Here We Go Again – Hackers

You may have recently heard about a group of Russian hackers that have amassed a collection of over a billion usernames and passwords, and about 500 million email addresses.  This is unfortunately another example of a long list of internet security compromises that have occurred in recent years.

It is fast becoming a fact of life that the websites and computer services we use on a daily basis are not always 100% secure, and may end up being compromised either from the front end or the back end if not both.  When your online account is compromised, it can ruin your usability of a website.  To compound the issue, if you make a habit of using the same password on many websites, the hacker can gain almost instant access to many of your other accounts. So, one website’s vulnerability can make all of your accounts at risk; in turn, it could mean a compromise of your real life as well.

This is why all online security experts, Analytics and other computer security services companies, recommend that you make a habit of using usernames, and especially passwords, that are as different as possible from each other across all the websites you use.  This is especially true with banking websites, or websites that hold important personal or financial information.

Of course, it is not easy to keep track of the dozens of passwords that this results in.  Many people resort to keeping their passwords in an unprotected Word file; which then becomes a huge treasure trove of information if a hacker were to ever get a copy of it. Usually, it not only tells them your password, but also the sites you use that they can then exploit.

An alternative that is strongly recommended by IT Consulting and computer security companies is one of the many password managers that exist in the world, many of which are free to use.  These password managers keep your data encrypted, with the use of a single master password; which is the one password you have to remember and should be as complicated as you can possibly make it while still remembering it.  (Services of this type include: LastPass and Norton Identity Safe, among others)

Being the paranoid sort, I personally prefer a password manager that is not cloud based but instead depends on a file that resides on my computer/server for storing the passwords.  This way the file is under my control as part of my onsite IT services, and can be moved or copied as necessary.  With the understanding that this file should not be emailed around very often to keep it from falling into the wrong hands.  Ideally it is only ever emailed to yourself on the same mail server and never beyond that.  (for example KeePass, and others).

These password managers can also help you create complicated passwords.  Since they remember the password for you anyway, you can let them create passwords on their own that very few humans could ever hope to remember and are much harder to guess.

It is also important to change your passwords on a regular basis, ideally twice a year, and at least once a year.  If you make use of a password manager this process becomes fairly painless.
If you come up with your own passwords you may strongly consider coming up with pass-phrases; which are made up of several words, numbers and letters.  These are easy to remember but can be very difficult to guess (an example would be “I-Lik3_S!tting_On-Pumpk!n$”).

Finally, you may configure your accounts to use something called “Two-step authentication”. This means that when you access your account from a new computer, you have to type in your username and password as usual, and then the website will say “hey, you’re accessing me from a new computer!  Let me send you a short lived text message with a number to verify you’re really you”.  Then you type in a simple number that is texted to your phone, and you are in your account. This process does add a small level of hassle when you first access your account from a new computer; but it makes it incredibly more challenging for someone to hack into your account. They would need to have your phone as well as your password to be able to get in; basically making your account as close to hack proof as is possible these days.

As always, it is important to keep up with the anti-virus of your computer system; something an on site IT Support company such as Analytics can assist with.  Since any efforts you make to keep your passwords complicated and varied won’t mean very much if you have a virus on your computer that is simply copying and transmitting everything you type. (yes these are real)

With these steps in mind, we can make progress in keeping our online accounts safe from hackers.  At least until passwords are finally done away with; but that is an article for another day.

*-Analytics does not recommend any particular password manager or managing service, merely mentioning their existence for informational purposes