Personal Use Password Dos and Don’ts – Protect Yourself

If you use the Internet at any level then you have multiple accounts with passwords on many different websites. Each one of those have slightly different security mechanisms behind the scenes that the website hosts have no obligation to tell you or to follow any kind of security standards around your account’s protection. Banks, medical, and other major corporation business sites you use obviously have a more vested interest in protecting your data than a message board about parenting tips.

Time and time again I see horrifc and scary account practices by users that are just begging to be exploited to the extreme and cause years of identity theft and financial loss potential. I wanted to write a post to help peopel understand the threats and risks that they are undertaking by some of the common practices as well as give tips that will help mitigate these risks yet not cause a password management nightmare for the user.

===========================================
PERSONAL PASSWORD DON’Ts

• NEVER, EVER use the same password and userid for your financial institutions anywhere else!
  • Why? If a hobby message board is hacked, hackers will take the password and try it against all major banks. If you have the same keys everywhere then if one is hacked they are all hacked for you.
• NEVER, EVER use your email account password for anywhere else!
  • If hackers get a hold of your email password then they can change your account information, intercept the email notices and you will never know.
• NEVER use basic dictionary words for your password.
  • Dictionary checks, meaning trying all dictionary words to crack and account, can now be accomplished in minutes or less.
• NEVER use your work passwords for your personal accounts.
  • You company IT can and probably do harvest your passwords or at a minimum have direct access to do so by an unhonest IT employee.
• When you change your password don’t simply change one letter or number, create a brand new one.
• Don’t create passwords less than 8 characters long, the longer it is the harder it is to crack.
• Don’t trust that every website you have an account on is protecting your account and password the same. They may just store it in clear text.

===========================================
PERSONAL PASSWORD BEST PRACTICES

• Different passwords for every website you create and account on.
  • Come up with your own mental algorithm to create and remember those passwords. For example use the site’s name or address along with numbers. If you need an account on binaryblogger.com you password could be binary7832blogger or b1n&rybl0gg3r both complex enough to be safe and yet if you forget it you can figure it out without writing it down.
• Use Single Sign On where you can.
  • What’s Single Sign On? It where you use a central account and authentication system to access multiple different website. When ever you see websites now that allow to login with your Facebook account, that’s single sign on. If you do make sure you have all the security features in Facebook enabled and NEVER do Facebook auth to any financial institution, keep those seperate. Too much at risk for a slight convienence improvement.
• Change your major passwords often.
  • Change them when your company has you change theirs. The more it changes the safer you are to getting cracked.
• The longer the better, use passphrases not passwords.
  • Early on in the days of security the systems were limited to password length so the industry has gravitated toward single word passwords. There is no rule that passwords have to be words. Instead use a passphrase. A short sentence, favorite song lyric, anything but a single word.

===========================================
PASSWORD PHISHING ATTEMPTS BY HACKERS – HOW TO NOT FALL FOR IT

• NO COMPANY ANYWHERE WILL EVER ASK FOR YOUR PASSWORD!!!
• NO COMPANY ANYWHERE WILL EVER ASK FOR YOUR PASSWORD!!!
• NO COMPANY ANYWHERE WILL EVER ASK FOR YOUR PASSWORD!!!
  • No bank, government agency, stock broker, insurance firm, and so on will ever ask for your password or account information. If you get a scam email saying if you dont login your account will be disabled, FINE let it get disabled. Call the instituion.
• NEVER CLICK A LINK IN AN EMAIL TO LOGIN TO SOMETHING IF IT TELLS YOU TO. OPEN A BROWSER AND GO THERE YOURSELF. TO BE SAFE, ALWAYS DO THIS.
  • Any email you get can look like it came from anywhere. Same graphics, type face, look and feel, even the same business phone numbers. But anyone can fake it and you can fall for it. What happens is in that email there’s a link to a hacked webserver somewhere that has a fake website that looks like your bank but is not. You login thinking it’s legit but the website fails and captures your bank credentials behind the scenes. Now the hackers have the userid and password to drain your account, you gave it to them.
• When in doubt, don’t do it, pick up the phone and verify.
• Trust no email, no website, no voicemail. Always confirm and verify if you are contacted about any business transaction.
• If Western Union is anywhere in the conversation, terminate it and call the authorities.
  • Western Union is the haven for hackers, scammers, phishers and scumbags because it’s a global reach and virtually impossible to track down the scammers. My grandmother was scammed by a phone call ring, claiming to be me and never revealing any specific data, she believed them and wired thousands to Mexico thinking it was me in trouble. POOF, gone. She beleived and never call the rest of the family to verify.
• Be smart. There are more people out there to get your information then those trying to help you practice protecting it. You have control and have responsibility over it, carelessness will cost you and no one else. Learn about what the Internet is and the evils within it, if you are unsure then go the old fashioned route. Better to be slower than fast and insecure.

Education is key espeically to the baby boomers and older generations that are using technology and processes they don’t clearly understand fully. Scammers feed on it and the victims are left with the check and empty bank accounts. Spread the word because once you educate then it’s harder for the scammers to scam and take advantage.
End of Line.
~~~~~~~~~~~~~~~~~~~
Binary Blogger
Twitter – @BinaryBlogger
Facebook – Binary Blogger
Subscribe To The RSS
Sign up for our free newsletter!

Please follow and like us:

Binary Blogger

Binary Blogger has spent 20 years in the Information Security space currently providing security solutions and evangelism to clients. From early web application programming, system administration, senior management to enterprise consulting I provide practical security analysis and solutions to help companies and individuals figure out HOW to be secure every day.

Subscribe
Facebook Page
Follow Me On Twitter
contactme@binaryblogger.com