Social Networking Safety – Always Change Your Passwords

Shock spread across the online world, as news of hacked social media services Linkedin, eHarmony  and most recently Last.FM scared their members. Apparently, several thousand passwords were ripped from both sites, allowing the hackers to do what they want with other’s accounts.

Shocked? Probably not -- stolen passwords aren’t something new, and it probably won’t ever go completely away. So long as the challenge exists to access personal information on high volume computer networks, hackers will always find a way.

That’s the nature of hacking – unless you’re part of a special interest group like Anonymous which uses hacking to create awareness of political and social issues, most hackers do it for the thrill of just succeeding.

Not that if they do get their hands on your passwords they won’t do nasty things to your account – like sending dirty pictures or spam emails to all your friends. Once they get into someplace they weren’t supposed to be, they are like kids in a candy store, and they’ll have their fun until they get bored and move on to their next hacking attempt.

Hacking is like terrorism in a sense. The more we do to prevent it, the harder others work to undo those preventions. Just think of all the additional hassles of flying and all the attempts which are still made to circumvent those security measures.

So, how do you keep yourself safe, in a world that just isn’t?

Here are some tips that you’ve probably heard umpteen times – but in light of the recent hack attempts and stolen passwords, it might be a good idea to stop listening and start acting.

1. Change Your Passwords Often – I change my passwords every couple of months. It’s a hassle, as all my passwords are different for all my accounts. But this way, if there is a password leak online, it reduces the chances that someone who stole my password last month will be able to use it this month.
   
2. Don’t Make ‘Em Easy to Guess – Don’t use your name, address, phone number, birth date, place of work, friends or family names or numbers, pets names or anything which those who know you will easily be able to guess. Not only does this make it harder for those who know you to hack into your accounts, chances are you post these details online somewhere, which makes it easy for those who don’t know you to guess these types of passwords too.
   
3. Use Different Passwords For Each Service – Yes, this is a hassle too, as most of us have more than one social network, computer, or other account. But if your password on Facebook is the same as your online banking password, then you are putting not just your personal information at risk, but your entire financial future too. I have different passwords for everything which requires a password, that way if someone hacks into one account, they don’t instantly have access to any other account.
   
4. Don’t Give Your Passwords Out – As common sense as this one is, you’d be surprised how many people give their girlfriend/boyfriend, wife/husband or even friends their password to check out some “cool” posting. If you ever have an argument with someone who’s got access to your account, look out – you’re about to be burned.
   
5. Don’t Keep Your Passwords in a Publicly Accessible Location – Used to be you’d be told “not to write down your passwords.” That’s still good advice, but in this era of multiple accounts and passwords, that isn’t very practical. I use a handy iPhone app called iPin to securely store all my passwords. It encrypts them, and requires either a password or a unique swipe combination to access the app on my always locked phone. There are other apps or password managers which do the same thing, for all the other mobile devices, or you could even just use an MS-Word file on your computer – but secure it with a password in a directory only you know about, so that others don’t easily access it. The point here, yes, you may need to write your passwords down, but don’t put them on a big yellow Post IT Note stuck to your monitor for the world to see.
   
6. Don’t Store Passwords in Your Browser – Many web browsers give you the option to remember your passwords, so that every time you go to a site which requires a password, you don’t have to type it. I hate leaving any trace of my presence online, especially ones which may compromise my security, so I don’t store passwords in any browser, no matter how encrypted the browser files are.
   
7. Don’t Use a Master Password – Many browsers and apps let you create a single password – called a “Master Password” which is linked to a secured file on your computer which has all your passwords in it for each account. When you need to login to an account on that computer, you just have to remember your Master Password, enter it, and you instantly gain access to your account. Although most of these applications secure your password files, it gives thieves the opportunity to access that secure file. And, most people create an easy to remember Master Password, which defeats the whole purpose of having passwords, because it makes guessing the Master Password easy, which then makes it easy to access your accounts.
   
8. Create Unique, Hard to Guess Passwords – I use a password generator to create nearly impossible to guess passwords. Password generators use random character sequences of upper and lower case letters, numbers and symbols to make complex passwords. I always set my passwords to no fewer than 15 or 20 characters (depending on the service) and use every possible character on the keyboard. A password that looks like “%lTXvsfcIAj16zqMln$9s” is pretty hard to guess. There are password generator apps for all the smartphones, and you can get MS-Windows widgets which do these too for your desktop.
   
9. Never Send Your Password Electronically – Don’t email or SMS Text your passwords to anyone, even yourself. You never know who may see it, and once it’s electronically available, it might as well be on a postcard plastered everywhere. If an online service you use requests you email your password, call them directly to verify the request – most online services will never ask for your password by email. This is usually an attempt by hackers to gain access to your accounts.
   
10. Test Them Often – Log into your accounts and review your personal account details regularly, to ensure your passwords work and all your personal information is correct. Often the first thing a hacker does once gaining access to an account is change the password and some of the account details to be able to access the account again. If the account has a security question, change that every so often too

And remember, if at any time you feel your account(s) may have been compromised, the very first thing you should always do is change your passwords. If your wallet is stolen or goes missing, the first thing you’d probably do is cancel your credit cards – why not have the same security process for your passwords?