The below mentioned methods & procedure are basic
ways to protect your password against being stolen by hawkers.
1.Golden rule: Never share your passwords
First and foremost thing, even a
present generation kid would advise others when it comes to ways to protect your password is not to
share them with anybody. A user credential/password is for a particular users and it
must be personal at any cost. What is the use of letting it known to others! It
would have been better without passwords than sharing passwords. Even if you
have to show them an email for a discussion, just forward them the email or
provide a hard copy of the email. Sharing password will make you equally liable
for any mischief done by others. So remember the golden rule. “Never share your
password”. Even you may share a good relationship with others or it might be a
family member; it is ill-advised to share user credentials.
You might ask “What’s problem with
my wife? She won’t turn against me.” It is not about the veracity of your
family members. But what precautions they follow will compromise your password with
someone ignorantly. What if your family members respond to a spam emails which
likely appears to be from your banker asking you to reset your login credential
from the below mentioned link in that email stating a reason that a someone
tried to open your account with wrong email address? Not everybody from your
family will understand the difference between spam and real banking emails.
Your banking password will end up with the fraudster who tricked your wife or children
to login to the fake site which logged your login credentials. Even though many
organization campaign against such fraudsters still many fall to the trap of
such spam emails. They social engineered your family to give away your banking
password in this circumstance. The above scenario might make you think how
vulnerable you are when you share your password with others.
2. Don’t keep a simple password
The next most common vulnerability
is nature of your password. Most user computer passwords are vulnerable to cracking
or password recovery tools. Users ignorant of need of strong passwords usually
keep the password short. The advantage of short passwords is easy to remember but
at the expense of security. Almost all passwords are guessable due to weak
password. Many of us use just our name along with birth year as password. For
instance, your name is Mary and date of birth is 14th January 1981. Then
the person who tries to steal your password has vital lead to crack your password.
Just a word-merge website will create all possible combinations. Sadly, one
among that combination will be your user password. A fully automated software
will complete the whole operation is no time. So, don’t make your password
guessable. Any combinations of your name, family-name, date of birth, pet name,
school, college, university, and your work are easy to steal.
Your password strength highly
depends on how difficult to guess it. Try to add symbols & numerals. Keep a
good length to the password you create. Just a four letters password even with
symbols &numerals are walk in the park for the password hawkers. Try to
create a lengthy password. A standard would be to create a 15 letter password. Most
casual hacker who doesn’t invest in serious hacking will relent with your 14th
letter.
3. Never say password in phone calls/text messages/emails
The easiest trick is to make you
give away your username and password is simple. Just call your phone number and
ask for it. You will provide it without hesitation. Anyone can call your phone
number and claim that he is a customer care executive of internet service provider
or as a desktop customer care executive who is going to run official update to
your devices. They request for the username and password so that they can
finish the job from remote place.
Sometimes, when you hesitate to
provide username and password, they will insist on visiting your home to
install those fake updates on-site. Even though, you may not provide them the
password when they visit your home, they will install the update on your system
and go away. But the update would be nothing but a key-logger or malware to
spook your security. Either way, they gain access to devices with or without
your password. It would be always wise to check the identity who visits your
home.
As a rule of thumb, don’t provide
your password through phone calls or text messages to anyone. If the person
calling insists on visiting your home, just call the official customer care help-line
to confirm it from the company. Know the name, designation and purpose of the
visit of executive if the company actually sends someone to fix the problem.
Never leave him alone with your computers and network hardware. Don’t hesitate
to question him about his business with your hardware. Know everything
technical that you need to know from that executive since they will always
demand administrative privileges to your hardware.
4. Spam links
Spamming, old school method of
getting user credentials from others. Despite spam filters, we may find unwanted
links finding its way to inbox. The most common way is the hawker would send
email to all email contacts found on forum we use regularly. Not only they
advertise products and services but also try to steal critical information
about your computers. All the will do is run a browser script to fish
information out of your system. Some trick you to enter your password with
phrase “Login with Google”. Don’t fall for the trap. Even though with advanced
tech, spam were reduced to ground. Compared to 50 to 100 emails per day, we
started receiving a maximum of 10 per month. Still, the possible to get your
password through spams are high. The old
school lesson is not to follow spams unless you know who sent it.
Did You Know: Spams too contribute Global
warming!
5. Don’t save passwords in text files
Alright, now you might question, “A
password which is difficult to guess is difficult to remember. So what to do”?
A simple solution that might tick in your creativity is to store password in
file. Please, don’t follow this method. It is most vulnerable method to store
the passwords. The most common mistake
is to store password in password protected excel sheets which are cracked
opened in no time. Next worse mistake will be writing down in sticky notes and
placing it near desktop. If you decide to write down passwords, write down and
keep it in safe location.
The best method is to use a
password manager which stores login credentials securely. For anybody, who feel
cost involved in the password manager, they can opt for open source password
managers. But download the password managers only from trusted sources,
especially with open source password managers. Don’t feel lazy to check md5 and
checksum of the download file with the official websites of the open source password
manager. Md5 and checksum ensure that source package is trustable and does not
contain any harmful injected codes.
The methods provided above are
basic steps that one must follow to keep oneself secure. There are further
steps involved to completely secure your systems from attacks which you can
follow future blogpost.
Subscribe via email or follow on
twitter for updates.



