Passwords are an essential part of securing your digital content. Here are some basic guidelines in coming up with easy to remember, tough to crack password.
The longer your password, the better. As a bare minimum your password should consist of 8 characters, 16 or more is recommended. If possible try to include upper and lower case letters, numbers, and symbols.
Limit or avoid using dictionary words in any language and common substitutions – One of the most common ways hackers gain access to unauthorized accounts is by using a method called a dictionary attack. They have a very simple script run down every possible word & word combination until it figures out your password. A common substitution would be replacing the letter a for @ or 4, I for !, 'and' for &, etc. Time to crack a password using a dictionary attack:
These are just random estimates using an average computer. Just because the password p@$$w0rD takes 3 days to guess in this example doesn’t make it a good password. Many complex algorithms are used to compensate for these common methods of “masking” passwords, and a sophisticated hacker will hack any of those 3 passwords within minutes; including the last one, because it uses a very common sentence often used as an example of good passwords. Correct horse battery staple is another of those sentence made famous from this xkcd webcomic.
In most cases, once the hacker has already targeted you they know your location, age, relationship status, social media accounts, and much more. If you use the same password across all your accounts the damage they can inflict on your online and offline identity can be disastrous.
A great, open-source, and free option for all platforms is KeePass. A better, compatible version of this password manager for Mac is MacPass. Simply think of one good, very strong password for your main database and store all your passwords in it. Using a cloud service like Dropbox to store your password database can guarantee you’ll always have your passwords wherever you are. Additionally KeePass incorporates a password generator, taking away the difficulty of always coming up with a new, secure password. KeePass is freely available for Windows, Mac, Linux, Android, iOS, Blackberry OS, and even Palm OS.
Like 222333444 or pppaaasssswwwwooorrdd
Using password1, password2, password3 for different accounts, or after changing passwords adds no security.
Your birthday, kids names, address, phone number, residence, high school/college, pets names, etc. are all easy to figure out with a little social engineering. Passwords of this nature will surely be exploited if someone is trying to gain access to your account.
If you absolutely must do this make sure to store the paper away securely. The worst place to keep written passwords is on your monitor or desk.
I bet you will not be able to guess this one, give it a shot; I'll wait!!
I'm 10 years short of being ten years older :)
I enjoy watching movies but hate watching TV...
Websites can be a lot of fun but they can also be downright malicious. Learn how to enhance your online experience whilst staying safe.
You’ll be surprised how much nicer and safer your online experience will be. The easiest way to do so is by using this addon:
uBlock – This free browser add-on is available for Chrome, Firefox, Opera, Safari and Edge.
A free and reputable solution can be found at Virus Total
This not only prevents certain types of malware from auto executing on your system, it also stops those annoying websites from auto playing videos and music. It is even better to disable flash altogether, but some websites might not function properly. To enable click to play:
Firefox, Chrome, and Opera have built in auto-update features.
Safari can be updated from System Preferences → Software Update.
For Internet Explorer click on Settings → About Internet Explorer (Depending on your version click on update, or check Install new versions automatically.
Install HTTPS everywhere to enable this behavior by default.
This might break certain websites, so use with discretion.
All though email is one of the oldest forms of online communication, it is still one of the most insecure.
Simply opening an image can send an attacker important information about your operating system, location, browser/software, IP address, and more.
If you must open the email make sure not to download any attachments, or load any images.
ClamAV is really good at this specific task.
Do not give out your email to strange websites, or reply to spam messages. A spammer sends out 1000’s of emails per day, usually waiting to see what accounts are actually being used by sending messages to every possible email@example.com they can guess. Replying makes their life extremely easy.
If you must send sensitive files encrypt them in a Veracrypt volume and send that to the intended receiver. Veracrypt is a free, easy to use software that will make it close to impossible for an attacker to crack your sensitive data unless you send the password in clear-text. You could also use Privnote to send a one time, self destructing message.
Work, Home, Play, etc. Gmail, Outlook, Yahoo, and many others offer email addresses for free. If you want to receive chain messages from a company, use a secondary email address, because a lot of companies have the bad habit of “sharing” your email address with their partners, and you might get spammed by these partners.
These types of attachments may contain malicious content. Only open these kinds of files if the source is confirmed and trusted.
Privacy has become a commodity most will never experience, be one of the few.
Only give out sensitive information, like credit card information, to trusted websites using encryption. – This can be spotted by the prefix: HTTPS:// in the URL bar.
When using social media, be very careful with clicking on links posted by your friends to external sites. – Many times, if they’ve clicked on malware before, they are spreading it without knowing about it. As an important side note, everything you do, or have ever done on social media is logged and saved on remote servers. Privacy does not exist on social media!
A lot of these are not safe. If you wish to share something on social media, simply copy/paste the URL.
Like your full birthday, complete name and address. This facilitates the work of anyone looking to steal your identity.
Only your friends should be able to see information about you, pictures, and other material that could be used for social engineering an attack on you, or stealing your identity.
You wouldn’t scream out in the middle of the street “I’m going to the movies from 10 to 12, nobody will be home!” for everyone to hear, so why do it on the internet?
Flash is an outdated technology with many vulnerabilities and exploits which can leak out information about your system/network. Many games are still based on flash, so just make sure they're from a trusted source and exercise caution.
Or at least delete them on exit, since outright disabling them requires some advanced configuration. A whole lot of information about you is being stored by websites, and some do sell this information to other companies. Install the Firefox plug-in lightbeam and check back after browsing the web for a while if you don’t believe the amount of cookies storing information about you is significant. Install Disconnect on all your devices to limit this behavior.
With the vast amount of private and sensitive information contained inside of your devices, you can’t afford to leave them unsecured.
All though a very common myth, OSX is not safe from malware. It never was, but just 10 years ago they held less than 5% of the PC market, making it unconventional for hackers to create exploits for them. Today’s estimates calculate Apple PC users at about 16%, and hackers have surely taken note of this. Add to that the popularity of iOS and you can be certain some very nasty malware is lurking out there for any operating system. There are many free anti-virus solutions to choose from:
This is something everyone knows should be done, yet few actually do it. The fact is a hard drive has an expected lifetime of 5 years. It may last much longer, or much less, but one thing is certain: your hard drives will eventually fail. Having backups is essential.
Veracrypt is a simple solution for this.
The reason these updates exist is because more often than not exploits are found in the source code. Companies like Microsoft and Apple are very quick to react to this and release an update. Not updating leaves your system vulnerable to an otherwise preventable intrusion.
A lot of times adware comes bundled with legitimate software. You can easily spot this by checking and making sure the boxes selected are things you actually want before clicking proceed/next/install.
No complicated password needed, but make sure you lock your computer when it will be unattended for a significant period of time. If you handle very sensitive information it's probably wise to encrypt your entire hard drive.