Copyright © 2012 Richard Beaty
Last month, Yahoo became the latest big time victim to be hacked, resulting in 450,000 email addresses WITH PASSWORDS being pilfered and PUBLISHED. Do you have a Yahoo email address? If so, yours may be one of the ones that has been compromised? If you’ve been around the Internet very long, chances are you’ve known someone whose email address has been stolen, possibly even your own.
Email addresses are bad enough, but there are worse things that you can have hacked: like your online banking or credit card account, for instance; or maybe your Amazon or Ebay account, where you have payment preferences saved; or any number of other Websites containing sensitive, personal information.
So, how do the bad guys get access to your online accounts and what can you do to stop it?
One of the ways people get your username and password for an account is to simply ask you for it … and you give it to them. In what’s called a “Phishing” scam, you may receive an email from someone masquerading as a source you trust. Usually you’ll be referred to a fake Website that has been designed to look like the entity they are pretending to be. You may be asked for credit card numbers, usernames and passwords, or any kind of sensitive information. If you respond, you’re toast. KNOW THIS … no reputable company will ask you for your secure information in an email. If you get such an email, delete it immediately.
Another way of gaining fraudulent access to your accounts is just by trial and error. Automated bots can make “guesses” for your password, and if they hit it right, your account opens up. It may seem unlikely that someone could get a hit on your password this way. If you’re using good password practice, it is unlikely. But do you know what one of the most popular passwords is? “Password” … yes, the word “password” is often used to “secure” sensitive accounts. Other popular passwords: 12345678, welcome, abc123, qwerty, etc. You can be sure the bad guys have a whole database of these commonly used words and sequences, and “guessing” for them simply means rotating through their database of commonly used passwords till they get a hit.
Finally, login information is all too frequently obtained from hacked databases, as happened recently with Yahoo. And if they obtain a login sequence from one of these databases, you can be sure they will be trying it for bank accounts, credit card accounts, and everything else they can think of.
So how do you protect yourself?
First: use long and random passwords that will be hard to guess. Second: don’t use the same password for everything, so that if one account should be hacked, they won’t get your password to everything else.
That sounds easy, but how in the heck are you supposed to remember all those passwords?
There are software programs and browser utilities that can generate random and secure passwords for you, and apply them automatically when you go to login to an account. That works when you are at your own computer where you have these things installed. But, when you are traveling or otherwise don’t have access to your own computer, you also will not have access to your passwords. So the best way is to have a standardized secure system that is highly coded, but easy for you to remember. Here’s just one system to give you an idea. Feel free to personalize this as you wish.
Secure passwords will have a mixture of upper and lower case letters, numbers, and symbols (# $ * ! etc). Here’s a simple 3-step process which will lead to a secure password sequence that will be hard for an automated system to generate, but will be easy for you to remember.
- Develop a standard secure sequence. Start out with a word or phrase that you will remember, say: “i love saddlebrooke” for example.
- Now mix up capital letters and substitute numbers that are similar in appearance to the letters they replace; ilovesaddlebrooke becomes i10ves@DD!e8rook3 (substitute the number “1” for the letter “l” in love, the number “0” for the letter “o” in love, the symbol “@” for “a”, capitalize the two d’s, substitute the symbol “!” for the letter “l”, “8” for “B”, and “3” for “E”. This is only an example, of course, and you don’t have to go to quite the substitution extreme of this example. But you get the idea. The longer your sequence and the more you mix it up, the harder it will be for an automated bot to come up with a hit.
- Now make your password unique for each site, so if your password does somehow become compromised for one site, they won’t have automatic access to everything you have. To do this, just add an abbreviation of the site to your standard sequence. I like to put the site abbreviation somewhere in the middle of the password. Let’s standardize on a 3-letter site abbreviation and place it right after the word “love” …
- Example for Amazon password: i10veAMAs@DD!e8rook3
- Example for Ebay password: i10veEBAs@DD!e8rook3
- Example for Visa account: i10veVISs@DD!e8rook3
There you have it. I’ve got a long, secure and unique password for every one of my accounts. And, I can remember it. Believe me, before any password cracking system could come up with my i10veAMAs@DD!e8rook3 sequence, they’d move on to someone who was using “12345678” … and they would find them.
Now go login to all your accounts (before someone else does) and change all your passwords.