The Internet is a world of information and knowledge; however it’s a dangerous place. In this article I'll give ways to keep your passwords more secure and I will give an example of how easily a password can be stolen. I’ll also show you some other great tips to keep secure online.
Can someone really get my password? What are the chances, really?
It’s much easier than you may think. If you are the type of person that likes their password easy-to-remember and uses the same password for everything on the internet it is indeed VERY easy for someone to find it out—and use it to access your e-mail, files, etc.
Even if a website has encrypted password or a privacy policy—what is stopping the webmaster/Administrator from decrypting your password and using it to access you’re E-Mail, files, or anything else? Nothing at all.
1 – Password Security
The number one rule to password security is to never, under any circumstances use the same password for more than one use. When you enter data into an online form it’s not always secure, and your password may be visible to the webmaster in the database.
What should my password consist of?
Your password should be a combination of letters (Upper and Lower case) and numbers (and symbols if allowed). You should also not use common things like; your address; your birth-date; your telephone number. This will prevent others from easily guessing your password.
Should I use the password hint option?
Yes, always make use of this feature, you will be much more likely to not forget your password if you use it. But don’t make it to obvious. If your password is ‘Winter1984’, do not use a password hint like ‘My Favorite season + High School Graduation’, use something that will only have meaning to you – and you alone. For example, a better password hint would be ‘F. Sea + HSGd’, which is more cryptic, but should give you an idea of what your password is.
What should I use for my secret question?
Often places like Yahoo will ask you to enter the answer to your “secret question.” A secret question is a question that you answer if you forgot your password. If you answer the Secret question correctly – you will be given a temporary password. When choosing this question / answer, try to make it as hard as possible to guess, use the same technique as above.
Should I ever change my password?
Yes, change it every 30-60 days. The more you change it, the better off you are. It’s as simple as that.
Any good website will never ask for your password in an e-mail or an IM. Do not give it to them.
What if I’m using a Public or School computer?
Many people use Public or school Terminals to access the Internet, this may be because they have a dial-up connection, or they are having computer trouble. If you use computers at a school or a public place, always remember:
- The websites you visit are likely being logged.
- Everything you type may be logged.
- You may be prevented from accessing some websites.
By default, any login information can be stored in Windows; do not ever let Windows “remember” your password. Anyone that uses that computer and goes to that website will be able to login with your login information.
When logging into a website, should I use cookies?
Some websites (Or online message boards / forums) will have a checkbox that asks “Remember me?,” or “Save Password?,” or “Use cookies?” you should uncheck this box if you are not on a computer that only you use.
2 – Fake Login Pages
Beware – it is not hard to make a fake login page. Always be sure that when you enter in data, it is in a real login page.
How do I know that it is a real login page?
The only way to tell if the login page is real is by checking the URL in your browser. If you are signing in with your Yahoo! Login information, make sure the URL is: http://something.yahoo.com/…, so if you’re using your AIM information, make sure it is http://something.aol.com/… Or for MSN (Or your .NET passport) it will be: http://something.msn.com/…; http://something.passport.com/…; http://something.microsoft.com/….
What should I do if I find a fake login page?
You should report it to the website host. Information on finding and contacting the host can be found in this topic.
Other Internet Security Tips
No matter how secure your password is; your computer needs to be secure as well to protect you from the hazards of the internet.
3 – Virus Protection
The best way to stop a virus is to not let it in. Several good programs are Norton, and McAfee. But remember an antivirus program is worthless if it’s not updated daily, or weekly. You should also perform full system scans daily. Another great tool to clean-up your computer is Ad-Aware; this will scan your computer for files and registry keys that are harmful to your system.
Beware, some features such as Auto-Protect and Script blocking may slow down your PC or prevent you from submitting data in an online form.
4 – The Firewall
A firewall is either a piece of hardware, or software that will protect your system from the Internet. A firewall basically “Puts space between the Internet and your computer.” Some firewalls are ZoneAlarm, and Kerio (Free).
If you are on a Network with a Router/NAT, you have a built in Hardware Firewall in the router.
5 – E-Mail Security
E-mail is one way a virus can be sent to you. If you use MS Outlook (Built into MS Office), or MS Outlook Express (Comes with Internet Explorer 6) you will be a slightly bigger target.
How can I protect myself from viruses?
Here are some general guidelines:
- If you do not know the sender, do not open the mail. Delete it ASAP.
- If you are not sure what the attachment is, do not open it.
- Never open a file with these extensions: .DLL, .OCX, .EXE, .PIF, or any other file types that you are unfamiliar with.
- Scan all attachments with a virus scanner.
Tip: If you do not have a virus scanner, you can forward it to an e-mail that is at the domain “hotmail.com” as all hotmail attachments are scanned by McAfee software on the server.
How do I know if I’m logging in on a secure server?
It’s a good idea to be on a secure server if you are entering credit card info, or any other personal information. To check to see if you are connected to the server securely, you need to look at the URL in your browser address bar. The URL should start with https:// the “s” in “https” stands for Secure. (Https = Hyper Text Transfer Protocol Secure).
With this information, you can be smarter about the way you surf the Internet. You will be much more secure and less of a target to hackers.
Ian Shaw says
A different password for every site may be the ideal, but it’s impractical in these days where every 2-bit site you visit wants you to log in. How do you remember each one?
I standardise on three passwords. One for where I really don’t care is someone else gets access, one where I care a little bit, and one where my money is involved!
Jeff Hester says
@Ian Shaw: That’s a great approach; sensible and practical. If you wanted to tighten it up a bit more, you might have unique passwords for the sites involving money.
The other key is to change your (important) passwords periodically.