How to be safe on the internet. Make the web better!
Make the web better
How to be safe on the internet
First rule of security: trust nobody
And some other simple rules:
1. Do not give your passwords to friends and don't type
passwords in public places. If you really need to, look both
ways and make sure no one can see your hands.
This is not a joke!
Lots of accounts got "hacked" this way.
2. Do not use your password (login) in unknown networks,
like public wiFi networks (hotels, McDonalds or others)
There may be some dude (proxy)between you and the
internet that can record any action (request) between you
and any server (website). Even your passwords.
What can you do? When you are at home, check "Keep
me logged in" on the website so when you get into public
places you will not need to enter your password.
3. Never click on unknown links. Before you click a link
make sure you check the address from the address bar.
I hate short links!!! (even fb.me or t.co ... all of them)
NOTE1:When you check the address bar make sure it is a
perfect match. As example: if it's a mail from PayPal and
the link is something like http://client12.paypl.com you
should not click it. The domain must be PayPal.com and
not paypl.com. Do not assume that an email from
paypal.com is safe. The sender can easy be changed.
Note2: Never complete a login forms unless you checked
the address-bar twice. You may get into pages that look
like the Yahoo! (just an example) interface BUT there is
another address, another website. It is a copy of the
interface to just make you enter (give) your password.
4. Do not give passwords to any support desk, bank agent
or other person that will tell you that "it's safe!" to do it.
Any support desks or administrator must have access to
your account (of any type) without your password.
Never store passwords
in plain text
(on paper, in your browser, in your phone,
in your computer)
Do not have stupid passwords
Make sure that your passwords contains at least one
special character and at least one digit and it's over 8
characters. If you have any password that doesn't meet
this, go and change it right now.
Why is this important?
Well, read this if you like technical stuff: the simplest method of getting
passwords is a savage one, named brute-force. This method consists into
entering all combinations of letters and even digits until a valid password is
found. If you add a special character and a digit into your password and
you make it long enough (over 8 chars) you will add billions of brute-force
combinations. Most of the big websites logins are protected against bruteforce (it's nothing sure) but a simple security breach could lead to
database records or files that store passwords. If you have a strong
password, it will be impossible to "unhash" it. A hash is a computed value
of a string with a one-way algorithm. So, once a password is hashed it
cannot be unhashed BUT you can make brute-force over it and trying lots
of combinations you can find the valid hash.
A programmer needs just few lines of code to create a brute-force.
And, of course, a lot of time.
Ok, how can I have a strong password?
As example: my name is Octavian and my password can
be "0C5@vi1N" and it's easy for me to remember.
We have: 0 (zero) is like "O" + big "C" + 5 is over "T", @ looks
like "A", we also have "vi" as simple string, 1 is over "A" and,
in the end a big "N". So, it's my name in a new way.
If you need, you can use something like
or even a password manager
Another important thing about passwords: make sure you
have a different password for every important service that
you have - Email, Facebook, forums, games, FTP accounts
(if you are a developer) and other accounts.
Why should I do that?
Sometimes, in my past, I got a website to maintain. I was surprised to see
that all passwords recorded until that time are in plain text. You could just
see passwords (even now, I cannot understand how a programmer can
be that stupid). So I took some random password and the email of the
account and just tried into the Yahoo! login form (it was a Yahoo! email).
It was amazing to find out that 3 of 5 users had the same passwords for
their emails. Of course, next thing, I hashed all passwords.
So, never have the same password for two services because you cannot
know who will bump into your clear password. At least you will lose one
account, not your entire internet life.
Have alternate ways for your
As example, have an alternate email to recover your
password. Both Yahoo! and Google will allow a second
email address that can reset your password. Also, if you
can, add your phone number for trusted websites so this
will also be a new method to recover your password.
If you don't have an alternate email, add it now!
Make sure you have a
good updated antivirus and
you make a scan once a month
A good antivirus will also have a firewall. In case it does
not, make sure your OS (ie: Windows) firewall is ON.
Also, update your system at least once a month because
there are security updates that you may need.
Please share this and help me to make the web better.