About Tanoro

Christopher "Tanoro" Gray is a web programmer and science advocate especially concerned with resource management technologies, biology, and artificial intelligence. He is a student of epistemology and philosophy as well as an Atheist competent in Christian theology.
HOME > View Blog  >  Securing Your Web Experience
Securing Your Web Experience
Posted by: Tanoro - Jul 26, 2012 2:57PM

Recently, a friend of mine on Facebook got her account hacked along with accounts belonging to her on other web services. She was in dire need of some advice on how to secure her accounts. As a developer of online technologies and web master in charge of maintaining hundreds of web accounts, I am more than qualified to deliver such advice.

Some people like to think hackers are very skilled wizards in an esoteric world of Internet technologies. They can break into any server with a few keystrokes and get anyone's login information if they really want to mess with someone. This, fortunately, is simply not true. The vast majority of web accounts that get compromised do so because the account owner did something wrong, allowing the hacker in without even knowing it. The following rules are basic for keeping your web accounts safe and for your eyes only.

Rule #1: Don't allow others access to your online accounts. There are always extinuating circumstances, but the rule of thumb is to maintain sole access to your online accounts just as you would maintain the keys to your home. Like your home and depending on the nature of the service in question, you may wish to invite temporary access to a friend or someone you trust, but you must be diligent in securing access for yourself once that invitation has been revoked. In other words, change your passwords as you would change your locks if you know a former friend has a spare key.

Rule #2: Change passwords often. This is impractical for the locks on your home, especially if you rent, but changing passwords on a web account takes a few clicks and should be done often, most especially for your e-mail accounts which may be used to recover the passwords for everything else. Changing passwords once a month will often be more than enough. Any passwords more than six months old needs to be changed immediately. When hackers gain access to login credentials, they rarely use those credentials immediately. They often wait a while to help add some ambiguity to factors that would otherwise indicate how they got the credentials in the first place. This is a risk because someone may change the passwords, but hackers prefer to err on the side of not getting caught.

Rule #3: Select your passwords intelligently. There is a practice in hacking called "dictionary attack." This is where one writes a program to attempt to guess a password based on large dictionaries of common words. If your password is a dictionary word, it can be easily guessed. You can prevent this from happening by using passwords consisting of random strings of letters and numbers.

Rule #4: Never use the same login credentials in more than one location. This is very important and is most often ignored. The friend of mine whose accounts were hacked got multiple accounts on various websites hacked simultaneously because she used the same login information on all of them. Therefore, a compromise on any one of them provided access to them all. It was disasterous! You can plug such holes by ensuring each web account has a unique password that is not used on any other service in which you participate.

Rule #5: Use a password vault to keep track of your login credentials. If you have lots of web accounts like I do, keeping track of them all is impossible unless you have a program intended for this purpose. The program I use is called Keepass. This program is free and will create an encrypted database for your passwords and store it on your computer (or on a USB drive if you prefer) behind a master password which is the only one you'd need to remember. There are many options available to make the database as secure as you need it. Keepass is free and easy to use. There are also alternatives for Mac users.

Keepass Interface

Given the above rules, I have never been hacked. Utilize these rule and you are unlikely to be either.

This blog is an editorial and contains only the opinions of the author. The author claims no expertise on most topics of discussion and this blog is not to be cited as an alternative for properly vetted journalism or scientific sources.

comments powered by Disqus