Pinterest Stumbleupon Whatsapp
Ads by Google

Getting hacked is an unfortunate part of being on the Internet today. The cold hard truth is that if you want to stay 100% digitally secure, then stay off the Internet. But it’s not all doom and gloom — by using some simple, yet effective security measures, you can make any hackers dream of getting into your accounts, an absolute nightmare.

Always Use Strong Passwords

The sheer amount of people that still use extremely basic passwords is astonishing. For example, I recently had a client whose password for PayPal was something along the lines of “doggybag” and this was for a dog treat company! Even the most inexperienced of hackers could break that password in a matter of minutes.

The least you can do is to create a strong and easy to remember password How To Create A Good Password That You Will Not Forget How To Create A Good Password That You Will Not Forget Read More , which is a lot simpler than you think. For example changing an “S” for an “$”, or using a zero instead of an “o” will immediately make your passwords a lot more difficult to crack. By applying this method, we can easily change my client’s password to “D0ggyB@g”, which is still easy to remember, yet much more difficult to crack.

If you’re stuck for password ideas, then you could always use a pronounceable password generator to help you create a strong password that is easy to remember.

password-generator

Make Your Passwords Unique

What’s the point in having an incredibly difficult password if you’re using the same password across all online accounts? Say for example, that you were unlucky enough to be one of the 250,000 Twitter accounts that got hacked Twitter Hack Compromises Approx 250,000 User Accounts [Updates] Twitter Hack Compromises Approx 250,000 User Accounts [Updates] Twitter has recently informed users that hackers have compromised the security of approximately 250,000 user accounts. Any account known to have been affected has had the password reset and an email sent to inform the... Read More  recently.

Ads by Google

If this hacker got hold of your password and it was the same for everything else, they could get into all of your online accounts very easily, and once they’re in, it’s very difficult for you to gain control again. If you don’t believe me, take a look at this article by journalist Mat Honan who was the victim of a very large, and malicious attack on his personal accounts.

Get A Password Manager

So by now you may be thinking “how am I supposed to manage hundreds of unique passwords in my head”. Well, the good news is that you don’t have too. You can use an online password manager LastPass Premium: Treat Yourself To The Best Password Management Ever [Rewards] LastPass Premium: Treat Yourself To The Best Password Management Ever [Rewards] If you've never heard of LastPass, I'm sorry to say that you have been living under a rock. However, you are reading this article, so you've already made a step in the right direction. LastPass... Read More  like LastPass that will remember all of your passwords for you. What’s more, it will also log you in to your online accounts automatically. This means that your passwords can be a long string of letters, numbers, and symbols that don’t make any sense. For example: 1RXgY7QXcNzM1#Ua.

LastPass-Accounts

I am a heavy user of LastPass myself and I actually don’t have a clue what any of my passwords are as LastPass manages them all for me. Since it’s Web based, I can use it on all of my machines and mobile devices.

If you’re worried about the security of having your passwords synced across the Internet (even though they are encrypted before they leave your machine), then you could use a local password manager KeePass Password Safe – The Ultimate Encrypted Password System [Windows, Portable] KeePass Password Safe – The Ultimate Encrypted Password System [Windows, Portable] Securely store your passwords. Complete with encryption and a decent password generator – not to mention plugins for Chrome and Firefox – KeePass just might be the best password management system out there. If you... Read More  like KeePass which does the same job as LastPass, only locally.

Setup Two-Factor Authentication

So by now you should have completely unique and incredibly strong passwords for all of your online accounts. That’s great, but you can still make things more secure — I told you it would be hard for these hackers!

Password managers do have a weakness, and that’s the master password; the password that is used to unlock your secure password database. With a local password manager like KeePass, this isn’t as much of an issue as hackers wouldn’t normally have access to your machine. But with LastPass you can use two-factor authentication What Is Two-Factor Authentication, And Why You Should Use It What Is Two-Factor Authentication, And Why You Should Use It Two-factor authentication (2FA) is a security method that requires two different ways of proving your identity. It is commonly used in everyday life. For example paying with a credit card not only requires the card,... Read More to bolster your master password with a second line of defence.

LastPass supports Google Authenticator, an app that displays a code which changes every 30 seconds. After you log in with your normal password, you will be prompted to enter the current code on your phone. So not only would a hacker need to get hold of your password, but they would also need your phone as well.

Google-Authenticator

There are a number of websites that support Google Authenticator, not just LastPass. Gmail, Dropbox, and even WordPress can be setup to use it. Google does actually recommend that all users use Google Authenticator Google Recommends 2-Step Process To Protect Your Account [News] Google Recommends 2-Step Process To Protect Your Account [News] Most savvy Internet users probably have at one at least Google account - mainly because Google, for good or bad, crosses paths with so many other websites that it's hard to avoid not using the... Read More with their account.

Use A Separate Email Address For Password Recovery

Most websites have a forgot password link on their login page, so that you can reset your password in the event of losing it. They usually do this by emailing you a unique link that you can use to reset your password.

But what if hackers somehow get into your main email account, then try to send themselves password recovery emails, so that they can get into all of your other accounts? Your strong, unique passwords are pretty useless now.

But all is not lost, you can set up a second email account and use that for password recovery. So even if a hacker does get into your main email account, they won’t be able to access anything else. The recovery email address can usually be specified from within your account settings.

This email address doesn’t even need to make sense, as you won’t be using it for sending mail. fgjflfehjeu@gmail.com would be absolutely fine, just remember to set up two-factor authentication on it, and put the details in your password manager.

You have to use this on a case-by-case basis. Many services usually send reset details to the same email address you’ve used to create your account, which could be your primary email address or one of its aliases.

Conclusion

As you can see from the Google Authenticator screenshot above, I abide by these guidelines for my own online protection, and I’m yet to be hacked (that’s not an invitation to try by the way). Remember, nothing is hacker proof, but employing good security practices will certainly make the job a lot more difficult for any would be hacker.

Do you have a different way of securing your online accounts? If so, please feel free to share in the comments section below.

  1. Allan Monteclaro
    October 23, 2013 at 7:07 am

    Here's a tip I've read from somewhere in www. Choose your favorite book. Open a random page. The first words that capture your attention will be you base password, add to it the page number and a delimiter. Here's an example:

    Using Harry Potter and the Order of the Phoenix

    Random page: 218
    Random words: Quidditch Forbidden Forest
    Random delimiter: %
    Combine to form the base password: ForbiddenQuidditchForest218%

    People often use the same password for their several online accounts. I mean, who would want to memorize hundreds of passwords right? Using the base password above, you can use it for multiple account by adding a descriptive word/phrase after the delimiter. For example,

    ForbiddenQuidditchForest218%email
    ForbiddenQuidditchForest218%facebook
    ForbiddenQuidditchForest218%insta
    ForbiddenQuidditchForest218%skydrive

    For stronger password, more delimiters can be added, or capitalize several characters like:

    fOrbidden%qUidditch%fOrest218%

    I've tested the passwords above using http://www.passwordmeter.com/. Here are the results:
    ForbiddenQuidditchForest218% --> 100% with warning for repeat characters, consecutive lowercase letters, and consecutive numbers. Same rating for the other passwords with descriptive words.

    fOrbidden%qUidditch%fOrest218% --> 100%

    That's just a tip for someone who uses multiple computers with multiple users. Although, I still strongly suggest using a password manager.

  2. Claudine
    September 27, 2013 at 1:11 pm

    Thank you for this article. I think I will start using those services, it's a good idea!

  3. Elseesea
    September 26, 2013 at 6:24 pm

    Does exchanging 0s (zeroes) with "o"s and "a"s with @s really make the password harder to crack? See what PassFault says at http://www.passfault.com/

    • dragonmouth
      September 27, 2013 at 1:13 pm

      I would take Passfault's estimate of a password's strength with a pound of salt. I entered the 26 letters of the alphabet in order into the Test It box and Passfault estimated that it would take 8 quadrillion centuries to crack the password which we all know is a bunch of horse puckey. Even a beginner hacker can crack that password in seconds.

      To get a better estimate of your password's strength, try the following:
      http://www.passwordchart.com
      http://www.passwordmeter.com
      http://www.testyourpassword.com

  4. Kev Q
    September 26, 2013 at 12:13 pm

    You can setup 2-factor authentication with LastPass thought a number a means, not just Google Authenticator. If you don't have a mobile device, then you can use it with a Yubi Key.

    How does 2-factor authentication expose the mobile device exactly? The hacker would never have access to your device, as the vast majority of exploits are performed remotely.

    The authentication server will have the seed, your device will have the token, the token and the seed "sync" when you first set it up and then the code generated randomly using an algorithm. At no point does your mobile device "speak" to the Internet for 2-fa. So I fail to see how you mobile device can be exposed.

    ...but maybe I'm missing something?

  5. dragonmouth
    September 26, 2013 at 11:47 am

    How does one set up two factor authentication without a mobile device? It seems to be a requirement.

    While 2FA provides security for one's important accounts, it also exposes another device (the mobile) to attacks forcing one to go to great lengths to secure that device.

  6. Aymen Debchi
    September 26, 2013 at 11:39 am

    Dashlane is far better than Lastpass

    • Kev Q
      September 26, 2013 at 11:47 am

      I don't think so personally. I've been dipping in and out of Dashlane since it was in early beta, and I have to say, I find LastPass much more functional.

      The fact that you can't actually add things to your database from within the browser is a deal breaker for me. Not only that, but I find the Dashlane interface to be less user friendly than LastPass.

      But hey, that's the fun in having choice. Just because I like something, doesn't mean everyone else should. :-)

  7. Thu Y
    September 26, 2013 at 10:25 am

    I enjoy using lastpass premium MUO rewards me.

  8. Colin Ripley
    September 26, 2013 at 1:20 am

    Lastpass has a free and pro version, I imagine that the pro version is in your rewards program.

    • Kev Q
      September 26, 2013 at 6:17 am

      That's correct Colin.

  9. Nick C
    September 25, 2013 at 9:29 pm

    I use Kneepass to manage my passwords and create hard to hack passwords.

    • Doc
      September 25, 2013 at 9:48 pm

      I can't find Kneepass online anywhere...perhaps you meant KeePass? I use the 1.x version myself...

    • Nick C
      September 25, 2013 at 9:50 pm

      My spelling's bad, I meant Keepass

    • Kev Q
      September 26, 2013 at 6:21 am

      I've used KeePass a lot in the past, it's a great product. However, the browser syncing, auto login out of the box, and the advanced security features, like 2-factor authentication, really make LastPass a winner for me.

      The only downside to LastPass is that you have to have a premium account to use the mobile apps, however, for $12 a year (or free through our rewards system if you have 250 points spare), you can't really complain.

  10. Rodrigo G
    September 25, 2013 at 7:23 pm

    "Many services usually send reset details to the same email address you’ve used to create your account"

    Many? Something like 99%?

Leave a Reply

Your email address will not be published. Required fields are marked *