Guide to protecting your Internet accounts

Security experts have uncovered a trove of some 2 million stolen passwords to websites including Facebook, Google, Twitter and Yahoo from internet users across the globe, media reports say. The reason? They were weak. The most common password in the set is “123456”. Others included “password,” “admin,” “123″ and even “1″. With most of your personal and financial data stored online, getting hold of your passwords almost means getting the key to the safe in your cupboard. Here are a few steps to ensure a rock solid password. Tip 1: Diversify The word 'password' is pictured on a computer screen in this picture illustration taken in Berlin. Reuters Reuters Use the personal finance principle of diversification to reduce your risk. So if you have five different online accounts, right from social media to financial service accounts, set different passwords for each. Otherwise, you would be making it easy for the fraudster as he or she will be able to access all your accounts once one is cracked. Yes, remembering will be easier if it is one for all. But that is a small issue considering the danger it has. So, diversify your risk. This may seem to be an obvious tip, but you’d be surprised to know how many use the same password across sites. Tip 2: Avoid predictable We know it’s easy to remember your city name, kids’ name, spouse’s name, pets’ name, etc as passwords but they are just too predictable. Also, with Facebook and Twitter, we reveal so much of personal information about ourselves that it is not very difficult to predict the above mentioned password. So, if you have a dog named Rocky, and if you have posted updates about his hunger pangs, you definitely should not have “rocky” as your password. Tip 3: Mix it well Just like a good financial portfolio will have a health mix of debt and equity, FD, bonds, gold and the like, ensure your passwords have a healthy mixture of number, alphabets, special characters and capital letters. So instead of having a password as “money” have it as 11m@Nee*y or so. Tip 4: Idioms, poems and songs work well You could also use first letters of an idioms, a poem or a song you like to make a password combo. For instance, for a “Jack and Jill went up the hill to fetch” could be converted into a password as “J&jwU2^2F” Tip 5: Use vernacular language There are a number of software out there that can make a dictionary type hacking attack, which means every word present in the English dictionary along with different permutation and combinations of numbers can be hacked. So, we suggest you could ditch the Queen’s language and do it the vernacular way. So instead of a password “thirst” you could simply make it as “T@hAan*73” in Marathi, or “pYa@sS19 in Hindi or “tEsht@%22” in Bengali. Tip 6: Increase the length If you have the patience (you better do), make sure that you have a long password. At least a password, which is longer than eight characters. Tip 7: Use virtual key pads Where ever possible use virtual keyboards provided on your many financial websites to type in the password. Ghost-keyloggers can read the strokes on physical keyboards, and hence virtual keyboards work well. In short, be creative, don’t save passwords on your computer and don’t do financial transactions at cyber café and the like. So these are our tips. Let us know your in the comments section. We know you have a few.

Read more at: http://www.firstpost.com/tech/gmail-twitter-password-hack-heres-how-to-secure-your-account-1268459.html?utm_source=ref_article

Security experts have uncovered a trove of some 2 million stolen passwords to websites including Facebook, Google, Twitter and Yahoo from internet users across the globe, media reports say. The reason? They were weak. The most common password in the set is “123456”. Others included “password,” “admin,” “123″ and even “1″. With most of your personal and financial data stored online, getting hold of your passwords almost means getting the key to the safe in your cupboard. Here are a few steps to ensure a rock solid password. Tip 1: Diversify The word 'password' is pictured on a computer screen in this picture illustration taken in Berlin. Reuters Reuters Use the personal finance principle of diversification to reduce your risk. So if you have five different online accounts, right from social media to financial service accounts, set different passwords for each. Otherwise, you would be making it easy for the fraudster as he or she will be able to access all your accounts once one is cracked. Yes, remembering will be easier if it is one for all. But that is a small issue considering the danger it has. So, diversify your risk. This may seem to be an obvious tip, but you’d be surprised to know how many use the same password across sites. Tip 2: Avoid predictable We know it’s easy to remember your city name, kids’ name, spouse’s name, pets’ name, etc as passwords but they are just too predictable. Also, with Facebook and Twitter, we reveal so much of personal information about ourselves that it is not very difficult to predict the above mentioned password. So, if you have a dog named Rocky, and if you have posted updates about his hunger pangs, you definitely should not have “rocky” as your password. Tip 3: Mix it well Just like a good financial portfolio will have a health mix of debt and equity, FD, bonds, gold and the like, ensure your passwords have a healthy mixture of number, alphabets, special characters and capital letters. So instead of having a password as “money” have it as 11m@Nee*y or so. Tip 4: Idioms, poems and songs work well You could also use first letters of an idioms, a poem or a song you like to make a password combo. For instance, for a “Jack and Jill went up the hill to fetch” could be converted into a password as “J&jwU2^2F” Tip 5: Use vernacular language There are a number of software out there that can make a dictionary type hacking attack, which means every word present in the English dictionary along with different permutation and combinations of numbers can be hacked. So, we suggest you could ditch the Queen’s language and do it the vernacular way. So instead of a password “thirst” you could simply make it as “T@hAan*73” in Marathi, or “pYa@sS19 in Hindi or “tEsht@%22” in Bengali. Tip 6: Increase the length If you have the patience (you better do), make sure that you have a long password. At least a password, which is longer than eight characters. Tip 7: Use virtual key pads Where ever possible use virtual keyboards provided on your many financial websites to type in the password. Ghost-keyloggers can read the strokes on physical keyboards, and hence virtual keyboards work well. In short, be creative, don’t save passwords on your computer and don’t do financial transactions at cyber café and the like. So these are our tips. Let us know your in the comments section. We know you have a few.

Read more at: http://www.firstpost.com/tech/gmail-twitter-password-hack-heres-how-to-secure-your-account-1268459.html?utm_source=ref_article

Security experts say passwords for more than 2 million Facebook, Google  and other accounts have been compromised and circulated online, just the latest example of breaches involving leading Internet companies.

Some services including Twitter have responded by disabling the affected passwords. But there are several things you can do to minimize further threats –even if your account isn't among the 2 million that were compromised.


Here are some tips to help you secure your online accounts:

ONE THING LEADS TO ANOTHER:


When a malicious hacker gets a password to one account, it's often a stepping stone to a more serious breach, especially because many people use the same passwords on multiple accounts. So if someone breaks into your Facebook account, that person might try the same password on your banking or Amazon account. Suddenly, it's not just about fake messages being posted to your social media accounts. It's about your hard-earned money.


It's particularly bad if the compromised password is for an email account. That's because when you click on a link on a site saying you've forgotten your password, the service will typically send a reset message by email. People who are able to break into your email account, therefore, can use it to create their own passwords for all sorts of accounts. You'll be locked out as they shop and spend, courtesy of you.


If the compromised password is one you use for work, someone can use it to break in to your employer's network, where there are files with trade secrets or customers' credit card numbers.


BETTER PASSWORDS:


Many breaches occur because passwords are too easy to guess. There's no evidence that guessing was how these 2 million accounts got compromised, but it's still a good reminder to strengthen your passwords. Researchers at security company Trustwave analyzed the passwords compromised and found that only 5 percent were excellent and 17 percent were good. The rest were moderate or worse.

What makes a password strong?


– Make them long. The minimum should be eight characters, but even longer is better.


– Use combinations of letters and numbers, upper and lower case and symbols such as the exclamation mark. Try to vary it as much as you can. “My!PaSsWoRd-32”³ is far better than “mypassword32.”

– Avoid words that are in dictionaries, as there are programs that can crack passwords by going through databases of known words. These programs know about such tricks as adding numbers and symbols, so you'll want to make sure the words you use aren't in the databases. One trick is to think of a sentence and use just the first letter of each word — as in “tqbfjotld” for “the quick brown fox jumps over the lazy dog.”

– Avoid easy-to-guess words, even if they aren't in the dictionary. Avoid your name, company name or hometown, for instance. Avoid pets and relatives' names, too. Likewise, avoid things that can be looked up, such as your birthday or ZIP code.

One other thing to consider: Many sites let you reset your password by answering a security question, but these answers –such as your pet or mother's maiden name– are possible to look up. So try to make these answers complex just like passwords, by adding numbers and special characters and making up responses.


A SECOND LAYER:


Many services offer a second level of authentication when you're accessing them from a computer or device for the first time. These services will send you a text message to a phone number on file, for instance. The text message contains a code that you need in addition to your password. The idea is that a hacker may have your password, but won't have ready access to your phone.
Facebook, Google, Microsoft and Twitter are among the services offering this dual authentication. It's typically an option, something you have to turn on. Do that. It may be a pain, but it will save you grief later. In most cases, you won't be asked for this second code when you return to a computer you've used before, but be sure to decline that option if you're in a public place such as a library or Internet cafe.

ONE FINAL THOUGHT:


Change your passwords regularly. It's possible your account information is already circulating. If you have a regular schedule for changing passwords for major accounts, you reduce the amount of time that someone can do harm with that information.

You'll need to decide what counts as a major account. Banking and shopping sites are obvious, as are email and social-networking services. It probably doesn't matter much if someone breaks into the account you use to read newspaper articles (unless it's a subscription).

And strong passwords alone won't completely keep you safe. Make sure your computer is running the latest software, as older versions can have flaws that hackers have been known to exploit. Be careful when clicking on email attachments, as they may contain malicious software for stealing passwords. Use firewalls and other security programs, many of which are available for free.

Ref: http://www.santacruzsentinel.com/opinion/ci_24659799/tech-tips-guide-protecting-your-internet-accounts
Tags: Facebook, Twitter, Gmail, Yahoo, Password, Secure, Hack, Internet, Accounts, Protect, Fishing, Hacking, Strong, Break, Breach, Banking, Shopping, Credit, Card, Cards, Firewall,