After Mat Honan’s epic hacking thanks to ridiculously insufficient security measures from Apple and Amazon, a few security matters must be mentioned. These are not the usual online advice you can pick out from an online search.
Passwords – Longer, Not Complicated
People often believe that a password that looks complicated will withstand brute force attacks better. That’s a myth. The password ‘%^a39&4(1ja$ph*ad34a$~q’ is no stronger than ‘IAte13BurgersForDinner=p’. A strong password needs to have symbols, numbers and alphabets but it doesn’t mean you have to make something completely obscure. Pick a long password that makes sense to you (so that you can remember) and it will be sufficient. The longer the better.
Secret Questions – Really Secret?
When you forget your password, you are asked for your secret question. What is hilarious is that most of the pre defined questions are really easy to guess. Here are the common ones:
Truth is – Most of this info can be found online, usually via facebook. In other words, an intruder doesn’t need your password. He just needs to look up public details about you to get into your account.
Where possible, do not use a secret question. If you absolutely have to, try to create a custom one. If you can only pick from the general types, memorize a unique answer that no one can ever guess. Remember, your answer doesn’t have to answer the ‘secret’ question.
Remember, your answer doesn’t have to answer the ‘secret’ question.
Password Retrievals – The Treasure Trove
When you forget your password, a password reset process is sent to your email. And nearly everyone directs this to their personal email. What this means is that getting into your personal email is sufficient for anyone to take over your entire digital life. Once inside your personal email, the intruder simply sends password reset requests to each service and he can rewrite everything you have online.
To prevent this, register a secret email that no one will ever know (besides you of course). Use this as the account where passwords are sent to. This account has to be completely secure. I suggest using a Gmail account with Google’s 2 factor authentication. 2 factor authentication is a pain but it wipes out the chance of that one account from being open to most intruders. That one account has the keys to everything else online, so its worth keeping it really safe.
Domain Users – Your Physical Address is Public
Sometimes you can get a password to be reset over the phone if you can provide information such as your billing address. For most people, their billing address is the same as their home address and this info can be easily gleaned off WHOIS for domain owners. Domain registrars often display the billing address of domain owners on WHOIS sites. The key here is to change it and use an alternate address.
When Unsure – Enter the Wrong Password
Spoofing used to be easy to detect but scammers have caught up to speed and certain spoofs are really well made. There is an easy way to beat this. Whenever, you are unsure about the legitmacy of the site you are entering your password – just key in a false one. A spoofing site will accept whatever rubbish you type because they are just out there to collect info. If the site accepts your purposeful wrong password – it’s a spoof. And you’ve just beaten it without any fancy software.
Human Stupidity – Think Twice
People often link online security to having the good software protection. Software protection is important but there is no software that protects you from human stupidity. The greatest loophole in your online security comes from the one sitting in front of your screen.
Software protection is important but there is no software that protects you from human stupidity.
The solutions here are all plain logic that anyone can do. Think twice before doing anything online especially when it involves information you wish to keep secure.