Pinterest Stumbleupon Whatsapp
Ads by Google

Keep Your Online Accounts Secure According to eBay, Paypal and Gmail (amongst others), I have about five hack attempts a week made on my accounts. Last year it was around ten a week. I know this because after a certain number of failed password attempts, the website locks down the account and informs the account holder by email that there have been unsuccessful attempts to access the account. I’ve lost track of the number of times I have had to unfreeze my account and reset my password.

I’ve just had to reset another account so I figured now was a good a time as any to introduce one of my favourite Firefox extensions and at the same time, mention a few tips I have picked up along the way.

I guess the number one rule is to make the password as difficult as possible. This means don’t use “password”, “123”, “321” and definitely don’t use the names of anyone close to you such as partners (including ex-partners), children, parents and pets. If you do, anyone that knows anything about you will easily be able to figure out your password.

With that in mind, I would like to showcase an invaluable Firefox extension called Secure Password Generator. When you install it, you need to drag the button to your Firefox toolbar. The icon is a little padlock.

csp1.gif Opening it up, you first need to click on the “characters” tab to configure what kinds of passwords you’re going to generate. I recommend a password of no less than 15 characters and tick all the other boxes – letters, numbers and other characters. Plus every time you change your passwords, I would randomly alter the number of characters. As you can see from this screenshot, my last set of passwords were 19 characters long but my next set will be perhaps 17 or 22.

I would also suggest you use as many “alternative characters” as possible such as @ and _. $ and ! are also good. You can add pretty much any character you like in the “Other Characters” section so also consider ? or & or /

Ads by Google

When you have configured your password generator fully, it is now time to click on the create tab and begin generating passwords. Just click “create” and watch a password being formed. If you don’t like the one that it produced, keep clicking “create” until you see one you like.

Now you’re obviously not going to remember a password such as K5$@88cLV8zvd!!VT5@ from memory (and if you do, I envy your photographic memory!) so the next step is to record those passwords in a secure place. The simple solution is to record those passwords in a Notepad file and then encrypt the file in your computer to prevent unauthorised entry. A simple encryption program is Steganos Locknote but if you want something a little more robust, try TrueCrypt – I wrote a MakeUseOf review of Truecrypt here How To Encrypt Sensitive Data with TrueCrypt How To Encrypt Sensitive Data with TrueCrypt Read More .

Also make sure that your computer is protected by a firewall such as ZoneAlarm and both the firewall and the encryption program should be more than adequate to keep hackers out.

It’s up to you how often you change your passwords but I would suggest a minimum of once a week. Designate one day of the week the day when you change your passwords.

A couple of other things to remember – in all your important online accounts (especially your main email account), make sure you have specified a difficult security question (again, nothing that anyone else can guess) and also a secondary email address that is totally unconnected to your main email address. You should also check to see what the website’s policies are towards unsuccessful log-ins – will the account be frozen? Will there be a time delay before you’re allowed access again? How do you re-set the password? Will you be notified by email of unsuccessful log-in attempts?

As the saying goes “sometimes it’s good to be paranoid – sometimes they really ARE out to get you!”. The tips I’ve outlined won’t guarantee that your accounts are 100% safe but you’ve just made it a lot harder for casual hackers to break in.

  1. Kevin Berry
    February 1, 2009 at 2:04 pm

    I find Passpack.com to be a highly secure and user friendly solution. It has a built in password generator, your data is available anywhere you have internet, and it's secure as well. Passpack not only requires a standard user name and password, but takes it to the next level by requiring you to enter a unique encryption key. I used Passpack to upload all my saved Firefox password data, and then went through all the websites where I was using the same easily breakable password. I changed them to new secure passwords that even I can't remember. That's what Passpack is for, it remembers all your password for you. When you don't have to remember your passwords yourself, there's no need to use the same one twice. Passpack claims that even they can't access your stored data or restore your account if you lose the encryption key, so make sure to keep a hard copy of it! I changed my Firefox home page to Passpack and now the first thing I do is open up my passwords.

    Check it out:
    Link text

  2. Yonoz
    October 17, 2007 at 11:48 am

    You can also use KeePass (Windows) or KeePassX (Linux).
    Apart from generating and storing passwords, it offers AES and Twofish encryption that you can unlock with a password and/or a file on removable media, and has plugins for things like form-filling. There's also a portable version, which I use for accessing things at work, and a pocket-pc/Windows Mobile version, all GPL.
    keepass.info
    portableapps.com/apps/utilities/keepass_portable
    keepasssd.sourceforge.net

    • Aibek
      October 17, 2007 at 12:55 pm

      Thanks for sharing. ;-)

  3. Joe
    October 14, 2007 at 10:33 am

    Changing passwords weekly is completely unnecessary. I've seen many recommendations of 1 month or 6 months. Here's Microsoft's recommendation:

    A password that is shorter than 8 characters should be considered only good for a week or so, while a password that is 14 characters or longer (and follows the other rules outlined above) can be good for several years.

  4. Doug
    October 14, 2007 at 9:59 am

    I always use a pattern on the keyboard. Or a combination of patterns. For instance:

    e4r5t67u8i9o

    You might have to type it out to see the pattern :) Then to use a different password on every site, root the patter on something about the site. For instance the password to yahoo might be y7u8i90p-[=], google might be gyhujiolp;['.

    I use different patterns for different scopes as well. One pattern for home, one for temporary internet sites that I don't care about, one for secure internet sites, one for work, etc.

    It's a simple system that is virtually unbreakable. My passwords at work were always the last to be cracked by the sysads, they had to resort to brute force. It's a lot easier that they purely random password, and I don't have to rely on some other program to remember my passwords for me.

    Doug

Leave a Reply

Your email address will not be published. Required fields are marked *