Password management & Online safety

Password Management


If you're reading this blog, then you know how to use the internet. At the very least you have figured out some sort of browser (Google, Firefox, Explorer...) and how to navigate to different web pages. Good for you! Now it is highly likely you also use the internet for other things, like email, entertainment, gaming, news, information gathering, and maybe banking/finances. And it is also likely that you are a member of at least one website that requires a password. Maybe your computer itself requires a password before you can unlock it to use it. As promised in "How to Set up an Online Bank Account", here is my limited knowledge and copious research on internet safety & password management.

The 'Do' List

It is highly recommended to use both upper and lower case letters, as well as sprinkling in some numbers and symbols. The more characters, generally the safer the password, because it will take even a computer program a longer time to figure out. Although, according to the comic by XKCD, this may be a flawed recommendation...
Image from the fantastic comic, XKCD

The 'Do-Not' List

Hopefully by now, all savvy internet users have hear that the most commonly used passwords are super easy for cyber-criminals to guess. Using something like "Password" "123456" or "ABCDEFG", even with some variations like Pa$sw0rd" or "AbC123" is a terrible idea. It is also not great to use names (of anyone, real or fictional), really any proper nouns, common numbers (like pi) or important dates. These types of things are easily guessed, especially if the person wanting your data is acquainted with you. You should also avoid common phrases like "a penny saved a penny earned", any keyboard patterns (like qwerty) or passwords someone could easily guess should they see you type it. The MIT computer science department has a great page all about the dos and don'ts of good password creation. And NetForBeginners has some good extra links to different sites that offer more tips and safety features.

Image from DoingFamilyRight
As Gina Trapani of Geek to Live said: "A secure, memorable password is easy for you to remember, and hard for others to guess." Ms. Trapani also wrote an article about how to "Secure Your Saved Passwords in Firefox" which allows folks with terrible memories (like yours truly) to save passwords to commonly visited sites so the site automatically fills them in for you. More helpful sites the Geek to Live article pointed to is the password generator bookmarklet which generates passwords for individual sites based on a 'master' password you give it, and a video from John Udell on how to use this application.   

Online Safety

Everyone locks their door when they get out of the car. Everyone locks their apartment or home when they are elsewhere. We all probably have a passcode on our smart phone, a lock on our bike, overdraft protection, life insurance, home-owners insurance, and on and on. It's a human instinct to want to feel safe, secure, protected. However, since the internet has become so ubiquitous, it is easy to be lulled into a sense of security. We use the internet every day, to check email, sports updates, weather, GPS, find a restaurant, connect with friends and family, and much more. It's easy to forget that these multiplicitous devices leave us vulnerable to internet security problems like phishing, malware, and identity theft. The National Cyber Security Alliance has a great website, StayingSafeOnline.org, you can check out for detailed information.

Phishing

"Phishing" is the term for hackers trying to get your passwords directly from you by using deception. Internet criminals have become very knowledgeable about forging legitimate-looking emails. The email may look like it came from a financial institution, claiming something has gone wrong with your account, or a feature will expire if you don't act now. They get you to click on a link or go to a site and input your login information. You think this site is legitimate, not knowing that now your private information is in someone else's hands until it is too late. 
Image from Hoax-Slayer

There are a few things you can do to protect yourself from these types of scams. 
1. Do not open any email attachments from addresses you do not recognize
2. Enable filters and spam-detection in your email box
3. NEVER give passwords or login information over email to anyone
4. Report any spam or phishing to the site or email provider it happens on
5. Check the URL. If it's anything confidential or financial, it should be "HTTPS" for "secure"

If anything from a financial institution ever seems fishy, call up the bank or investment house directly and ask if it is legitimate. Far better to ask them and get confirmation that your account does in fact need attention than to lose control of your account.

Malware

Malware is a smash-up of "malicious" and "software" and is exactly what it sounds like. Malicious software gets onto your computer and goes about wrecking everything. Most often they are designed to give the creator some sort of access to your machine or its contents. A virus is simply a piece of code that you have to "catch" from an unsafe source or USB drive. It then spreads to any other internet devices your computer talks to. 
Image from Hyphenet

The next level above a virus is "spyware" or "adware". These programs can download themselves onto your computer, even without you being aware of it. All you have to do is visit an unsafe site without a spyware blocker program installed, and Ta-Da! Adware. These programs can be as harmless as forcing your computer to open ads you don't want, or as dangerous as stealing your passwords and compromising your accounts. 

The final level is "botnets". This is a network of computers infected by malware that are being controlled remotely by the creators of that malware. Sometimes called "zombies", these infected computers can be used to launch attacks on other computers or websites without the machine's owner knowing. The infected zombie computers receive commands from the cyber-criminals, and do whatever they are told. Most often this is for financial gain and/or to harvest information like credit cards, passwords, social security numbers, etc. This data is then used for further malware distribution, spamming, fraud, and identity theft. For more information on botnets, visit the STOP. THINK. CONNECT. Keep a Clean Machine Campaign.

ID Theft

Speaking of identity theft... it's an awful thing to happen, it can wreck your credit score, keep you from obtaining car or home loans, cause doubt from financial institutions, and in general is a big headache. Don't let it happen to you. 
Image from Dunwoody Police Department

1. Instal protective software like virus protection, malware detection, etc.
2. Collect any and all evidence, like receipts, checks, emails, etc.
3. If cybercrime happens to you, report it (see below)

Who to tell? 
First of all, the local police department is obligated to assist you, write up a report, and involve other agencies if appropriate. Many areas also have a local victim's service provider, which can provide information, advocacy, and even emotional support. You can check HERE to see if there is one near you. On a higher level, the Internet Crime Complaint Center (IC3) will review complaints of any degree and refer it to the appropriate level of law enforcement or regulatory agency that can help. IC3 is a partnership between the Federal Bureau of Investigation and the National White Collar Crime Center. Complaints may be filed online at http://www.ic3.gov/default.aspx

Finally, the FTC (Federal Trade Commission) does not evaluate individual complains, but they operate the Consumer Sentinel, a secure online database used by law enforcement agencies worldwide. File your complaint at https://www.ftccomplaintassistant.gov/FTC_Wizard.aspx?Lang=en. Victims of identity crime may receive additional help through the FTC hotline at 1-877-IDTHEFT (1-877-438-4388); or the FTC website.

For more information and specific advice for situations involving fraud and ID theft, go to StaySafeOnline. You can also check out this LinkedIN article from Microsoft's Chief Online Safety Officer.

...

This is not to discourage you from using the internet. "An ounce of prevention is worth a pound of cure" sure rings true here. All it takes is some common 'net smarts and maybe an anti-virus software to ensure the basics of protection for your devices. Hope you learned a little something, now be safe and get out there surfin'!

Labels: , , , , , , , , , , , ,

Budget Epicurean: Password management & Online safety

Thursday, March 20, 2014

Password management & Online safety

Password Management


If you're reading this blog, then you know how to use the internet. At the very least you have figured out some sort of browser (Google, Firefox, Explorer...) and how to navigate to different web pages. Good for you! Now it is highly likely you also use the internet for other things, like email, entertainment, gaming, news, information gathering, and maybe banking/finances. And it is also likely that you are a member of at least one website that requires a password. Maybe your computer itself requires a password before you can unlock it to use it. As promised in "How to Set up an Online Bank Account", here is my limited knowledge and copious research on internet safety & password management.

The 'Do' List

It is highly recommended to use both upper and lower case letters, as well as sprinkling in some numbers and symbols. The more characters, generally the safer the password, because it will take even a computer program a longer time to figure out. Although, according to the comic by XKCD, this may be a flawed recommendation...
Image from the fantastic comic, XKCD

The 'Do-Not' List

Hopefully by now, all savvy internet users have hear that the most commonly used passwords are super easy for cyber-criminals to guess. Using something like "Password" "123456" or "ABCDEFG", even with some variations like Pa$sw0rd" or "AbC123" is a terrible idea. It is also not great to use names (of anyone, real or fictional), really any proper nouns, common numbers (like pi) or important dates. These types of things are easily guessed, especially if the person wanting your data is acquainted with you. You should also avoid common phrases like "a penny saved a penny earned", any keyboard patterns (like qwerty) or passwords someone could easily guess should they see you type it. The MIT computer science department has a great page all about the dos and don'ts of good password creation. And NetForBeginners has some good extra links to different sites that offer more tips and safety features.

Image from DoingFamilyRight
As Gina Trapani of Geek to Live said: "A secure, memorable password is easy for you to remember, and hard for others to guess." Ms. Trapani also wrote an article about how to "Secure Your Saved Passwords in Firefox" which allows folks with terrible memories (like yours truly) to save passwords to commonly visited sites so the site automatically fills them in for you. More helpful sites the Geek to Live article pointed to is the password generator bookmarklet which generates passwords for individual sites based on a 'master' password you give it, and a video from John Udell on how to use this application.   

Online Safety

Everyone locks their door when they get out of the car. Everyone locks their apartment or home when they are elsewhere. We all probably have a passcode on our smart phone, a lock on our bike, overdraft protection, life insurance, home-owners insurance, and on and on. It's a human instinct to want to feel safe, secure, protected. However, since the internet has become so ubiquitous, it is easy to be lulled into a sense of security. We use the internet every day, to check email, sports updates, weather, GPS, find a restaurant, connect with friends and family, and much more. It's easy to forget that these multiplicitous devices leave us vulnerable to internet security problems like phishing, malware, and identity theft. The National Cyber Security Alliance has a great website, StayingSafeOnline.org, you can check out for detailed information.

Phishing

"Phishing" is the term for hackers trying to get your passwords directly from you by using deception. Internet criminals have become very knowledgeable about forging legitimate-looking emails. The email may look like it came from a financial institution, claiming something has gone wrong with your account, or a feature will expire if you don't act now. They get you to click on a link or go to a site and input your login information. You think this site is legitimate, not knowing that now your private information is in someone else's hands until it is too late. 
Image from Hoax-Slayer

There are a few things you can do to protect yourself from these types of scams. 
1. Do not open any email attachments from addresses you do not recognize
2. Enable filters and spam-detection in your email box
3. NEVER give passwords or login information over email to anyone
4. Report any spam or phishing to the site or email provider it happens on
5. Check the URL. If it's anything confidential or financial, it should be "HTTPS" for "secure"

If anything from a financial institution ever seems fishy, call up the bank or investment house directly and ask if it is legitimate. Far better to ask them and get confirmation that your account does in fact need attention than to lose control of your account.

Malware

Malware is a smash-up of "malicious" and "software" and is exactly what it sounds like. Malicious software gets onto your computer and goes about wrecking everything. Most often they are designed to give the creator some sort of access to your machine or its contents. A virus is simply a piece of code that you have to "catch" from an unsafe source or USB drive. It then spreads to any other internet devices your computer talks to. 
Image from Hyphenet

The next level above a virus is "spyware" or "adware". These programs can download themselves onto your computer, even without you being aware of it. All you have to do is visit an unsafe site without a spyware blocker program installed, and Ta-Da! Adware. These programs can be as harmless as forcing your computer to open ads you don't want, or as dangerous as stealing your passwords and compromising your accounts. 

The final level is "botnets". This is a network of computers infected by malware that are being controlled remotely by the creators of that malware. Sometimes called "zombies", these infected computers can be used to launch attacks on other computers or websites without the machine's owner knowing. The infected zombie computers receive commands from the cyber-criminals, and do whatever they are told. Most often this is for financial gain and/or to harvest information like credit cards, passwords, social security numbers, etc. This data is then used for further malware distribution, spamming, fraud, and identity theft. For more information on botnets, visit the STOP. THINK. CONNECT. Keep a Clean Machine Campaign.

ID Theft

Speaking of identity theft... it's an awful thing to happen, it can wreck your credit score, keep you from obtaining car or home loans, cause doubt from financial institutions, and in general is a big headache. Don't let it happen to you. 
Image from Dunwoody Police Department

1. Instal protective software like virus protection, malware detection, etc.
2. Collect any and all evidence, like receipts, checks, emails, etc.
3. If cybercrime happens to you, report it (see below)

Who to tell? 
First of all, the local police department is obligated to assist you, write up a report, and involve other agencies if appropriate. Many areas also have a local victim's service provider, which can provide information, advocacy, and even emotional support. You can check HERE to see if there is one near you. On a higher level, the Internet Crime Complaint Center (IC3) will review complaints of any degree and refer it to the appropriate level of law enforcement or regulatory agency that can help. IC3 is a partnership between the Federal Bureau of Investigation and the National White Collar Crime Center. Complaints may be filed online at http://www.ic3.gov/default.aspx

Finally, the FTC (Federal Trade Commission) does not evaluate individual complains, but they operate the Consumer Sentinel, a secure online database used by law enforcement agencies worldwide. File your complaint at https://www.ftccomplaintassistant.gov/FTC_Wizard.aspx?Lang=en. Victims of identity crime may receive additional help through the FTC hotline at 1-877-IDTHEFT (1-877-438-4388); or the FTC website.

For more information and specific advice for situations involving fraud and ID theft, go to StaySafeOnline. You can also check out this LinkedIN article from Microsoft's Chief Online Safety Officer.

...

This is not to discourage you from using the internet. "An ounce of prevention is worth a pound of cure" sure rings true here. All it takes is some common 'net smarts and maybe an anti-virus software to ensure the basics of protection for your devices. Hope you learned a little something, now be safe and get out there surfin'!

Labels: , , , , , , , , , , , ,

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home