Bookmark and Share

The Internet: Passwords and protection

Last week we discussed common Internet scams and if you’ve avoided those, you still need to shore up your system in order to take reasonable measures to ensure your identity is safe and your system doesn’t become compromised.

Immediately, password protect your system. Although this is essential for a networked system, it’s also important for a single system. Even if you just have one computer, you’re potentially putting a huge obstacle in the way of a hacker.

Yes, it’s a hassle, having to log on to your system every time you boot up your computer but it’s well worth the five or 10 seconds required to type in your password. The thing is, most hackers are impatient — they don’t want to spend the time it takes to guess your password to grab your banking/credit card information; they’ll move onto easier prey.

The thing is, if you’ve downloaded a Trojan — giving access to your system from a hacker — he needs to gain permission from your computer to get at your files (or upload a keylogger — a program that logs all your keystrokes, including credit numbers or passwords). Your system’s password, provided it’s clever enough (see below), will prevent the hacker from gaining access to your system. He can see what’s coming in, but he can’t see what’s going out because his program only has limited capability; your password protected system has ensured that, and he doesn’t have the time or inclination to try and figure out how to gain total access.

If you’ve networked two or more computers, set unique passwords on any systems on your net. Again, see below. Furthermore, disable file-sharing and printer-access for all computers on your network (consult “Help” if you’re a Windows user and type in “disable file sharing” in the search box, you’ll be walked through the process). Enabling file-sharing or printer access allows global access to your system — and any information you have stored there. If someone on your network needs access to your files or needs the printer, you can temporarily provide access. Otherwise, keep it shut down, for your own protection

Next, create different passwords for every account. If you’re certain your system has not been compromised (by a virus, Trojan or other spyware), change all your passwords, immediately.

First of all, if you’re using the same password for all your accounts (because it’s easy to remember), it’s also a password that a hacker can use to gain access to those accounts. Secondly, your password is probably based on your birthday, anniversary date, your dog’s name — something easy enough for a hacker to figure out, given information available on the Internet (outgoing e-mails, Facebook pages, profiles, etc.). Most hackers are adept at so-called “social engineering” i.e. merely getting personal information by asking the right questions. Therefore, you don’t want to create passwords that can be easily determined from information you’ve posted anywhere on the Internet.

My suggestion is to use numbers and letters in your password that a hacker wouldn’t normally have access to: Your license plate numbers and letters, your high school GPA along with your phone number at that time, whatever involves a combination of letters and alpha characters that you can use and reasonably recall.

Most accounts allow alpha and numeric characters and are case sensitive. For instance, if I was to create a password based on my SUN e-mail address (jim@pagosasun.com), I’d throw in numbers to represent letters and add in capital letters, i.e. j1MatPag05a5un.

Obviously, I wouldn’t use that password; my information is easily available on the Internet and hackers use programs that create multiple permutations of that information, thousands within a second. The point is, you need to mix up numeric and alpha characters — of any design you want — with upper and lower case alpha characters primary in your mix.

If you need to, write all your passwords down and file them (an index card works well), and tape it to the bottom of your desk drawer, stick it in your Bible, keep it somewhere where only you know where it will be. The point is, create a different password for every account (that matters): bank accounts or anything you pay online (including online shopping accounts, Amazon, Macy’s, Overstock, eBay, et al).

If you’re convinced that your system is clean, create a notepad file of your passwords. What this does is, A) creates a file of all your passwords (so you can access them) and B) allows you to copy/paste passwords into your accounts such that, if you have been infected (after you created the file), hackers can’t determine what your passwords/account or credit card numbers are since those numbers are (usually) logged by keystrokes (to copy/paste in Windows, double-click your mouse on the string of characters to highlight (or hold down “Shift” and drag the cursor across your password), press Ctrl+c then, placing your cursor in the notepad/Word file, press Ctrl+v; Ctrl+c copies your password, Ctrl+v pastes it into your file.

Given that you’ve outwitted the hackers (you’ve set system passwords with alpha/numeric characters and changed up cases, disabled file and printer sharing, consistently updated your AVS, run spyware scans on a regular basis, etc.), you should be tight. With an exception.

If you’re prone to using WiFi at your local coffee shop, all bets are off. Never, ever enter in personal information while you’re on a public network. Sure, that jacket on eBay looks nice, but wait until you’re home before you enter in your information. Same thing about checking your balance with your bank — don’t do it on a public WiFi system. You’re compromising your personal information for the sake of convenience or being in the midst of some shopping jag. Do. Not. Give. In.

Even if your laptop has been password protected, everything you type can be snagged on a public network. Resist the temptation to shop online (or check your bank account) while in public.

However (and this is a reluctant caveat), if you’re copying and pasting passwords from your notepad/Word file, you’re fine.

From time to time we’ll follow up with suggestions for where you should go on the Internet (for safety or just for fun), but for now, you should remember these simple steps to ensure a safe and trouble free Internet experience:

• Don’t download anything in e-mail attachments unless you’ve verified they’re from a source you trust; e-mail your friend/relative to confirm they meant to send the file;

• Don’t click on any links from anyone you don’t know — see the above advice;

• Nothing is free: Anyone offering you money on the Internet is just trying to take your money, plain and simple;

• Avoid offers for free gift cards, products, etc., again, nothing is free;

• Set a password on your system, even if it’s just a single computer — you’ve stopped them from gaining full access to your system; if you have a home network (or a business network), set a unique password on every computer within that network;

• Set a unique password for every account you have and mix it up with numbers and alpha characters, upper and lower case. Most passwords are case-sensitive and the fact that you’ve bothered to use upper and lower case letters will confound almost all hackers;

• Put those passwords into a note/Word file and copy/paste them as needed to confound any keylogging software that might be on your system or otherwise hacked;

• Don’t use birth dates, anniversary dates, kids’ names, pets’ names or anything else that a hacker can determine from public accounts; be original.