Better password management key to thwarting hackers
Published: Monday, June 10, 2013 at 6:01 a.m.
Last Modified: Friday, June 7, 2013 at 4:52 p.m.
Being hacked is a lot like speeding — you can avoid it for a long time, but eventually you're going to get popped. How much it ends up costing you generally depends on how careless you are.
Last week, I got popped.
I wasn't drag racing through a school zone or anything, but the notification I got from Google was enough to get my attention. Basically, I was informed that somebody in Bulgaria had accessed my email account without my password.
Access was denied because Gmail snoops enough into my life to know I don't frequent Bulgaria often. In the grand scheme of hacking, this was nothing but a warning, especially compared with victims of life-altering hacks.
I must say I have been running on American bravado with digital security for years. “It's not going to happen to me” has been my motto. Now, having been shamed in my confidence, I hope to convey the reality that getting hacked is not an “if” event but a “when” event.
Unless, of course, you take action.
Outside of digital abstinence, the best protection is using strong passwords. Keep in mind that hackers use various techniques such as the well-documented dictionary attack where new words and terms are tested in rapid-fire succession. Putting a random @ or # symbol in the middle of your password can go a long way in thwarting such a technique. Random capital letters and numbers are equally useful; just don't think adding 123 to the end of your last name equates to anything but a horrible choice for a password.
There are other obvious no-no habits that we're probably aware of but violate regardless. Don't use the same password across multiple sites and accounts. This should be obvious. Change your passwords frequently, especially for secure accounts such as banking and email. Don't write down your passwords near your computer, especially at work or leave a document on your computer with a master list of passwords. Using the same email or username across the board can make a hacker's life very easy in obtaining half of the login equation so be sure to have options. Also, don't use your kid's, dog's or first girlfriend's name as that would nominate you for the Captain Obvious Award.
Major websites such as Google, Apple, Twitter and LinkedIn are fortifying their digital kingdoms by using two-step verification for logins. This process adds an additional step after a traditional login, as a special code will be instantly sent to your mobile device to complete the process. This method seems to be gaining traction, and we're probably best off embracing the added security instead of dismissing the obvious annoyance.
It should be pretty obvious by now why we compromise our own digital security with shortcuts and laziness. The whole thing is overwhelming. Some of us have dozens of sites and accounts that all require different login information. The prospect of keeping up with these demands while using unique and sophisticated passwords is simply more than most of us are willing to invest.
If this is you, it might be worth considering password protection software. The market is loaded with many options based on your platform and needs across desktop and mobile devices. Some will store self-generated passwords in a secure environment while others will generate so-called hacker-proof codes on demand. Others do both or even help to create secure browsers. Keep in mind that each of these so-called solutions will present new weaknesses as well.
Herein lies the problem — no matter how hard you try to protect yourself, hackers will continue to evolve and devise new and more evil plots to steal your information. For most of us, we can take a few simple steps that will drastically decrease the odds of having our digital security violated.
Reader comments posted to this article may be published in our print edition. All rights reserved. This copyrighted material may not be re-published without permission. Links are encouraged.