Sunday, 25 January 2015

5 Ways to Protect Your Password

The below mentioned methods & procedure are basic ways to protect your password against being stolen by hawkers.

1.Golden rule: Never share your passwords

First and foremost thing, even a present generation kid would advise others when it comes to ways to protect your password is not to share them with anybody. A user credential/password is for a particular users and it must be personal at any cost. What is the use of letting it known to others! It would have been better without passwords than sharing passwords. Even if you have to show them an email for a discussion, just forward them the email or provide a hard copy of the email. Sharing password will make you equally liable for any mischief done by others. So remember the golden rule. “Never share your password”. Even you may share a good relationship with others or it might be a family member; it is ill-advised to share user credentials.
You might ask “What’s problem with my wife? She won’t turn against me.” It is not about the veracity of your family members. But what precautions they follow will compromise your password with someone ignorantly. What if your family members respond to a spam emails which likely appears to be from your banker asking you to reset your login credential from the below mentioned link in that email stating a reason that a someone tried to open your account with wrong email address? Not everybody from your family will understand the difference between spam and real banking emails. Your banking password will end up with the fraudster who tricked your wife or children to login to the fake site which logged your login credentials. Even though many organization campaign against such fraudsters still many fall to the trap of such spam emails. They social engineered your family to give away your banking password in this circumstance. The above scenario might make you think how vulnerable you are when you share your password with others.

2. Don’t keep a simple password

The next most common vulnerability is nature of your password. Most user computer passwords are vulnerable to cracking or password recovery tools. Users ignorant of need of strong passwords usually keep the password short. The advantage of short passwords is easy to remember but at the expense of security. Almost all passwords are guessable due to weak password. Many of us use just our name along with birth year as password. For instance, your name is Mary and date of birth is 14th January 1981. Then the person who tries to steal your password has vital lead to crack your password. Just a word-merge website will create all possible combinations. Sadly, one among that combination will be your user password. A fully automated software will complete the whole operation is no time. So, don’t make your password guessable. Any combinations of your name, family-name, date of birth, pet name, school, college, university, and your work are easy to steal.
Your password strength highly depends on how difficult to guess it. Try to add symbols & numerals. Keep a good length to the password you create. Just a four letters password even with symbols &numerals are walk in the park for the password hawkers. Try to create a lengthy password. A standard would be to create a 15 letter password. Most casual hacker who doesn’t invest in serious hacking will relent with your 14th letter.

3. Never say password in phone calls/text messages/emails

The easiest trick is to make you give away your username and password is simple. Just call your phone number and ask for it. You will provide it without hesitation. Anyone can call your phone number and claim that he is a customer care executive of internet service provider or as a desktop customer care executive who is going to run official update to your devices. They request for the username and password so that they can finish the job from remote place.
Sometimes, when you hesitate to provide username and password, they will insist on visiting your home to install those fake updates on-site. Even though, you may not provide them the password when they visit your home, they will install the update on your system and go away. But the update would be nothing but a key-logger or malware to spook your security. Either way, they gain access to devices with or without your password. It would be always wise to check the identity who visits your home.
As a rule of thumb, don’t provide your password through phone calls or text messages to anyone. If the person calling insists on visiting your home, just call the official customer care help-line to confirm it from the company. Know the name, designation and purpose of the visit of executive if the company actually sends someone to fix the problem. Never leave him alone with your computers and network hardware. Don’t hesitate to question him about his business with your hardware. Know everything technical that you need to know from that executive since they will always demand administrative privileges to your hardware.

4. Spam links

Spamming, old school method of getting user credentials from others. Despite spam filters, we may find unwanted links finding its way to inbox. The most common way is the hawker would send email to all email contacts found on forum we use regularly. Not only they advertise products and services but also try to steal critical information about your computers. All the will do is run a browser script to fish information out of your system. Some trick you to enter your password with phrase “Login with Google”. Don’t fall for the trap. Even though with advanced tech, spam were reduced to ground. Compared to 50 to 100 emails per day, we started receiving a maximum of 10 per month. Still, the possible to get your password through spams are high.  The old school lesson is not to follow spams unless you know who sent it.

Did You Know: Spams too contribute Global warming!

5. Don’t save passwords in text files

Alright, now you might question, “A password which is difficult to guess is difficult to remember. So what to do”? A simple solution that might tick in your creativity is to store password in file. Please, don’t follow this method. It is most vulnerable method to store the passwords.  The most common mistake is to store password in password protected excel sheets which are cracked opened in no time. Next worse mistake will be writing down in sticky notes and placing it near desktop. If you decide to write down passwords, write down and keep it in safe location.
The best method is to use a password manager which stores login credentials securely. For anybody, who feel cost involved in the password manager, they can opt for open source password managers. But download the password managers only from trusted sources, especially with open source password managers. Don’t feel lazy to check md5 and checksum of the download file with the official websites of the open source password manager. Md5 and checksum ensure that source package is trustable and does not contain any harmful injected codes.

The methods provided above are basic steps that one must follow to keep oneself secure. There are further steps involved to completely secure your systems from attacks which you can follow future blogpost.


Subscribe via email or follow on twitter for updates.

No comments:

Post a Comment