The below mentioned methods & procedure are basic
ways to protect your password against being stolen by hawkers.
5 Ways to protect your passwords:
1. Golden
rule: Never share your passwords
First and foremost thing, even a
present generation kid would advise others when it comes to password are not to
share them with anybody. A user credential is for a particular users and it
must be personal at any cost. What is the use of letting it known to others! It
would have been better without passwords than sharing passwords. Even if you
have to show them an email for a discussion, just forward them the email or
provide a hard copy of the email. Sharing password will make you equally liable
for any mischief done by others. So remember the golden rule. “Never share your
password”. Even you may share a good relationship with others or it might be a
family member; it is ill-advised to share user credentials.
You might ask “What’s problem with
my wife? She won’t turn against me.” It is not about the veracity of your
family members. But what precautions they follow will compromise your password
with someone ignorantly. What if your family members respond to a spam emails
which likely appears to be from your banker asking you to reset your login
credential from the below mentioned link in that email stating a reason that a
someone tried to open your account with wrong email address? Not everybody from
your family will understand the difference between spam and real banking
emails. Your banking password will end up with the fraudster who tricked your
wife or children to login to the fake site which logged your login credentials.
Even though many organization campaign against such fraudsters still many fall
to the trap of such spam emails. They social engineered your family to give
away your banking password in this circumstance. The above scenario might make
you think how vulnerable you are when you share your password with others.
2. Don’t
keep a simple password
The next most common vulnerability
is nature of your password. Most user computer passwords are vulnerable to
cracking or password recovery tools. Users ignorant of need of strong passwords
usually keep the password short. The advantage of short passwords is easy to
remember but at the expense of security. Almost all passwords are guessable due
to weak password. Many of us use just our name along with birth year as
password. For instance, your name is Mary and date of birth is 14th
January 1981. Then the person who tries to steal your password has vital lead
to crack your password. Just a word-merge website will create all possible
combinations. Sadly, one among that combination will be your user password. A
fully automated software will complete the whole operation is no time. So,
don’t make your password guessable. Any combinations of your name, family-name,
date of birth, pet name, school, college, university, and your work are easy to
steal.
Your password strength highly
depends on how difficult to guess it. Try to add symbols & numerals. Keep a
good length to the password you create. Just a four letters password even with
symbols &numerals are walk in the park for the password hawkers. Try to
create a lengthy password. A standard would be to create a 15 letter password.
Most casual hacker who doesn’t invest in serious hacking will relent with your
14th letter.
3. Never
say password in phone calls/text messages/emails
The easiest trick is to make you
give away your username and password is simple. Just call your phone number and
ask for it. You will provide it without hesitation. Anyone can call your phone
number and claim that he is a customer care executive of internet service
provider or as a desktop customer care executive who is going to run official
update to your devices. They request for the username and password so that they
can finish the job from remote place.
Sometimes, when you hesitate to
provide username and password, they will insist on visiting your home to
install those fake updates on-site. Even though, you may not provide them the
password when they visit your home, they will install the update on your system
and go away. But the update would be nothing but a key-logger or malware to
spook your security. Either way, they gain access to devices with or without
your password. It would be always wise to check the identity who visits your
home.
As a rule of thumb, don’t provide
your password through phone calls or text messages to anyone. If the person
calling insists on visiting your home, just call the official customer care
help-line to confirm it from the company. Know the name, designation and
purpose of the visit of executive if the company actually sends someone to fix
the problem. Never leave him alone with your computers and network hardware. Don’t
hesitate to question him about his business with your hardware. Know everything
technical that you need to know from that executive since they will always
demand administrative privileges to your hardware.
4. Spam
links
Spamming, old school method of
getting user credentials from others. Despite spam filters, we may find unwanted
links finding its way to inbox. The most common way is the hawker would send
email to all email contacts found on forum we use regularly. Not only they
advertise products and services but also try to steal critical information
about your computers. All the will do is run a browser script to fish
information out of your system. Some trick you to enter your password with
phrase “Login with Google”. Don’t fall for the trap. Even though with advanced
tech, spam were reduced to ground. Compared to 50 to 100 emails per day, we
started receiving a maximum of 10 per month. Still, the possibility to get your
password through spams are high. The old
school lesson is not to follow spams unless you know who sent it.
DYK: Spams too contribute Global
warming.
5. Don’t
save passwords in text files
Alright, now you might question, “A
password which is difficult to guess is difficult to remember. So what to do”?
A simple solution that might tick in your creativity is to store password in
file. Please, don’t follow this method. It is most vulnerable method to store
the passwords. The most common mistake
is to store password in password protected excel sheets which are cracked
opened in no time. Next worse mistake will be writing down in sticky notes and
placing it near desktop. If you decide to write down passwords, write down and
keep it in safe location.
The best method is to use a
password manager which stores login credentials securely. For anybody, who feel
cost involved in the password manager, they can opt for open source password
managers. But download the password managers only from trusted sources,
especially with open source password managers. Don’t feel lazy to check md5 and
checksum of the download file with the official websites of the open source
password manager. Md5 and checksum ensure that source package is trustable and
does not contain any harmful injected codes.
The methods provided above are basic
steps that one must follow to keep oneself secure. There are further steps
involved to completely secure your systems from attacks which you can follow
future blogpost.
Subscribe via email or follow on
twitter for updates.