- Internet & the Web»
- Viruses, Spyware & Internet Security
Complex Passwords Made Easy
Easy Tips to Remember Complex Passwords
As a 20 year IT professional, permit me to share a few high leverage, low effort online security tips which could materially improve keeping your online activity secure from prying cyber eyes.
Password security: This is basic for everyone, and yet many online account holders are too cavalier about this. I share three "thinking out of the box" tricks here which offer both tough security and ease of use.
What to expect from online system service providers: Extra security features which system service providers should make available but are not actively promoted, or are insufficient, or are not offered at all.
ID theft protection resources: How to enhance your online security with commercial resources, and what official channels to go through if your online security is compromised.
Password Protection Tip 1
A web search on "common passwords" quickly reveals passwords easy for intruders to guess, such as: password, 123456, children\pet names, etc. More examples available on the following link: http://www.dailymail.co.uk/sciencetech/article-2223197.
The more complex a password is, the more securely it blocks intruders from accessing your online accounts. While that is a given, complex passwords are not always practical because they are also easy to forget by the account owners themselves. This module shows you how to benefit from complex passwords with a few simple tricks to make doing so practical.
A simple way to remember complex passwords is to think of a brief phrase for something really like or hate. If you hate eating broccoli, try "nobroc4me"or "br0ccsuxx". Or, if you'd love a new car, try "dump01dcar", or "1wannacar". Passwords are private, so you can use slang, humor, expletives, off-color, something crazy, or basically anything which might raise an eyebrow if made public. The more weird password is to others, the tougher it is for outsiders to guess. And yet, that same weirdness causes the password stand out in your mind and makes it easier to remember.
Online access authentication systems often require including numbers, mixed upper\lowercase, and\or non-alpha characters in passwords. A common practice is to use numbers or special characters which resemble letters (examples: 1 = i or l, 3 = e (reversed), @ = a, $ = s). When you make a habit of this, it becomes second nature. Using character substitution is more secure, however the example conventions above are somewhat common, so if you want to take the same idea to the next level, try Tip 2.
Norton System Protection Software
Anti-phishing, and detects\removes viruses and other malmare. Scans all downloads. Share files without spreading viruses. Update, install and resolve issues from Norton's management system on the cloud.
Password Protection Tip 2
This tip uses the keyboard as your own personalized encryption tool. All you do is make a mental rule to substitute each character in your new password with another character in a consistent location relative to it on the keyboard. With this tip, even simple passwords automatically have their complexity upgraded because entering substitute characters pseudo-randomizes anything. The QWERTY keyboard is assumed here, but the same concept applies to any keyboard configuration. Suppose your password is "bicycle", and your rule substitutes each letter with the one to its left on the keyboard. In your mind you enter "bicycle", but while typing you hit to the left of each letter and get "novuvar". Note that exceptions occur where no letters are to the left, such as with "bicycle" and letter "l". Just wrap around to the first letter on the same keyboard row and grab the "a". One can be as creative with substitution rules as one likes but for this demonstration it was kept simple.Your keyboard is the ultimate cheat sheet, right under your fingers. Thus, following substitutions rules while typing is easy to keep track of both visually and hands-on.
Kaspersky System Protection Software
Downloads most current version. Features real-time and cloud technology detection of emerging unknown threats on files, applications and websites. Online banking and commerce protected with Safe Money option.
Online Protection - Tip 3
Should you experience intrusive scripts (malware, spyware, adware, trojans, viruses, etc.), it may not be immediately apparent. You may then be at risk of your key strokes being logged without your knowledge in an attempt to steal passwords, credit card info, bank account numbers, social security numbers, etc. Should you become aware of such an intrusion, your first course of action is to quickly scan, disinfect, and remove any offending scripts of this kind. There are several recommended software packages featured in this lens which perform these functions quite well and come bundled with a variety of proactive detection tools.
If you have no online security software, or even if you do, an additional layer of protection can be easily added by using the following simple trick. It is a good idea to get into the habit of doing this routinely because even if you are bitten by a malicious keystroke logger, the resulting log files will not display in expected format to the intruder.
To reduce the risk of key logger security compromise, enter your passwords, and\or other confidential data, out of sequence. For example with password "abc789xyz":
(1) type "xyz",
(2) click mouse in front of entered text and type "abc",
(3) click in the middle of 6 entered characters and type "789".
The key logger reads the password out of sequence as: "xyzabc789". In doing this, you created the illusion of a data shredder to the key logger, while preserving the data in sequence for yourself. To catch on to this, key logging scripts would have to adjust for mouse navigation, and try reconstructing data by testing a variety of fuzzy logic permutations. That's a tall order. Theoretically, a brilliant malicious script writer could find a work-around for most such counter measures, but, like a dumpster diving ID thief who encounters shredded documents, the most likely scenario is that the thief moves on to an easier mark elsewhere.
ID Theft Resources
SSL encryption (i.e. secured websites prefixed with "https") is a quite robust industry standard. However, most online ID theft gets around SSL using "social engineering" to exploit everyday human procedural flaws. Social engineering may also be referred to as "spoofing" or "phishing", but the common thread is deception though impersonation. It is typically done via phone or email and requires knowledge of only basic info such as birth date, social security number, address, account info, or logon ID for contact with the average online system provider's customer service department to pass as routine.
To combat this, ideally, all system providers should offer secure ID technology such as RSA, or comparable security features. These are key chain sized gadgets, or mobile device software, which generate random numbers at short intervals (in the 60 second range) for appending unto one's password. Without this random number, even if an intruder managed to steal your password, they could not access your system via the front end web logon screen. For more on this technology, please refer to the following link:
Unfortunately, some system providers offer secure ID protection online, but ignore it for verification when calling their customer service department for a password reset. This then opens an intrusion vulnerability for the fraudulent social engineer. In the absence of secure ID verification such as RSA, there should at a minimum be a security question, or questions, in place which only the account holder knows the answer to. Sadly, even this feature is not always offered by system service providers when calling their customer service dept. If you are not currently using these options through your system service providers, make inquiries to find out if these options are available. The security question feature should not cost extra, but the secured ID might. If no such options exist, and it is feasible to for you to do so, consider taking your business elsewhere.
Because ID theft damage is often financial, financial institutions will generally have policies in place to cover losses incurred on systems they are responsible for. Make sure you confirm the financial institutions you do business with confirm such policies in writing prominently on their websites, account application forms, etc. and review these policies for verbiage which is overly conditional. This is you primary means of recourse should you become the victim of ID theft. Beyond that, there are various resources to shield yourself proactively from ID theft, and\or get the situation remedied should you become a victim. A list of helpful links is listed below:
Lifelock ID theft prevention\insurance
Online ID Theft Protection Info Resource:
Malware Software Protection (free starter downloads and commercial upgrades):
Debate over "Public Service" Hacking.
There are hacker cooperatives which break into systems to demonstrate security flaws without doing anything malicious for the sole purpose of alerting the system owners and the public of the security flaw. There is no debating that breaking and entering is illegal, however, a case can be made that the public is served by innocuous system hack alerts if\when the system owners are not providing sufficient security to protect system users.
Can a public service case be made for non-invasive hacking?
Feel free to share your persinal security tipe and tricks here
© 2013 Vortrek Grafix