How can my account be cracked?
Member accounts are always a weak point of entry. Your account can be cracked if someone is able to obtain access to your password, either by guessing it, stealing it, or using password recovery.
What should I do to protect my member accounts?
- Use a good password. A good password contains at least 8 characters from at least 3 of the following sets:
- lowercase letters
- UPPERCASE LETTERS
- numbers (0-9)
- punctuation !@#$%^&*,.;`~-_+=()[]{}
and of course more is always better.
Your password should never be a dictionary word, all numbers, or a pattern like "qwertyuiop".
Your password should never be part of your username, either. - Protect your e-mail account. If your account is on a site like Yahoo or Hotmail, it can be accessed by successfully answering your password recovery question. If your question is something like "what is my pet's name?" many people can easily find this information. A password recovery can then be instituted and your account is a goner.
- Remember to login to your email account very often. Email providers like Hotmail will delete your account if it is not used within 30 days. If it expired, all a cracker needs to do is create a new email account with the same username, use the password reminder feature to gain access to your account.
- Never use the passwords listed as "good password" examples in an FAQ, as this is likely one of the first ways crackers try to access accounts.
- Never tell anyone your password -- not even your closest friend. If you manage to let it slip, change it quickly.
- If you are using a public computer, never use the option to always stay logged in (and never let the browser remember the password). Always log out after you are done to ensure your account is safe. If possible, delete the Temporary Internet Files, Cookies, and History.
- Additionally, don't use your password as a password at any other site.
- Beware of a hacking trick called "phishing." This is when a cracker sends you an email pretending to be from the site you are registered at.
- A cracker might tell you that your account has a problem and the site "needs" your password.
- A cracker might tell you that the site is purging unused accounts, and needs you to log in to a special page, and leaves a link to a log in page that looks like the site's login page. What it really does is submits your username and password into a list that the cracker has access to and then uses them to gain access to the accounts on the list.
Clues to spot a fake "phishing" email:
- Many sites will never ask you for your password.
- Look at the headers. If the headers don't match the ones from the other emails you have received from the site, it will most likely be someone else.
- Only log in from the site's home page. Don't ever log in from the URL in the email.
If you ever receive a "phishing" email, report the entire email, including the headers, to the email provider and the site that email is explaining. Also, mark the email as Spam and/or Phishing if it isn't already. - A cracker might tell you that your account has a problem and the site "needs" your password.
- Also be wary of add-ons (for games, browsers, etc.) you install. Some of them might have malicious programming built into it that could be used to hijack your account by keylogging your password. You should only download them from trusted sites that are well known within the community.
Just a reminder: "password" is not a good password. "12345" is not a good password. "qazwsxedc" is not a good password (pattern). "qRvMaoNx53" is a good password. "n9c_E#wEdaD" is a better password.
I have listed some tools here that may be of use.
- Random Password Generator - The PC Tools Password Generator creates random passwords that are highly secure and extremely difficult to crack due to an optional combination of lower and upper case letters, numbers and punctuation symbols.
- PWGen Firefox Extension - pwgen, stands for "password - generator". Upon install, a small 'P' icon will show up in the statusbar of your browser. One click on the icon and a password is instantly generated, shown and copied into your clipboard.
- LastPass - A secure password manager, which is cross-platform and cross-browser. It has an add-on for most of the major browsers out there, and has bookmarklets for the browsers it doesn't support. The data is only encrypted and decrypted on your computer, and is encrypted using AES-256, meaning no one can access your data without your email and password. (Make this password a good one!) Only the encrypted data is stored on LastPass's servers. Some of their features include one master password, synchronization between browsers, automatic form filling, one-click login, one-time passwords, 2-step authentication, and more. They also have an upgrade option ($12 a year!) that includes support for mobile devices.
0 comments:
Post a Comment