthday
The most commonly used passwords are:
● Names spelled backward
● Middle names
● Phone numbers
● "Password" -- the word itself
● Any use of love, God, money and sex
● Car license
Four decades of research shows that roughly 40 percent of user generate passwords are easily guessable.
With all of the attention being given daily to new vulnerabilities and the related patches, people are still slow to catch on when it comes to choosing, using and disclosing their passwords. Wired Magazine reported on a phishing attempt to gain access to usernames and passwords and over 100K people fell for the scheme.
Are You Superman?
Make room "123456," Superman is moving in. Joining the list of most common passwords are "Batman," "Superman," and "Mustang."
Following Sony's hacking problem, Jimmy Kimmel Live went to the street to see how careful how people were with keeping their password secure. The reporter found it was easy to talk people out of their last key password to protect their online privacy.
Click here to watch the video.
Phishing, the underhanded attempt to lure people into giving up their passwords, happens any time of the year. But around holidays such as Christmas, phishers are out in numbers. With the hustle and bustle around Chrismas, about 70 percent of people get online to shop for gifts and make travel plans. Cyber criminals are also prepared to take advantage of the online shopping and scams are spread, intended to steal your identity.
Three of the most common are:
1. Malicious Apps. Be extra careful when downloading apps as you could download one meant to steal your information or put someone else's charges on your phone bill.
2. Travel Scams. Fake travel page with glorious images and sweet deals are often used to lure you into handing over your financial life to cyber crooks.
3. E-Cards. While e-Cards are an excellent way to send a quick thanks, some contain spyware or viruses that load onto your computer once you click to view the greeting.
Avoid Public WiFi
Free public Wi-Fi is enticing and convenient but keeping your data secure can be a problem.
First, choose your network wisely. If you're in a cafe or other community place, be sure to verify the name of the network with the staff or look for signage designating the system and do it before you connect.
If connecting with Windows, be sure to turn off file sharing and mark the Wi-Fi connection as a public network. This is located in the Control Panel and will keep the device from automatically logging into the network without your knowledge.
Online Banking Tools
JPMorgan Chase is one of the main banks nationally. It is also part of one of the biggest breaches of financial data in the USA. Accounts linked to over 76 million households were compromised. The bank initially thought that the incursion was minor and it was just a blip in an otherwise secure year. It was much more severe and was far from a minor breach.
By setting up sophisticated websites that did an excellent job of mimicking the real thing, hackers were able to walk in and steal bank clients' credit card numbers, passwords and other private information. The resulting spread and 90 servers serving the vast financial institution were also broken into and this poured more data into the hands of the waiting cybercrooks.
What can you do to use online banking securely? At the very minimum, do not sabotage the extra verification tools offered by your bank. A small "puzzle solving" can seem annoying, but it can as well save your credentials.
With a plethora of mobile devices today, the smart thing a cell phone owner can do is to lock the device with a four-digit Personal Identification Number, or PIN.
With the rise in phone thefts, the passcode becomes more important than ever. A passcode won't prevent a thief on the street making a quick grab and it won't keep the phone from being resold. However, a four-digit PIN can help protect the private data on the phone. With the amount of personal data most users keep on their phones, a stolen phone can be a windfall for a thief.
Microsoft's chief online safety officer, Jacqueline Beauchere, encourages cell phone users to give the phone the same level of protection that they would give their billfold and wallet.
Using a password Generator such as the Norton Identity software helps to come up with a password that is exceedingly secure and difficult to crack and close to impossible to guess.
A random password generator allows a user to input a random or pseudo-random number and automatically create a password. Random passwords can be generated manually using coins or dice, but the best ones are generated by a computer. A variety of methods exists for creating strong, cryptographically secure random passwords.
There are a large number of programs and websites available to generate random passwords. When looking for one, be sure to select one where there is a clear description of the source of randomness that is used. Also check to see if the source code is provided which can allow product claims to be verified.
It's easy to come up with a password. Just bash your fingers onto the keyboard and come up with a strong password like qp4398#thovd. That's a good start -- it has characters, numbers and a symbol. There's one problem. It is impossible to memorize, unless a person has a photographic memory. While you don't want to use an easy-to-guess password, you want to make sure that the chosen password is also not easy to guess.
Substituting letters for loo-a-like numbers and vice versa, is one easy way. Replace "1" with "I" and "3" with "E" is simple.
Another way is to insert a random character every third or fourth space. So if your password is BigHouse (not a good choice to begin with, but simple so the idea can be explained), inserting a random character would make it look like this: Bi#gh(ou$se.
According to one, the most common mistake people make is using the same password for most -- or all -- online accounts. Over 55 percent of people surveyed reporting storing data on their devices that would be impossible to recreate and yet, the same password was used for email, online banking, credit card accounts and other private data sites.
While it's great to have a different password for every site, how do you remember which password goes with which login? Simple. Continue to the next section and learn about Password Managers.
Password Managers come in two flavors, desktop based and cloud-based. Which you select is a matter of your preference.
Desktop Managers -- keep information on your hard drive. Having the information stored locally makes it harder to access your accounts from an unfamiliar device. Another downside is that if you lose your device or get a new one, you may also lose all of those tough-to-crack passwords.
Cloud-Based Managers -- keep login information encrypted and available on any device with access to the Internet. This option is ideal for people who use multiple devices and the key is to create a highly secure "master password" that will unlock all of your online accounts.
Create, and use, a virtual private network, or VPN. A VPN is an ideal way to keep every browsing session hidden. A VPN encrypts traffic between you and the VPN server. That means it is much more difficult for an intruder to discover your data.
Many employers already have VPNs set up for their workers. If yours doesn't, there are quite a few options available. One service is SecurityKiss that gives ad-free VPN access with a data limitation of 300MB a day. While not the biggest bandwidth, it is usually enough to check email or find maps.
For Android devices, you can sign up for a free account and have a username and password generated for you.
External Encrypted Devices
USB drives and external hard drives are convenient for backup up data or for use when moving files from one device to another. A study conducted in New York found that over 12,000 iPods, laptops and USB drives were left behind during a 180-day period. Even if a person is hyper-responsible and wouldn't let such a thing happen, having the data encrypted can help to make sure data doesn't fall into the wrong hands.
Currently, there are many free or inexpensive software options that all an external storage device to be encrypted. Whichever method chose, its best to evaluate the options based on the type of security needed.
Data security is probably not an issue for you if your folders contain laundry lists and letters home. If there's other stuff though that you want to keep private, Windows can help out. The Encrypting File System (EFS), available on 8.1 stores data in a format that only the owner can read.
EFS is invisible to the authorized owner as Windows automatically encrypts files before storing them and decrypts them as they're read and modified. Anyone else who accesses your device will find the files locked.
EFS won't protect files from being deleted, so be sure to protect the files using Windows' permissions feature.
Presently RSA cryptographys is presenting the best practice for encrypting messages. One concern though is that in the future, when RSA is cracked, will the hackers be able to access data saved under PGP (Pretty Good Privacy) encryption methods.
While some researchers thing that RSA cryptography may soon be hacked, others think that counter-intelligence will be enough to scare people away from RSA and into ECC or elliptic curve cryptography. While the data, acronyms and information is beyond the level of all but the most geekiest of geeks, anyone with a remote interest in protecting personal -- or business -- data should read up on the state-of-the-art methods.
A firewall helps to protect your devices from hackers who would otherwise try to steal passwords and credit card numbers. Depending on the operating system on your devices, yu may already have a firewall in place.
To ensure that the firewall on your device is active, check out the Control Panel on your system.
Identity Theft Protection Services
As more and more retailers being invaded by hackers and security flaws, identity theft is growing. With the upswing in services meant to protect a user's identity, identity theft protection services are also growing and every effort is being made to sign everyone up for their services.
But is it worth it?
ID theft protections can't protect a user from getting their identity stolen. That's not what they're meant to do. They don't take proactive steps to protect the user.
Identity Theft Protection Services do three things
1. Monitor credit report and alert you when someone has used your information without authorization.
2. Monitor your financials and let you know when there is suspicious activity in banking accounts.
3. Monitor personal information, such as Social Security Number and alert when the number is used.
There's no secret to cyber security, however, there's always new tools coming out to beat the latest scheme that cyber thieves come up with. Regular reading on the matter can help enlighten you and keep you from becoming another statistic.