Welcome Malden Patch's newest local voice Michael Gualtieri, who will blog about computer tips for the everyday home user and small business. Send him your questions at "info at forestdaleinfosystems dot com"
Do you have a hobby, interesting perspective or craft you'd like to share with other Maldonians? You don't have to be a professional writer - contact editor Chris Caesar at Chris.Caesar@Patch.com for details.
The Internet is all well and good for posting your favorite pictures of cats in compromising situations, but it's also a pretty scary place, considering that it's essentially a giant public bulletin board that absolutely anyone in the entire world can walk up to and read.
When you consider all of the devices you have that hook up to the Internet - your computer, your smartphone, your tablet -- hell, even some appliances are able to phone home -- you start to realize that among those millions upon millions of devices and the users behind those devices, there are going to be a few bad apples out there trying to get your information.
That's right, I said YOUR information - your full name, address, phone number, e-mail address, and the most important one of all, your Social Security Number. Even information as innocuous as your mother's maiden name, your pets' names, the first car you ever drove, your favorite color -- that's the stuff a bad guy wants. Let's look at some of the ways that an attacker* will "own" you.
*note: we'll be using the term "attacker" instead of "hacker". A "hacker", though widely believed to be a pejorative term, actually has a primary definition of "an enthusiastic and skillful computer user"
How You Get Owned, Part 1
- Weak passwords/Using the same passwords for all your sites
One of the most common ways an attacker will force his way in to your accounts is through simple guessing of your password - your birthday, your anniversary, your child's name, your dog's name... you get the picture.
A study done recently showed the worst passwords of 2011 - 123456, Password, iloveyou, to name a few. It's easy for anyone who has access to your computer to crack your password... so easy it would make you feel ill. Even worse, the person who used 123456 probably used it for their e-mail, their bank, their Facebook, yada yada yada.
But the thing is, this is how an attacker does the most damage. They find out one password, and they apply what they know about human nature which says, "gee, if this password was so easy, the others must be just as easy, if not the same!" The first thing they always try: they try the known working password.
Look, I know it's a pain in the butt to have a complex password, never mind a different password for each site. That's what leads to one of the banes of my existence as an IT guy: the password on a Post-It.
So here's a tip: take a sentence, say, "How I Learned to Stop Worrying and Love the Bomb". Take the first letter of each word, and throw a number and symbol in there, so you get this:
This password has all the elements you'd want - capital letter, a number, symbols, and most importantly, a "word" that's not even remotely guessable not only by a human, but by a computer with a dictionary file. Even better is if you type a whole sentence, including spaces. Password Crack tools have a ton of difficulty with these types of passwords - they're built for guessing one word, not a whole sentence.
So to summarize:
- Use a strong password with numbers, letters, symbols, and try to make it a non-dictionary word.
- Don't use the same password on every site. Make it vary by a slight amount, at least.
- Try not to write your passwords on Post-Its. The most common place I found peoples' passwords? Under their keyboards. Is yours there right now?
Stay tuned for the next part of the continuing saga of Internet Security!