We can't determine the extent to which the hacker infiltrated my accounts and/or my computer or even exactly how it happened, so I will be completely reformatting my computer to be better safe than sorry. I spent almost 3 hours changing my online passwords. Having your electronic life compromised is a terrible feeling, every bit as bad as having someone walk into your home uninvited and look through your things. Because I sincerely hope that none of you *ever* have to experience this, here are a few ideas for keeping your accounts and your computer secure.
Protect your computer with anti-virus software and a firewall. Norton, McAfee, I don't care. Just have some type of internet security and keep it properly updated. These programs can't always protect your from doing stupid things (such as downloading suspicious files), but they can protect you from most things and even sometimes lessen the blow if you actually do something stupid, such as download a suspicious file that turns out to be harmful.
Don't leave your computer unattended. I used to work in an office of web programmers and leaving your computer unattended, even just for a minute, was a punishable offense. You'd come back to a dancing Hello Kitty, switched mouse buttons, and worse. Friendly reminders to keep your computer secure. So, know who has access to your computer and take control of it. Home computers might not be as big of a worry, but laptops certainly are. If you're working on a public computer, be sure to log out of everything before you leave.
Install all software updates. In addition to helping the software run better, these software updates address security issues. It's especially important that you make sure your operating system and web browser(s) are updated.
Be password-smart. Change your passwords regularly (every 3-6 months is recommended) and create a *new* strong password every time you change your password. Use a different password for each online account. The best way to do this without having to remember umpteen and a half passwords is to create one strong root password and then individualize it by adding a prefix or suffix unique to each account. A strong password is one that
- is not a word that can be found in the dictionary
- does not include personal information for you or your family (names, birth dates, etc)
- contains 7+ characters
- uses a combination of uppercase and lowercase letters, numbers, and special characters (* . ?)
- is easy for you to remember and hard to guess, such as a the first letter of each word in a line of your favorite song or a unique phrase
If you'd like help in establishing a root strong password, you can try the custom password generator at goodpassword.com. For more information about password security, check out these resources from MIT and The University of Chicago.
Be smart in general. Don't open suspicious emails or attachments, follow suspicious email links, or download files from suspicious sites. Even if it looks like it's from someone you know, if it looks suspicious (i.e., not what they would usually send you), don't open it. You can always contact that person to verify that they actually sent you the strange email. :) All of the spam messages sent from my email account included a strange name (for my part of the world) in the subject and only a link (to a pharmaceutical website) in the body of the email. I don't know many people make a habit of sending emails like that, so consider that suspicious! Don't open it! Delete it! Being cautious and checking things out first usually takes only a few minutes and will save you hours of frustration if the message or file is actually harmful, and the hours of worry while you run your anti-virus search.
Also, be critical of what sites you purchase from online. I very rarely purchase from sites that don't accept PayPay, because PayPal is safe and guards my information and my identity. For the sites that I have to use that don't accept PayPay (such as paying my utility bill online), I have a separate card to use for online purchases only. I've also been looking in to PayPal's Secure Card feature, which generates a Mastercard number for online purchases. I've hit a wall, though, and can't find how to actually create a Secure Card... Any help there?
You can also help protect yourself just by being informed. Both Norton and McAfee have sites dedicated to consumer education so that you can be aware of potential threats and how to protect yourself. I'd recommend checking those out.
What have I missed? What do you do to protect yourself online? Sorry for such a bummer topic to start off you Wednesday. :(