Your password is you. It’s the key to your life. Whether it unlocks your email account, your computer or your smartphone, the password is vital to your online persona, the usernames, website accounts, perhaps banking and credit cards, cloud storage, and even gaming accounts.
If you lose your password to criminals, your entire existence can potentially be rewritten. At best, you can expect to find some mischief conducted on a Twitter or Facebook account, but at worst… well, the risk of identity theft is something that we’ve explained previously, and the warning signs can be spotted if you know what you’re looking for.
You’ll be surprised, perhaps even horrified, at just how easily your password and other data can be stolen.
1. You’re Using A Rubbish Password
Passwords are tough to get right. It’s easy enough to think of one; but if it’s easy for you then there is a good chance that it is easy for someone else too – especially if they know enough about you.
Even if they don’t, tools exist that can make the task of guessing a password simple by using the “brute force” approach of generating hundreds, even thousands, of passwords a minute to find the right combination.
While no password can be 100% secure, we can at least ensure that our secret codes remain difficult to guess by employing techniques to create a secure password that you can remember.
2. Hardware Devices Are Sniffing Out Your Keystrokes
How secure your data and passwords remain, however, depend upon the determination of the person attempting to hack you. If they really want your data, they’ll probably get it.
One method is by using keyloggers, software or hardware tools that can be connected to a computer or placed nearby that will detect every keystroke, each letter, number or character that you type. As long as you have a good anti-virus/anti-malware solution installed on your computer, a software keylogger should be detected and removed without any trouble.
Traditionally, hardware keyloggers were placed between the keyboard connector and the socket on the back of your PC (AT/XT, PS/2 or USB), out of sight. These days, however, the threat comes from a completely new source, sniffers that detect keystrokes sent wirelessly. Such an example is this USB charger that detects keystokes transmitted from keyboard to PC wirelessly from Microsoft-manufactured keyboards, called KeySweeper.
Designed to exploit a weakness in Microsoft’s wireless keyboards, it is actually a surprise it has taken so long for anyone to exploit the vulnerability commercially – it’s been known about for quite a while.
Protecting against the KeySweepter is simple. Buy a new, non-Microsoft keyboard – preferably Bluetooth.
3. You Give Your Password Away Voluntarily
Perhaps the most frightening way in which your data can be stolen is when you share your password voluntarily, having been fooled by a supposedly trustworthy website or email.
Phishing is the name of the technique used to part you from your personal information, passwords, name, date of birth, etc., and it is a popular tool for scammers. Over the years they have refined their craft. Changes in technology don’t necessarily mean things are more secure – for phishers, they just need to become more sophisticated, using modern, refined methods to get results.
Not only should you be on the lookout for suspicious emails, however, you should also be aware that Android apps can be used to steal your passwords.
4. Your Phone Is Leaking Personal Data Everywhere You Go
While the 1s and 0s aren’t exactly spilling out of your USB port, there is a strong chance that the presence of NFC on your phone can enable hackers to upload malware from their own devices. Near-field communication is inherently insecure, relying on trust between device owners. The problem is that it can work without the devices touching.
Of course, you might find yourself accidentally bumping into people – or them to you – out in the street. The risk here should be obvious. With malware installed on your phone, the attacker can begin downloading personal information, or install a keylogger and have everything you enter (or even say) uploaded to them.
The best way to stop this is to disable NFC, but if you really must have it activated, make sure you’re wearing the right clothes.
5. You Left Your Smartphone, Tablet Or Laptop Unattended
No doubt the most obvious way to stop your data being stolen is to ensure your hardware is kept well away from the thieves. For computers, copying data from a stolen device can be simple even if it is password protected thanks to live Linux distributions that can read the HDD unless it is encrypted.
Along with taking reasonable steps to secure your portables with passwords, we recommend taking steps to protect smartphones from theft, perhaps even employing “uglification” to make a high end device look unattractive.
For desktop computers and other home office equipment, meanwhile, secure your hardware with locks and alarmed cases that will frustrate and deter anyone trying to get hold of your data.
Security tools such as the cross-platform Prey can be installed on your hardware to enable tracking in the event that it is stolen. Should this occur, you can usually protect your data by initiating a remote wipe of the device storage. However on Android this doesn’t always help as data recovery tools can be used to find the deleted information, so it is a good idea to make sure your phone storage is encrypted (also applies to iPhone). This may slow things down a little, but this is a small price to pay.
Digital cameras also store personal data – in the form of potentially valuable photos – and while it is tough to track them down, it is possible thanks to the Lenstag security service that uses EXIF metadata to reunite people with their hardware.
It’s time to stop giving the scammers an easy ride, and make your data safe. Follow these tips, and keep your digital life in your own hands. If you have any suggestions of your own to add, please share them below.