by Nancy Pritchard,Moneta Group Marketing and Communications Director
Many of our clients conduct some form of business over the Internet — banking, bill paying, even just shopping. While it is convenient — and certainly a preference for many — the Internet is an increasingly dangerous place for your personal information. According to a Nov. 7, 2012, article in the New York Times by Nicole Perlroth, “It is absurdly easy to get hacked. All it takes is clicking on one malicious link or attachment.” Today, hackers aren’t trying to empty your bank account; they are hoping to sell your information to others on black-market websites where passwords command high prices. In today’s economy, this trade is big business. There are even “how-to” videos on YouTube!
Getting hacked is a real possibility. Accessing your system isn’t difficult for skilled hackers, but they still have to figure out your password. So if you are concerned about Internet safety, it’s time to reset your passwords. Here are some tips from Perlroth’s article, which she gathered from Jeremiah Grossman and Paul Kocher, reformed “hackers” who now provide expertise to Internet security firms WhiteHat Security and Cryptography Research.
- Don’t use real words as passwords. Hackers are able to systematically test passwords against dictionary definitions or amassed data from website violations. If your password doesn’t “hit,” they often move on.
- Don’t use the same password for multiple sites. And never use the same passwords on bank, brokerage or financial sites where personal information is stored that you use on site like LinkedIn or an email provider.
- Longer passwords – ideally 14 or more characters – take longer to crack. How do you remember something that complicated? Use a favorite quote or line from a movie, using only the first letter of each word. For example: WNTMONUMFEYWSAMBPMC. If you can crack that, I’ll take you out to lunch.
- Goof around on your keyboard, hitting the ‘Alt’ and ‘Shift’ keys occasionally, and use the result for especially sensitive accounts. To remember the created password, copy and paste onto an encrypted, password-protected USB drive — and don’t lose it!
- Where you store your passwords is as important as having good ones; never store them in your inbox or on your desktop. If you use an encrypted, password-protected USB drive, it should have a complex password that you can actually remember. By copying and pasting passwords into accounts instead of typing them, hackers will not be able to count the keystrokes, providing another layer of protection.
- So-called “password managers” — password-protection software — let you store your usernames and passwords in one place. Companies that provide this service include LastPass, SplashData and AgileBits. One caveat: The software “lives” on your computer, so if your device is stolen, the passwords are gone. And at a security conference early in 2012, hackers demonstrated the ease with which they were able to crack many popular mobile password managers.
- Watch out for security questions that have a limited set of answers — like your favorite color or first car. Even answers to “Where did you go to middle school?” can be found by hackers on the Internet. By answering your security questions, hackers can reset your passwords.
- Use different browsers (Google, Yahoo, Safari, etc.): one for things you don’t consider important — like news sites or blogs — and a secondary browser for banking or checking email, which you open only for that task and shut down when you’re finished. If you accidentally get caught in a compromised site while browsing for boots, at least your bank account won’t be compromised, too.
- Don’t prolifically share your email address and password. You can use “throwaway” email addresses (10minutemail.com) that self-destruct to register for online accounts.
The time and aggravation involved in setting up difficult-to-crack passwords — and protecting your personal information — will certainly be less than the time involved in sorting out what can be the devastating effects of being hacked. Take the time to create secure passwords; it will provide safety and peace of mind.