Monday, December 13, 2010

How to Avoid Getting HACKED!

image courtesy of

Staying secure on the Interwebs can be difficult. There are a lot of people out there who know a LOT more about computers than I do, but since I'm paranoid about getting hacked, I figured I would share my 2 cents worth about keeping your information secure online.

Step 1) Have a STRONG password. This is where most people fail and it is hands-down the biggest threat to anyone getting hacked. A Brute Force attack on your password becomes completely unnecessary when the hacker can simply guess your password.

Here's a list of common passwords from Lifehacker.

image courtesy of

If you have a password like one of these, you will be hacked if you haven't been already. I highly recommend Password Meter as a basic tool to figure out where your current password stands. 

image courtesy of

Above is a screen shot of an example of a fairly strong password - I'm not worried that you can see how many characters it is, or even how many of certain types there are, because it scored 95%. It's that good. The original password scored 100% - unfortunately, many websites don't accept passwords with special characters like !@#$& so I wrote this password without them.

How many different characters should you include? How long should it be?
Again from Lifehacker, here is a table showing how long a Brute Force attack on your password would take, depending on the size and complexity of your password.

image courtesy of

As mentioned in the article, "Adding just one capital letter and one asterisk would change the processing time for an 8 character password from 2.4 days to 2.1 centuries."

Once you've assessed the strength of your password, you have a difficult decision to make.

Step 2) Decide how many passwords you can keep track of.

Ideally, you should have a different password for each website you log in to. Of course, that gets ridiculous and there is no way you'll be able to remember all those seemingly random combinations of numbers and letters. 

I evenly distribute my online presence over 3 master passwords. They're all practically un-hackable - as far as I know. Because I know I'm liable to get confused, I keep a list of passwords in a secure location, much like KeePass - except mine is a locally managed encrypted file on my already encrypted hard drive. To top it off, the file and folder are both "hidden" and only I know the filepath.

Step 3) Change your passwords every 6 months.

Have you ever been part of a computer network or a website that required you to change your password every 6 months? Every year? It seems like a huge inconvenience and most people just add a number to the beginning or the end. Bad idea. The IT gurus that run these networks and websites make you change your password for a reason;  it's a damn good idea. That's all. Instead of just adding a number - pull up Password Meter and write a brand new password. Add it to your KeePass vault. Then go and change all the other sites where you use that password.

Some quick ideas for good password security: 

A) Don't use words in your first language. If you have to - don't spell them correctly. I have had passwords in German, Spanish, English and Russian. 
B) Use "leetspeak" - Instead of writing with all letters, replace occasional letters with numbers and symbols: Password becomes P455w0rD, Hello becomes |-|31lo
C) Come up with a meaning for your password. Incorporate the numbers into this meaning will make your password much easier to remember.
D) Use several different passwords and change them often.

Step 4) Use secure connections whenever possible. If you use a VPN or if your website offers a secure (HTTPS instead of HTTP) connection, use it. Your speed may suffer a little, but the added security is well worth the effort.

Step 5) Routinely check your computer for viruses and other malware. If you find any nasty programs on your computer, change your password ASAP. Many of these malicious programs contain keystroke loggers that record your user name/password combos. You don't want that information floating around.

Step 6) Don't ever tell anyone your passwords! No respectable company will ask for your password online - so don't be fooled by Phishing scams. You haven't won the lottery, you don't need to verify your account, and some random dude isn't going to give you a bunch of free money if you send him a check today. Steer clear of these!

What tips/tricks do you have? What mistakes have you made in the past? What do your passwords score on the Password Meter?

Any questions or comments can be left in the "Comments" section below.