According to eBay, Paypal and Gmail (amongst others), I have about five hack attempts a week made on my accounts. Last year it was around ten a week. I know this because after a certain number of failed password attempts, the website locks down the account and informs the account holder by email that there have been unsuccessful attempts to access the account. I’ve lost track of the number of times I have had to unfreeze my account and reset my password.
I’ve just had to reset another account so I figured now was a good a time as any to introduce one of my favourite Firefox extensions and at the same time, mention a few tips I have picked up along the way.
I guess the number one rule is to make the password as difficult as possible. This means don’t use “password”, “123”, “321” and definitely don’t use the names of anyone close to you such as partners (including ex-partners), children, parents and pets. If you do, anyone that knows anything about you will easily be able to figure out your password.
With that in mind, I would like to showcase an invaluable Firefox extension called Secure Password Generator. When you install it, you need to drag the button to your Firefox toolbar. The icon is a little padlock.
Opening it up, you first need to click on the “characters” tab to configure what kinds of passwords you’re going to generate. I recommend a password of no less than 15 characters and tick all the other boxes – letters, numbers and other characters. Plus every time you change your passwords, I would randomly alter the number of characters. As you can see from this screenshot, my last set of passwords were 19 characters long but my next set will be perhaps 17 or 22.
I would also suggest you use as many “alternative characters” as possible such as @ and _. $ and ! are also good. You can add pretty much any character you like in the “Other Characters” section so also consider ? or & or /
When you have configured your password generator fully, it is now time to click on the create tab and begin generating passwords. Just click “create” and watch a password being formed. If you don’t like the one that it produced, keep clicking “create” until you see one you like.
Now you’re obviously not going to remember a password such as K5$@88cLV8zvd!!VT5@ from memory (and if you do, I envy your photographic memory!) so the next step is to record those passwords in a secure place. The simple solution is to record those passwords in a Notepad file and then encrypt the file in your computer to prevent unauthorised entry. A simple encryption program is Steganos Locknote but if you want something a little more robust, try TrueCrypt – I wrote a MakeUseOf review of Truecrypt here.
Also make sure that your computer is protected by a firewall such as ZoneAlarm and both the firewall and the encryption program should be more than adequate to keep hackers out.
It’s up to you how often you change your passwords but I would suggest a minimum of once a week. Designate one day of the week the day when you change your passwords.
A couple of other things to remember – in all your important online accounts (especially your main email account), make sure you have specified a difficult security question (again, nothing that anyone else can guess) and also a secondary email address that is totally unconnected to your main email address. You should also check to see what the website’s policies are towards unsuccessful log-ins – will the account be frozen? Will there be a time delay before you’re allowed access again? How do you re-set the password? Will you be notified by email of unsuccessful log-in attempts?
As the saying goes “sometimes it’s good to be paranoid – sometimes they really ARE out to get you!”. The tips I’ve outlined won’t guarantee that your accounts are 100% safe but you’ve just made it a lot harder for casual hackers to break in.