#the only passphrase i have memorized is my password manager master password
Explore tagged Tumblr posts
fookinstevienicks · 2 years ago
Note
further psa: try to avoid these kind of security questions at all. if you must comply with them (some places just are not going to live in the 21st century shout out to my bank y’all) pick a wrong answer. i promise you i did not tell the bank my actual high school mascot or favorite movie. i picked random shit. get a password manager (bitwarden is excellent and has an excellent free tier of service, and the paid tier is even more excellent and very cheap. DO NOT USE LASTPASS) and store the question and answer in it.
while you’re using your brand new password manager, use it to generate secure passphrases. i use bitwarden to generate passphrases with 3 random words, use a special character separator, and also set it to use capitals and numbers. this will satisfy the password requirements of at least 99% of sites. like i said, some places just ain’t going to join the 21st century
and while you’re fixing your passwords (i’ve been updating passwords for months fuck you lastpass you shady bastards) turn on 2FA/MFA for every account that offers it and use an app, not sms if you can. i use Aegis but i’m considering paying for bitwarden to use their built in 2FA option because gd it’s a pain in the ass and bitwarden can put it in automatically instead of me hunting it down in the app
if you share services with another person (fuck you too netflix) you can share the password with them directly from your password manager for end-to-end encryption (every manager does this differently read their support pages). you can of course just text it to them but this isn’t as secure but let’s be real probably no one is going to intercept your text messages for your hbo max password and as long as it’s unique (DON’T REUSE PASSWORDS) that secures your other logins
kinda went on a rant here but this became a whole thing that consumed like four months in the office last fall so yeah fix your fucking passwords
What was your favorite subject in school?
Anon,
I am assuming you are the same person who asked me this and the animal question, and I'm going to be honest, I'm not answering them. It sounds sus, and they are legit security questions that many companies use to protect various accounts and I'm not going to give that information out.
I wasn't even going to answer, but decided I should in case I have Tumblr mutuals who are receiving the same anon messages with the friendly reminder of "please be careful regarding the personal information you give out on the internet!"
20K notes · View notes
vodka-bot · 8 months ago
Note
Are passwords with words actually good? I ask because you mentioned being shown that xckd comic in security class
Short Answer:
Yes! Its easier to remember, and the chance of a hacker guessing your password is very low- especially if the words are unrelated (such as CorrectHorseBatteryStaple)
Long answer:
Yes, but there are lots of different ways passwords can be compromised.
A password with words- or a passphrase- is good because it adds many possibilities. For example, CorrectHorseBatteryStaple has 25 characters in total. A hacker has no idea WHAT those 25 characters are, making a brute force attack (a method where you try every POSSIBLE combination) will take fucking eons- and nobody has time for that. Using a passphrase also prevents modifications, ie. when you use 1337speak or add random capitalization (password -> p455w0rd -> Password!).
However, a password/passphrase is only as good as how many times its used. If you use CorrectHorseBatteryStaple for everything, from your Tumblr account to your bank, it makes it REALLY EASY to hack into your stuff. If you use the same email and password for a random forum that is the SAME email and password for your paypal, they could theoretically access your paypal. There's another great xckd comic on this:
Tumblr media
So, its best to have a different password for everything. I recommend a password manager. I personally use BitWarden since its free, can connect between your phone and your computer, and it requires one master password to access everything! (Which is easier than remembering 25 different long ass passwords). I tend to randomly generate them then punch them in.
If you want to be more secure, I recommend 'peppering' your randomly generated passwords. I wont go to into what that means, but basically, a password 'pepper' is adding an extra little bit at the end. lets say you choose your pepper to be 'xkcd', your password would look like 'passwordxkcd'. That way, if something ever happens to your password manager, you STILL don't have to worry to much about your passwords!
What I do is save a password in Bitwarden (8zeCSdv7k$), then whenever it autofills, i add my pepper onto as my official password! (8zeCSdv7k$xkcd). Therefore, the only things i have to remember are:
A) a master password, where I recommend using a passphrase, and
B) a random 'pepper' word to add onto the end of your passwords
And boom! That's IT security 101 with a dude who has taken one class.
TLDR: Passphrases are good and great for memorizing, but try not to reuse them! Use a password manager and keep your info safe!
43 notes · View notes
mentalisttraceur-software · 4 years ago
Text
My `pwhash` and `pwcheck` approach, combined with using passwords generated by `pwqgen` from Openwall's `passwdqc`, empowers a holy grail of password memorization assistance for me: recovering a password that I almost remember, but have forgotten just a little bit of.
Usually, when I "forget" a password, I remember almost all of it. Back when I did password phrases, I might forget the exact word order or choice or punctuation, but I would remember most of it. With `pwqgen` passwords, I might at worst forget one of the three words.
So let's say I have a password like... (runs `pwqgen`): spear9rome_Clap.
That's 12 bits of entropy for each word out of a word list of 4096 words, 1 for whether each word starts with a capital letter or not, and I think 4 for each special character out of a list of 16.
Now let's say I forget one word. I only need to try 4096 combinations, and I can try them locally, against my securely generated and stored "hash" of my password. Any reasonably secure remote system would make that impossible due to lock outs or rate limiting. But even on phone hardware from ten years ago, I can have a script check all 4096 possibilities within a few minutes.
Of course, I only have it this easy because I remember most of my password. Someone else trying to crack my password would have to try all 47 bits of entropy instead of my 12 bits. So it would take them... years? decades? I don't know exactly, but long enough that I'm not too worried. That's assuming they get access to my password "hash" files that I use for this purpose. If I wanted to be pretty safe, I could keep them all inside one big encrypted file or otherwise secure them all with an additional longer master passphrase - in other words, I could have security strictly greater than a regular password manager, by doing every security measure that password managers do on top of my current setup.
2 notes · View notes
cse6441-blog · 5 years ago
Text
Trouble in Password Town
Tumblr media
People suck at coming up with a good password. A password needs to be both strong (hard to crack) and easy to remember for an individual to be practical. Passwords need variation and an element of randomness to be hard to crack, but have some personality to be memorable. To help us come up with a good password, a few guidelines are:
Create a long password (more characters, more strength)
Make it unique to each site (this prevents single point of failure and when you are attacked, only one login is compromised)
Add capital and lowercase letters, numbers and symbols
We know from password databases being compromised all the time that a large number of people use the same WEAK passwords. In fact in an analysis by Troy Hunt, he revealed that nearly 1 in 3 passwords fell into the common traps:
The first/last name/nickname of a loved one
The name of a pet
A street/city/location of significance
A birthday or special date
A password Incorporating the website name
Any combination of the above…
Tumblr media
Brute Forcing is the Worst Case
We often measure passwords in bits of security, but that itself isn’t a definitive measure. Hackers don’t typically just operate by trying to brute force every password possible - they typically use recon to gather information about you and develop a personal password database. In this way they can generate highly probable passwords which are variations of the common traits above. This means that for weak passwords which are predictable, they are even faster to crack than normal!
In fact, attackers already have something called a Rainbow Table which is a collection of all the most common passwords used. If your password falls into that table, your account will be compromised almost INSTANTLY. Even scarier is that if you add a fact about yourself or something else predictable, they can generate a personal rainbow table of all possible passwords you would use just by using these facts they have about you.
Tumblr media
Avoid Password Reuse
We’re all lazy to an extent. Especially when it comes to passwords, we visit on average 25 sites a day, and only keep around 6.5 in mind. Therefore the average person reuses their passwords on every 4 sites!!!!!
This is extremely dangerous since if one of your passwords is compromised, your other accounts on other platforms simultaneously are gone. Even scarier is that if your email gets compromised, an attacker is capable of then accessing all your accounts by having the ability to reset your passwords on the other platforms :o
We all like to hold the benefit of the doubt and think that it’s less likely to happen to us, but major platforms do eventually get hacked! If you aren’t changing your password and reusing them across multiple sites you’re participating in a RISK.
Moreso, you should try to achieve a truly unique password that does not lie in a compromised database already. If its on there, the same issue with hackers being able to attack your password comes up again, bringing the attack time down to almost instantly.
Tumblr media
Password Managers
Not the one that Karen always wants to speak to. But password managers allow you to have pseudo-random passwords which are generated to be difficult to crack and taking away the worry about forgetting them. All these passwords can be used to access your accounts easily and are encrypted with a secure algorithm like AES-128 which are unlocked with a MASTER KEY. So instead of needing to remember all your passwords to all your platforms, all you need to keep in memory is that one master password! As long as this is sufficiently long and adheres to the advice above, then it will take centuries for that to be cracked!
Tumblr media
Coming up with a Good Password
Passphrase method – Come up with a nonsensical yet memorable phrase comprising of about seven words or so, that incorporates some numbers and symbols. For example you might choose “theyellowrosessmellgoodinsummer”, which you could then augment by adding numbers and symbols : “the3Yellowrosessmell=goodins()mmer”. This final password would take 56.18 million trillion trillion trillion centuries to brute force. Read more…
Abbreviated passphrase – Similarly to the passphrase method, this time come up with a longer unique phrase and choose the first letter of each word. Be sure to include capitals, numbers and symbols. For example “My dog (Jasper) always likes to eat green oranges when I forget to feed him!” would become “Md(J)al2egow1f2fh!”. This password would take 1.28 trillion centuries to brute force.
XKCD password – This password method became popularised by a popular the popular web comic XKCD which first proposed the idea. It proposes choosing 4-5 random words, building a mental picture of them all to aid memorisation and then joining them together to form a password. For example you might choose the words dog, beaker. candle and cheese; then picture “a dog pouring liquid cheese into a beaker to make a candle” to help you remember, then decide that your password will be dogcheesebeakercandle. You should then add some capitals and symbols where possible to create your final password – D0gCheeseBeakerCandle. Which will take 1.41 hundred trillion centuries years to brute force.
0 notes
aaronsniderus · 6 years ago
Text
Tips to Secure Your Information Online
This is certainly up for debate, but an argument could be made that the internet is perhaps the greatest invention of mankind since electricity. We are able to connect to friends and family, find information at the touch of a button and order pizza with a click or even your fingerprint.
However, when you’re surfing the information superhighway, it’s important to be safe. Everything I’ve just described involves a certain amount of your personal information. You don’t want someone getting grandma’s top-secret cookie recipe, finding out what health conditions you have by looking at your Google searches or getting your credit card number when you order a large supreme.
While all of these things could happen if you’re not careful, it’s no reason to turn off your computer and smash it to bits before going to live in a homemade bunker under 6 feet of cement. The internet is too great a utility for that. What we can do is practice a few safe browsing habits.
For the last 15 years, October has been celebrated as National Cybersecurity Awareness Month. Let’s take a look at some ways to protect yourself online.
Keep Computers and Devices Up-To-Date
The biggest thing you can do to protect against flaws in operating systems for computers and mobile devices is to run the latest updates you can when they come out. Apple, Microsoft, Google and other device manufacturers put feature upgrades in these updates, but they also take the opportunity to push important security patches to you.
Criminal hackers then analyze these updates to figure out what the software engineers fixed and work to exploit the flaws in unpatched systems, so it’s crucial to install updates as soon as you get them, especially if they’re labeled as having a security focus.
If you have an older device that can’t be updated to the absolute latest version of the operating system, make sure you’re on the latest version your device can run. You should be able to check for updates within your device settings (often under the general, about or help menus.) If you’re unsure where to check for updates, Google your computer or device. If automatic updates are an option, it’s a good idea to turn them on.
Even if you’re on an older device, check for updates periodically. When features aren’t being updated, sometimes you’ll still get security patches for a period of time beyond when you would receive feature upgrades. Sometimes manufacturers will also release patches for unsupported, older devices if the flaw is considered very serious as well.
Account Security
There are three great ways to make sure your account is secure: biometrics, long and strong passwords and two-factor authentication. Let’s briefly go over these.
Biometrics
Whenever possible, if your device offers biometric authentication, take advantage of it. Biometric authentication relies on a person’s characteristics to verify who they are. Someone would generally have to go to great lengths to get a copy of your fingerprint and transfer it to a medium that will mimic skin enough in terms of heat and texture to fool your phone or computer. These scanners have come a long way. The same applies to facial or iris recognition systems.
It may have once been possible to form these things with a picture, but now device manufacturers like Apple and others are taking advantage of faster processors and a variety of sensor and light techniques in order to get an accurate map of your face in seconds.
Strong Passwords
Having a biometric option available to you will make it easier to have a long, strong password to get into your computer or phone if you only need to type it in every once in a while. Passwords that are 12 characters or higher are harder to crack because it takes longer for even supercomputers to brute force those. Also, you should try to use passwords that you’re going to remember, but that aren’t based on words in the dictionary. It’s pretty well established that “Monkey123” isn’t a great password, but “Chimpanzee123” isn’t much better.
You should also try to use passwords with numbers, symbols and a combination of upper and lowercase letters. If you’re in a work environment where you have to change passwords often, but you want to be able to remember them, it helps to come up with a strategy.
You’ll find one that works for you, but here’s an example that works for me. Just in case you were wondering, I won’t be using an actual password. But this will give you a flavor for something you might try. I happen to be a big Beatles fan.
So, a long but memorable passphrase might be something like:
Beatles+yellow-Strawberry
I used my favorite band and references to a couple of their big songs. If I wanted to get a numeral in there, I might replace the S with a 5.
Passwords should also be unique, so that if one is compromised, not all of your accounts are accessible.  Will all of these unique passwords, things could get obnoxious. I recommend using a password manager like LastPass or 1Password.
The way these password managers work is that you remember one strong password that serves as your master password to get into your password vault. From then on, every time you log into a site, it will save the passwords for you. Better yet, because you don’t have to remember the logins, you can have it generate a longer password (say between 16 – 64 characters depending on what the site allows) that is complete random gobbledygook. Then reset your password. This really protects you against brute force attacks.
This article has more information on creating strong passwords.
Two-Factor Authentication
Another excellent way to protect the security of your account is to use two-factor authentication to protect yourself in case your password gets out. When you do this, there’s a two-step process to get into your accounts. Let’s break it down.
The first factor is something you know (e.g. password) or something you are (biometric identification such as face or fingerprint scan). After you’ve given the first factor, there’s a second step that takes place.
The second factor is based on something you have, so typically a phone or tablet device. If you have a mobile app for that particular website, you often get a push notification asking you to confirm login through that app.
Alternatively, there are two-factor authenticator apps like Google Authenticator and Duo Mobile. When you go through the process of setting up two-factor on websites, there will be a QR code (those funny-looking things that look like new age barcodes). You open your two-factor app of choice and scan this with your phone or tablet camera. From then on, it will generate a new random numerical string every 30 to 60 seconds. When you log into websites, you’ll be asked to supply this code.
Another way to get codes on your phone is via text message or even phone call. This works if the website you’re logging into offers no other option, but you should always use apps to log in when it’s available. If someone were to call up and socially engineer the cell phone company to send your text messages or calls to a different SIM card, you would be in trouble.
If you don’t want to enter a code on your phone all the time, a physical device that you simply have in your possession can also work. Consider a YubiKey.
Look for HTTPS
When you provide your credit or debit card information to sites or even simply put in your password, make sure that your information is being passed through in a secure manner. How do you know that?
Different browsers may have slightly different icons, but there will be a green padlock on the left-hand side of the address bar with a green “https” as opposed to the regular “http.” The S stands for secure. You may also see the word secure in the address bar. If you click on this icon, you can get more info on the security certificate itself, who it was issued to and how long it’s good for.
Modern browsers are doing a really good job of clearly marking when sites are not secure and, in many cases, it won’t even let you go to a page with an expired security certificate unless you explicitly allow it, but you should still check for the “https” just in case.
Watch Out for Scams
There are things you can do to protect yourself from being compromised on the net. Here are a couple of tips to help you remain vigilant.
Don’t Fall for Phishing
Be really careful what you click in emails and on the web. A good rule is that if you didn’t ask for it and you don’t recognize it, it’s probably not real. Occasionally, a site will reach out to you and ask you to change your password if they’ve been breached. To check the veracity of these emails, follow these steps.
You’re looking for email addresses that are slightly mistyped in order to mislead (e.g. [email protected]).
Very generic terminology in the email (just talking about your account without giving any identifying details such as the last four digits or having “Dear Sir/Madam,” etc.).
Similarly, if you notice terminology that’s different from the way the business or brand normally talks, that’s a red flag. If the company normally says team members and you see employees, that would be worrisome.
Spelling mistakes are a problem.
If the email displays a sense of urgency and says to input your password or anything else in the next 24 hours, look up the company’s customer service line and call to see if there’s an actual problem with your account. People who phish for personal details are hoping you’ll act without thinking in a moment of worry.
If you are suspicious of any email asking you to log in, it’s best to call a customer service number and verify.
Check the links in an email by hovering over the link to see what pages it actually takes you to. Avoid destinations that don’t seem right.
If the email has an attachment, that can be a way to get viruses and other nasty things onto your computer. You shouldn’t download attachments you don’t expect.
If anything in the mail sounds too good to be true, it probably is.
Be Careful What You Click On
Going along with what’s above, you should also be careful what you click or tap on web pages and in email. If it doesn’t make sense, or is too good to be true, don’t click.
Let’s run through a couple of common schemes.
If you get a pop-up on a website that says you have a virus that they can remove from your computer if you only pay $50, don’t click. You likely don’t have anything if you run even the built-in security software in Windows on its default setting. Android, Mac and iOS also have built-in security measures of their own.
You can also be pretty sure that you didn’t win a sweepstakes or contest that you don’t remember entering. Don’t fall for these ploys to get your personal information.
Protect Your Connection
In addition to vigilant browsing, there are actions you should take to protect your internet connection and browsing history from prying eyes.
Make Sure Your Wi-Fi Is Secure
If you’re on a wireless connection – and in this age of laptops and tablets, who isn’t? – you should make sure that your connection is secure.
The first thing you should do on your personal Wi-Fi is to change the default password for getting onto the Wi-Fi itself. That way no one can guess your password just by working on the side of the router or in the manual.
While you’re at it, you should absolutely change the default administrator password for your router so that no one can go in and mess with the settings to send your traffic through weird places. You should be able to change this in the same place you changed the password to get on the Wi-Fi itself. This is important because sometimes internet service providers (ISPs) value convenience over security to the point where someone could easily get in and mess with your settings. My ISP shall remain nameless, but I was horrified to discover that the username for the router was “admin” and the password was “password.” Yeah, not great.
Tips While Out and About
If you’re out in public, be careful logging into public Wi-Fi, especially if it’s unsecured. If there are no security measures in place, a skilled hacker can insert themselves between you and the website you’re visiting in order to snoop on what you’re doing.
In order to protect yourself, the easiest way is to use your cell phone data connection when you’re out in public. Many laptops and tablets now have the ability to connect to a data network as well. Cell phone providers often have agreements with certain services like Netflix or Spotify so that certain activities don’t count against any potential monthly data cap you may have, but most activity will count. That’s the downside. On the other hand, you’re secure.
In addition to Wi-Fi concerns, be careful using any public charging ports. Ideally, you can bring your own charger to plug into the wall. Don’t use someone else’s cable. Some cables and public charging ports can be compromised so that someone can see the data being transmitted to your phone and potentially send unwanted viruses and other malware back into your phone leaving it permanently compromised. This is called juice jacking.
Make Sure to Download Trusted Apps
You should only download apps and programs you trust because these can be used as vehicles to get viruses and programs that will spy on your activity (spyware) on your system.
On Windows or Mac, you should either download things from the Windows or Mac App Store or directly from the website of the software provider. Amazon is also a big retailer of both Windows and Mac digital downloads. If you’re looking for video games, Steam or Origin are big retailers of PC games.
On mobile, there’s the App Store on iOS and the Google Play Store or Amazon Appstore on Android. Things do occasionally slip through the cracks, but apps on these stores are somewhat vetted. If you have doubts about any particular app or program before downloading it, you should Google it and also check out the reviews.
Be Careful About Publishing Personal Information Online
If you’ve ever signed in to a website for the first time from a new computer or even called the bank about a problem with your account, they’ll do certain things to try to make sure that you’re you.
They’ll ask you security questions. Popular ones might include mother’s maiden name or father’s middle name, but it could also ask about your favorite book or your dream car.
Someone might be able to find records of your family and figure out the name questions, and if you’re like me, your obsession with Harry Potter is well-documented.
If you have accounts that you are concerned about people compromising, maybe you switch up the answers when you’re setting them up online. If you’re using a password manager like those recommended earlier, there is often a place to store secure notes. If you save the answers with the passwords, you’ll have them when you need to access the account, so maybe your mother’s maiden name is actually listed as Windows 95 or a completely random string of characters.
In addition, be careful about listing or giving out things like your phone number, address, Social Security number (SSN) and other sensitive information online. If someone needs to know, make sure you trust the person and message them directly.
Remove Data Before Donating Computers or Devices
If you have a computer or device you’re looking to donate, follow the manufacturer’s instructions to delete your data and reset it to factory settings.
The exact instructions for doing this will vary depending on your device, but you want to make sure this gets done. Manufacturers and makers of all the major operating systems will have documentation on what you need to do. If there’s anything you’re unsure about, you can always contact a friend who’s good with technology to help you out.
Our devices are lasting longer and longer, so it makes complete sense to give a device you’re no longer using to someone who will make good use of it, but you’ll just want to make sure that all of the data is cleared off to protect yourself and make sure it’s ready for the other person.
Hopefully this has helped you think about practical steps you can take to increase your level of cyber security. If you’re looking for more, it’s not a bad idea to also take a look at your backup strategy in order to make sure you have copies of that data you can’t afford to lose.
The post Tips to Secure Your Information Online appeared first on ZING Blog by Quicken Loans.
from Updates About Loans https://www.quickenloans.com/blog/tips-secure-information-online
0 notes
digitalmark18-blog · 6 years ago
Text
Tips to Secure Your Information Online
New Post has been published on https://britishdigitalmarketingnews.com/tips-to-secure-your-information-online/
Tips to Secure Your Information Online
This is certainly up for debate, but an argument could be made that the internet is perhaps the greatest invention of mankind since electricity. We are able to connect to friends and family, find information at the touch of a button and order pizza with a click or even your fingerprint.
However, when you’re surfing the information superhighway, it’s important to be safe. Everything I’ve just described involves a certain amount of your personal information. You don’t want someone getting grandma’s top-secret cookie recipe, finding out what health conditions you have by looking at your Google searches or getting your credit card number when you order a large supreme.
While all of these things could happen if you’re not careful, it’s no reason to turn off your computer and smash it to bits before going to live in a homemade bunker under 6 feet of cement. The internet is too great a utility for that. What we can do is practice a few safe browsing habits.
For the last 15 years, October has been celebrated as National Cybersecurity Awareness Month. Let’s take a look at some ways to protect yourself online.
Keep Computers and Devices Up-To-Date
The biggest thing you can do to protect against flaws in operating systems for computers and mobile devices is to run the latest updates you can when they come out. Apple, Microsoft, Google and other device manufacturers put feature upgrades in these updates, but they also take the opportunity to push important security patches to you.
Criminal hackers then analyze these updates to figure out what the software engineers fixed and work to exploit the flaws in unpatched systems, so it’s crucial to install updates as soon as you get them, especially if they’re labeled as having a security focus.
If you have an older device that can’t be updated to the absolute latest version of the operating system, make sure you’re on the latest version your device can run. You should be able to check for updates within your device settings (often under the general, about or help menus.) If you’re unsure where to check for updates, Google your computer or device. If automatic updates are an option, it’s a good idea to turn them on.
Even if you’re on an older device, check for updates periodically. When features aren’t being updated, sometimes you’ll still get security patches for a period of time beyond when you would receive feature upgrades. Sometimes manufacturers will also release patches for unsupported, older devices if the flaw is considered very serious as well.
Account Security
There are three great ways to make sure your account is secure: biometrics, long and strong passwords and two-factor authentication. Let’s briefly go over these.
Biometrics
Whenever possible, if your device offers biometric authentication, take advantage of it. Biometric authentication relies on a person’s characteristics to verify who they are. Someone would generally have to go to great lengths to get a copy of your fingerprint and transfer it to a medium that will mimic skin enough in terms of heat and texture to fool your phone or computer. These scanners have come a long way. The same applies to facial or iris recognition systems.
It may have once been possible to form these things with a picture, but now device manufacturers like Apple and others are taking advantage of faster processors and a variety of sensor and light techniques in order to get an accurate map of your face in seconds.
Strong Passwords
Having a biometric option available to you will make it easier to have a long, strong password to get into your computer or phone if you only need to type it in every once in a while. Passwords that are 12 characters or higher are harder to crack because it takes longer for even supercomputers to brute force those. Also, you should try to use passwords that you’re going to remember, but that aren’t based on words in the dictionary. It’s pretty well established that “Monkey123” isn’t a great password, but “Chimpanzee123” isn’t much better.
You should also try to use passwords with numbers, symbols and a combination of upper and lowercase letters. If you’re in a work environment where you have to change passwords often, but you want to be able to remember them, it helps to come up with a strategy.
You’ll find one that works for you, but here’s an example that works for me. Just in case you were wondering, I won’t be using an actual password. But this will give you a flavor for something you might try. I happen to be a big Beatles fan.
So, a long but memorable passphrase might be something like:
Beatles+yellow-Strawberry
I used my favorite band and references to a couple of their big songs. If I wanted to get a numeral in there, I might replace the S with a 5.
Passwords should also be unique, so that if one is compromised, not all of your accounts are accessible.  Will all of these unique passwords, things could get obnoxious. I recommend using a password manager like LastPass or 1Password.
The way these password managers work is that you remember one strong password that serves as your master password to get into your password vault. From then on, every time you log into a site, it will save the passwords for you. Better yet, because you don’t have to remember the logins, you can have it generate a longer password (say between 16 – 64 characters depending on what the site allows) that is complete random gobbledygook. Then reset your password. This really protects you against brute force attacks.
This article has more information on creating strong passwords.
Two-Factor Authentication
Another excellent way to protect the security of your account is to use two-factor authentication to protect yourself in case your password gets out. When you do this, there’s a two-step process to get into your accounts. Let’s break it down.
The first factor is something you know (e.g. password) or something you are (biometric identification such as face or fingerprint scan). After you’ve given the first factor, there’s a second step that takes place.
The second factor is based on something you have, so typically a phone or tablet device. If you have a mobile app for that particular website, you often get a push notification asking you to confirm login through that app.
Alternatively, there are two-factor authenticator apps like Google Authenticator and Duo Mobile. When you go through the process of setting up two-factor on websites, there will be a QR code (those funny-looking things that look like new age barcodes). You open your two-factor app of choice and scan this with your phone or tablet camera. From then on, it will generate a new random numerical string every 30 to 60 seconds. When you log into websites, you’ll be asked to supply this code.
Another way to get codes on your phone is via text message or even phone call. This works if the website you’re logging into offers no other option, but you should always use apps to log in when it’s available. If someone were to call up and socially engineer the cell phone company to send your text messages or calls to a different SIM card, you would be in trouble.
If you don’t want to enter a code on your phone all the time, a physical device that you simply have in your possession can also work. Consider a YubiKey.
Look for HTTPS
When you provide your credit or debit card information to sites or even simply put in your password, make sure that your information is being passed through in a secure manner. How do you know that?
Different browsers may have slightly different icons, but there will be a green padlock on the left-hand side of the address bar with a green “https” as opposed to the regular “http.” The S stands for secure. You may also see the word secure in the address bar. If you click on this icon, you can get more info on the security certificate itself, who it was issued to and how long it’s good for.
Modern browsers are doing a really good job of clearly marking when sites are not secure and, in many cases, it won’t even let you go to a page with an expired security certificate unless you explicitly allow it, but you should still check for the “https” just in case.
Watch Out for Scams
There are things you can do to protect yourself from being compromised on the net. Here are a couple of tips to help you remain vigilant.
Don’t Fall for Phishing
Be really careful what you click in emails and on the web. A good rule is that if you didn’t ask for it and you don’t recognize it, it’s probably not real. Occasionally, a site will reach out to you and ask you to change your password if they’ve been breached. To check the veracity of these emails, follow these steps.
You’re looking for email addresses that are slightly mistyped in order to mislead (e.g. [email protected]).
Very generic terminology in the email (just talking about your account without giving any identifying details such as the last four digits or having “Dear Sir/Madam,” etc.).
Similarly, if you notice terminology that’s different from the way the business or brand normally talks, that’s a red flag. If the company normally says team members and you see employees, that would be worrisome.
Spelling mistakes are a problem.
If the email displays a sense of urgency and says to input your password or anything else in the next 24 hours, look up the company’s customer service line and call to see if there’s an actual problem with your account. People who phish for personal details are hoping you’ll act without thinking in a moment of worry.
If you are suspicious of any email asking you to log in, it’s best to call a customer service number and verify.
Check the links in an email by hovering over the link to see what pages it actually takes you to. Avoid destinations that don’t seem right.
If the email has an attachment, that can be a way to get viruses and other nasty things onto your computer. You shouldn’t download attachments you don’t expect.
If anything in the mail sounds too good to be true, it probably is.
Be Careful What You Click On
Going along with what’s above, you should also be careful what you click or tap on web pages and in email. If it doesn’t make sense, or is too good to be true, don’t click.
Let’s run through a couple of common schemes.
If you get a pop-up on a website that says you have a virus that they can remove from your computer if you only pay $50, don’t click. You likely don’t have anything if you run even the built-in security software in Windows on its default setting. Android, Mac and iOS also have built-in security measures of their own.
You can also be pretty sure that you didn’t win a sweepstakes or contest that you don’t remember entering. Don’t fall for these ploys to get your personal information.
Protect Your Connection
In addition to vigilant browsing, there are actions you should take to protect your internet connection and browsing history from prying eyes.
Make Sure Your Wi-Fi Is Secure
If you’re on a wireless connection – and in this age of laptops and tablets, who isn’t? – you should make sure that your connection is secure.
The first thing you should do on your personal Wi-Fi is to change the default password for getting onto the Wi-Fi itself. That way no one can guess your password just by working on the side of the router or in the manual.
While you’re at it, you should absolutely change the default administrator password for your router so that no one can go in and mess with the settings to send your traffic through weird places. You should be able to change this in the same place you changed the password to get on the Wi-Fi itself. This is important because sometimes internet service providers (ISPs) value convenience over security to the point where someone could easily get in and mess with your settings. My ISP shall remain nameless, but I was horrified to discover that the username for the router was “admin” and the password was “password.” Yeah, not great.
Tips While Out and About
If you’re out in public, be careful logging into public Wi-Fi, especially if it’s unsecured. If there are no security measures in place, a skilled hacker can insert themselves between you and the website you’re visiting in order to snoop on what you’re doing.
In order to protect yourself, the easiest way is to use your cell phone data connection when you’re out in public. Many laptops and tablets now have the ability to connect to a data network as well. Cell phone providers often have agreements with certain services like Netflix or Spotify so that certain activities don’t count against any potential monthly data cap you may have, but most activity will count. That’s the downside. On the other hand, you’re secure.
In addition to Wi-Fi concerns, be careful using any public charging ports. Ideally, you can bring your own charger to plug into the wall. Don’t use someone else’s cable. Some cables and public charging ports can be compromised so that someone can see the data being transmitted to your phone and potentially send unwanted viruses and other malware back into your phone leaving it permanently compromised. This is called juice jacking.
Make Sure to Download Trusted Apps
You should only download apps and programs you trust because these can be used as vehicles to get viruses and programs that will spy on your activity (spyware) on your system.
On Windows or Mac, you should either download things from the Windows or Mac App Store or directly from the website of the software provider. Amazon is also a big retailer of both Windows and Mac digital downloads. If you’re looking for video games, Steam or Origin are big retailers of PC games.
On mobile, there’s the App Store on iOS and the Google Play Store or Amazon Appstore on Android. Things do occasionally slip through the cracks, but apps on these stores are somewhat vetted. If you have doubts about any particular app or program before downloading it, you should Google it and also check out the reviews.
Be Careful About Publishing Personal Information Online
If you’ve ever signed in to a website for the first time from a new computer or even called the bank about a problem with your account, they’ll do certain things to try to make sure that you’re you.
They’ll ask you security questions. Popular ones might include mother’s maiden name or father’s middle name, but it could also ask about your favorite book or your dream car.
Someone might be able to find records of your family and figure out the name questions, and if you’re like me, your obsession with Harry Potter is well-documented.
If you have accounts that you are concerned about people compromising, maybe you switch up the answers when you’re setting them up online. If you’re using a password manager like those recommended earlier, there is often a place to store secure notes. If you save the answers with the passwords, you’ll have them when you need to access the account, so maybe your mother’s maiden name is actually listed as Windows 95 or a completely random string of characters.
In addition, be careful about listing or giving out things like your phone number, address, Social Security number (SSN) and other sensitive information online. If someone needs to know, make sure you trust the person and message them directly.
Remove Data Before Donating Computers or Devices
If you have a computer or device you’re looking to donate, follow the manufacturer’s instructions to delete your data and reset it to factory settings.
The exact instructions for doing this will vary depending on your device, but you want to make sure this gets done. Manufacturers and makers of all the major operating systems will have documentation on what you need to do. If there’s anything you’re unsure about, you can always contact a friend who’s good with technology to help you out.
Our devices are lasting longer and longer, so it makes complete sense to give a device you’re no longer using to someone who will make good use of it, but you’ll just want to make sure that all of the data is cleared off to protect yourself and make sure it’s ready for the other person.
Hopefully this has helped you think about practical steps you can take to increase your level of cyber security. If you’re looking for more, it’s not a bad idea to also take a look at your backup strategy in order to make sure you have copies of that data you can’t afford to lose.
Source: https://www.quickenloans.com/blog/tips-secure-information-online
0 notes