I have a question. How does one avoid getting hacked? The advice is always to change your password, but shouldn’t a good password be as good as any new password you create…until it gets hacked. In other words, isn’t changing a password irrelevant until you have been hacked?
The reason “they” say to change your password regularly is that your password may have been compromised but you don’t know it yet. If you change your password regularly, you can thwart an upcoming attack. OTOH, the downside is that if you change it too often you start to forget what password you changed it to this time. I’m not a big fan of frequently changing passwords. I prefer to be smart about how I select and protect my passwords.
1) Make sure your computer software is up-to-date, fully patched. Most computers aren’t updated regularly.
2) Make sure your anti-virus is up-to-date. You should be updating it daily. Many people use a pay anti-virus service then stop paying when it comes up for renewal, and become vulnerable to the latest attacks.
3) Make sure your email login is secure. If you use POP, ask your ISP if they support POP on port 995, and then get instructions on how to configure your software to use port 995 with your ISP. If you check email by using a browser to connect to a webpage (aka webmail), bookmark the secure login page (uses https so that your password is encrypted when sending it to the server).
4) NEVER login to your email on a public computer, unless you know they have taken appropriate steps to prevent viruses and keyboard loggers. Internet cafes in less developed countries (Mexico and South America, Africa, Eastern Europe, China, etc.) are notoriously unsafe. The internet cafe system I used in London a few years ago was safe – they reinstalled the operating system from scratch with each new user so a previous user couldn’t accidentally or maliciously infect the machine and leave it in an infected state for the next user.
If you plan to travel to a remote area and use the local internet cafes to check your email, a work-around is to setup a temporary gmail account that then gets your email from your ISP. If your gmail account password is hacked they have access to your email but you can call your ISP and change the login for your email on the ISP and gmail will no longer be able to get your new email from your ISP. Your password for your ISP account is stored on Google’s server and not exposed to the hacker who gains access to your gmail account. Obviously you need to use a different password for logging into gmail than you do for logging into your ISP!
5) Your password should not be easily guessed, or discovered with a dictionary attack (words found in the dictionary). It should be at least 8 letters long, and contain a mix of capital, lower case, and non-alphabetic characters. However, you need to be able to easily remember your password! Here’s an example of a good password:
Sparkylvs2Fetch
You can easily remember a password like this if you have a dog named Sparky who loves to fetch. Even if I know you have a dog named Sparky I’m not likely to easily guess (or hack with a brute-force attack) the lvs2Fetch part.
Even better, try:
5p4rkylvs2F3tch!
You need to remember “Sparky loves to fetch” and that you substituted 5 for the S (S looks like a 5), 4 for the A (A looks like 4) and 3 for the E (E looks like 3 backwards), and that you used lvs (text for loves). If you use number/letter substitutions regularly on your passwords (email and website logins) these substitutions become second nature. Other common substitutions are 0 for O (zero for letter o), and 1 for I (one for letter i).
6) Never use the same password for your email account to login to websites – especially websites where your login username is your email address or where you provided your email address when you created the account. If the webserver gets hacked, the hacker will get your email username and password!
7) Whenever possible, avoid using Microsoft software or other widely used, poorly secured, and/or frequently hacked software. Almost all viruses (and worms and trojans, which are frequently called viruses even though they are really not viruses per se) are targeted at people who use Windows OS, Outlook and Outlook Express email software, Internet Explorer browser and these attacks rely on known vulnerabilities of these computer programs. If you feel you must use Windows rather than a more secure UNIX-based OS (Linux, BSD, MacOS), at the very least download and use an alternate browser such as Firefox, and download and use alternate email software such as Thunderbird. You can also get a whole “Internet Application” suite based on Mozilla Firefox and Thunderbird called SeaMonkey. Although Microsoft Office based viruses are less common you can also get an alternate free office system from Open Office. Another new type of attack comes thru Adobe Reader, and you can avoid attacks thru this software by using any of the many alternative PDF reader programs.
8) Finally, use common sense. Most computers are hacked because people install pirated (and infected) software, or click on a link to see something “naughty” (porn, or wardrobe malfunctions). This is how the virus software gets installed – you “invited” or “installed” it under the guise of getting something else. Avoid P2P networks (Limewire is a major source of viruses).