Why should I care?
When I ask someone if their accounts are secure, this is the first question they ask me. Why must I secure my account?
Well, first and foremost it is to protect your privacy. You wouldn’t like any stranger on the internet finding out stuff about you and your family, would you? What if your main email account got broken into? Many people use just one email account for registering their different online accounts. An attacker could easily take over your email account and cause your social networks to send their recovery passwords to your hijacked email account and thus the attacker would get into your social networks as well. If someone got hold of your credit card information, then that would be a major pain in the rear.
What can you do to protect yourself ?
There are lots of steps that you can take to secure yourself online.
Strengthen Your Passwords
- Avoid using words from the dictionary or words relating to you (Your wife’s name) as your password.
- Keep the password at least eight characters long
- Mix it up! Use alphabets, numbers and special characters.
Eg: N0$482, T3CH!3
- Do not write your passwords down. Many people write their passwords down on post-it notes / paper so they can remember it.
- Use a different password for each online account
- Use acronyms to remember your password.
Eg: “My Parents Anniversary Dec 25 1980” can be made into a Password like MP@D3c251980 or MPADec/25,80
Change the Answers Of Security Questions
When you register on a website, they ask you a security question for you to answer in order to recover your account.
The questions are quite generic – What is your mother’s maiden name, your first school, your superhero, your favourite author?
If an attacker has information about you (Attacker is a friend or an office colleague), they can answer these questions easily in the “Forgot Your Password” process and gain access to your account.
When you fill up the answers to the security questions, put answers that nobody would guess. The answer to “What is your mother’s maiden name?” could be “Chairs”
Sites like Facebook now have login notifications. The moment someone tries logging into your account from an unknown location or application, the service will send you an email/sms notification to inform you of the access attempt. This feature is purely opt-in and you need to manually enable it.
You can enable notifications for Facebook by:
- Go to Accounts on the top right hand side.
- Click on Settings – > Security.
- In the security section, click on Login notifications to expand it
You can even set up Two Step Verification
Never Post Your Personal Details Online
Parents have always told us “Do not talk to strangers”. In today’s digital world that is changed to “Do not put your personal information online”. There are teens posting their numbers on social media
Avoid posting status updates containing personal information like family member names, location addresses, sicknesses, office location etc.
If you are entering a chat room, use a fake name and do not give out your details like phone numbers, home addresses, school/college info no matter how nice the person seems to be.
Update your OS, Applications and Anti virus
If you get a cut on your finger, what do you do? You put a band aid on it right? If left open, it would be the source for some infection or the other.
Loopholes in a system could be exploited by attackers and viruses. Developers release OS and application updates to patch their software.
If you update the OS, applications and your anti virus, it will protect your system to a large extent from being infected with spyware. There are spyware that can log all the information you type at the keyboard and send it to an attacker over the internet (Keylogging). Sometimes, attackers can take control of an unpatched system, turning it into a zombie which is then used to attack other computers on the internet (DDOS Attacks).
Applying software updates is one of the most important steps you can take to protect your computer and yourself.
Software updates can contain
- Vulnerability fixes
- Bug fixes and enhancements
Anti-virus updates make sure that your anti virus software can protect your system from the newer virus and malware threats.
Avoid Using Publicly Accessible WiFi
Free WIFI!! Seeing just two words, is enough to make you connect to a public wifi point. But, don’t connect!
Public wifi is accessible to anyone who is connected to it. Did you know it is easy for someone connected to the same wifi point , to see the unencrypted sites you are surfing? Many attackers come in between the users and the internet through a method called ‘Man-In-The-Middle’ attack and can intercept the traffic. They can even redirect you to other pages like a fake twitter login page.
What can you do? Avoid using any wifi that you can’t trust; like the Wifi in the malls, colleges, restaurants
Watch your Back!!
Imagine you are chatting to your other half and someone comes up from behind you. If you didn’t pay attention to your environment than that person could see the entire conversation between you and your other half.
Shoulder surfing is an observation based technique used by attackers to get information like Passwords, ATM pins and other data. It is pretty effective in public places where the victim
- Is filling a form
- Logging into a site
- Making an ATM transaction by entering the ATM Pin
Protect yourself by not logging into secure sites while travelling in public transport. I’ve seen far too many people logging into their accounts while travelling in a Mumbai local without realising that someone could be eyeing the password and account numbers they are keying in.
Do you have some tips? I’d love to hear some from you in the comments section.