3 Tips to Improve Your Security Online
Today, I was thinking about Gov. Palin’s Yahoo! email account hacking back in September of 2008. I’m not a security expert or anything, but I do have a few personal recommendations for anyone looking to reduce their vulnerabilities.
1. Do not answer security questions honestly. While security questions can help you recover a password if you’ve forgotten it, it can just as easily do the same for others. In the case of the Palin break in, all that was needed to gain access to her account was her DOB, Zip, and information about where she met her spouse, “which was answered (Wasilla High) by a simple Google search.”
Instead, treat these answers as secondary passwords. Choose an arbitrary word and use that as your security answer, regardless of the question. Or, since the same security questions are usually available for different accounts, choose an arbitrary word as the answer for each type of question. So, for example, “Name of first pet” could be hectic; the “Street you grew up on” could be tornado; your “High school mascot” could be thyroid. I used a random word generator for maximum randomness. The point is for these answers to be something you remember (partly because they are so strange), but something no one else could guess, even if they know a little bit about you or your history.
2. Spruce up your passwords. It’s easy to get into the habit of using the same password for every site you use. What happens when that one password is confiscated? Or, worse, what happens if you don’t know it’s been confiscated and all of your accounts are being accessed without you realizing?
Here’s what I’d recommend: Take your normal password (which we’ll call “root” and define as ‘pa33w0rd’) and add something before and after it. This works best if the additions have something to do with the domain you’re logging into. Say you’re creating an account on Twitter. You could make your password:
first and last two letters of domain (in this case ‘tr’) + root + number of consonants in domain (in this case 5; t, w, t, t, r).
You’re left with: trpa33w0rd5. Say you then want to sign up for Stuffopolis. That password would be sspa33w0rd7. There are lots of variations on this. Use whatever makes sense to you and that you feel you can remember.
3. Write down all your passwords. I do this in my moleskine, and usually write the domain name I’m referencing, my login name, my password, and the email I used to register it.
If you decide you want to save passwords electronically, however, one trick you want want to try is hiding text inside an image. While I’ve only played with this briefly, Hidetext.net seems to be a good site for this. There are other password managers out there, but frankly, I’ve never trusted them. Granted, this is without any research or evidence of vulnerabilities, just personal preference.
BONUS piece of advice: Create at least one email account solely for spam. Giving out your email address is required for most things online, but there’s no reason to give out your personal email address to every site you sign up to use. This is why a spare email account (or more) come in handy. Use these to collect the messages you don’t want to read instead of allowing them to clog up your personal account.
If anyone has any other tips, please leave in comments.
1 Comment »
Leave a comment
Listening To:- YouTube - Chris Garneau - Between the bars (Elliott Smith) November 3, 2009
- YouTube - MC Frontalot - I hate your blog November 3, 2009
- Saul Williams: Said the Shotgun to the Head October 12, 2009
- Reading:
-
Archives
- November 2009 (3)
- October 2009 (3)
- September 2009 (11)
- August 2009 (4)
- July 2009 (7)
- June 2009 (2)
- May 2009 (4)
- April 2009 (4)
- March 2009 (6)
- February 2009 (8)
- January 2009 (4)
-
Categories
-
RSS
Entries RSS
Comments RSS
regarding the bonus piece of advice, you may also want to try otherinbox for emails to register with websites to manage the spam.
cheers,
tom
Comment by HeresTomWithTheWeather | May 28, 2009