| CyberDefenseGuide A How-To Guide To Internet Security and Windows Repair |
| Internet Security | Windows Repair |
| Remotescan Remote Virus Removal and Security Maintenance Service Remotescan |
| Passwords |
Use this advice to make sure your passwords are secure.
If you haven't done so already you should make a password for all the User Accounts on your pc
- Administrators, Limited users and the Safe Mode Administrator account.
You should change your password every week, or at least every month, especially for online banking and especially if you use an internet cafe
or any public computer. In fact, I personally would change any password as soon as possible after using it at an internet cafe - many don't have
even the simplest of security defenses or regular virus scanning. They are usually all part of a local network so if one pc gets infected by a
customer visiting an attack website weeks before you visited then all the pcs will probably be infected with keyloggers that will steal the name
and password from all your login details. In which case it's just a matter of time before your email account is visited quietly by a criminal looking
for anything they can use to perpetrate fraud or simply steal your money.
The best time to change your passwords is after you have scanned your pc thoroughly for viruses. There's no point changing your passwords every week
if a virus is recording every new password. Ideally you should apply all the advice in this guide before your pc is secure enough to defend your passwords.
If you're still worried about security you can defend your passwords by using key entry strategies to fool the keyloggers. When you enter a
new password add extra characters and delete them using the mouse. For example, if your new password is je5s3$h(K6S^dQ instead you
type in je8Wi5s3$h(K6S^0aLdQ, where 8wi and 0aL are the fake characters, and then Cut or Delete them with a rightclick of the mouse leaving your
actual password which you can submit as normal. Another alternative to beat keyloggers is to keep your passwords in a text file on your pc and
Copy and Paste them into the login fields.
Passwords should be made up of a minimum of 14 random letters (including capitals) and numbers, for example 6tuT7dAsq3Pj9F.
In certain cases (like Ebay and Yahoo) you can also use symbols, for example H:9#d3|<o6,F&i.
The idea is to make a password that cannot be guessed, either from personal information you might use (pet's name, favourite tv show, birth dates etc),
or acronyms, tradenames, abreviations, strings of the same number or letter or adjacent keys on the keyboard, or words (or combinations of words)
that can be guessed by password cracking software using dictionary word lists in all languages.
The best password is one you can't remember, so when you make up a 14 character password you should write it down. Keeping all your passwords
on a list is a security vulnerability but is unavoidable these days. Try not to list your email address alongside its password - try to remember the email
address and just write something to remind you that password is for your Yahoo email account. Keep it in a fire/waterproof box or safe if you have one,
and never take it outside with you in case you lose it.
There are websites where you can generate randomised 14 character passwords but I can't recommend them because it breaks the first rule of security
management - don't let ANYONE know your password. Remember that any website owner can record the IP address of your computer and, if they
wanted to, record this alongside the password you generated, and keep a big list of everyone who visited their site. This store of information would be
a goldmine to a criminal capable of penetrating the website's security. If you also have the option of registering with the site for extra free services they
will probably request your email address and add it to the list. This would be incredibly useful to a criminal because they could email you a worm virus
which would create a silent remote connection to their computer allowing them to bypass your pc's security, especially if one of the passwords you
generated on their website was your computer's Administrator account password. These websites also break another security rule - when you register
for a service where you receive a computer generated account password, you are expected to change that password as soon as possible.
This is because information transferred across the internet can be intercepted and read by criminals.
This advice also applies to any website that claims to check the security strength of your password - don't give your password to anyone, especially not
a website. Even Microsoft has a webpage. I'm not giving you the address in case anyone types their real passwords into it.
When you register for email accounts some will ask you to supply personal information like the name or your pet, uncle, teacher, even eldest child,
in order to "protect your account" and "increase your security". This only seems to be used in case your password is stolen and someone tries to change
it. There are so many things wrong with this I don't know where to start. If someone has access to your email account they're not interested in changing
your password and "stealing" the account, they are interested in knowing all of your friends email addresses and any personal information from your emails
that will help them steal from you. Alerting you to the problem by changing the password is not in their game plan. If you give an email website personal
information about yourself then you have to trust them to store that information securely. If a hacker (or criminal employee) accesses that information they
can steal your identity at a stroke. Users of Google's Gmail will be aware of this problem. When one of these websites asks for personal information give
them another password instead, for example if you choose to give Yahoo the name of your spouse, type Hd7sPh6eiY5b3l instead, and make a note of it.
©Helptree Services 2010