Wednesday, April 21, 2010

Wednesdays on the Web: Security

So, I had a fun topic all picked out for today's post. And then my email account was compromised. I was hacked. (I am just starting to be able to say it out loud.) So today we'll be talking about web security instead. :)

We can't determine the extent to which the hacker infiltrated my accounts and/or my computer or even exactly how it happened, so I will be completely reformatting my computer to be better safe than sorry. I spent almost 3 hours changing my online passwords. Having your electronic life compromised is a terrible feeling, every bit as bad as having someone walk into your home uninvited and look through your things. Because I sincerely hope that none of you *ever* have to experience this, here are a few ideas for keeping your accounts and your computer secure.

Protect your computer with anti-virus software and a firewall. Norton, McAfee, I don't care. Just have some type of internet security and keep it properly updated. These programs can't always protect your from doing stupid things (such as downloading suspicious files), but they can protect you from most things and even sometimes lessen the blow if you actually do something stupid, such as download a suspicious file that turns out to be harmful.

Don't leave your computer unattended. I used to work in an office of web programmers and leaving your computer unattended, even just for a minute, was a punishable offense. You'd come back to a dancing Hello Kitty, switched mouse buttons, and worse. Friendly reminders to keep your computer secure. So, know who has access to your computer and take control of it. Home computers might not be as big of a worry, but laptops certainly are. If you're working on a public computer, be sure to log out of everything before you leave.

Install all software updates. In addition to helping the software run better, these software updates address security issues. It's especially important that you make sure your operating system and web browser(s) are updated.

Be password-smart. Change your passwords regularly (every 3-6 months is recommended) and create a *new* strong password every time you change your password. Use a different password for each online account. The best way to do this without having to remember umpteen and a half passwords is to create one strong root password and then individualize it by adding a prefix or suffix unique to each account. A strong password is one that
  • is not a word that can be found in the dictionary
  • does not include personal information for you or your family (names, birth dates, etc)
  • contains 7+ characters
  • uses a combination of uppercase and lowercase letters, numbers, and special characters (* . ?)
  • is easy for you to remember and hard to guess, such as a the first letter of each word in a line of your favorite song or a unique phrase
You can protect your passwords by never giving them out (especially in an email -- that's called phishing),  not storing them in your web browser (especially on a laptop), and not writing them down (resist the temptation! You're much better off to set security questions and write down the answers to those in the event that you forget your password.) 

If you'd like help in establishing a root strong password, you can try the custom password generator at For more information about password security, check out these resources from MIT and The University of Chicago

Be smart in general. Don't open suspicious emails or attachments, follow suspicious email links, or download files from suspicious sites. Even if it looks like it's from someone you know, if it looks suspicious (i.e., not what they would usually send you), don't open it. You can always contact that person to verify that they actually sent you the strange email. :) All of the spam messages sent from my email account included a strange name (for my part of the world) in the subject and only a link (to a pharmaceutical website) in the body of the email. I don't know many people make a habit of sending emails like that, so consider that suspicious! Don't open it! Delete it! Being cautious and checking things out first usually takes only a few minutes and will save you hours of frustration if the message or file is actually harmful, and the hours of worry while you run your anti-virus search.

Also, be critical of what sites you purchase from online. I very rarely purchase from sites that don't accept PayPay, because PayPal is safe and guards my information and my identity. For the sites that I have to use that don't accept PayPay (such as paying my utility bill online), I have a separate card to use for online purchases only. I've also been looking in to PayPal's Secure Card feature, which generates a Mastercard number for online purchases. I've hit a wall, though, and can't find how to actually create a Secure Card... Any help there?

You can also help protect yourself just by being informed. Both Norton and McAfee have sites dedicated to consumer education so that you can be aware of potential threats and how to protect yourself. I'd recommend checking those out. 

What have I missed? What do you do to protect yourself online? Sorry for such a bummer topic to start off you Wednesday. :(


JPO said...

I am not password smart! I must do better! Thanks for the post

An Almost Unschooling Mom said...

I had someone hack my Paypal account a while back - very upsetting! Paypal took care of the charges, but my security in their system was lost.

Dondi said...

I'm so sorry! That sucks! We've been there. My hubby is my (affectionately of course) computer nerd. I don't know crap about computers so he does everything for me. And when we finally got set up with a wireless router he made sure to make it as secure as possible. Or so we thought. Someone (someone who lived VERY close to us) must've been incredibly determined and hacked it. It fried our hard drive. It was a very unsettling feeling knowing that a neighbor had done that

AlyGatr said...

That's horrible! My friend's Facebook was hacked and someone in the UK was IMing all her friends saying she'd been mugged while on vacation and needed money. I was one of those people who got messaged and I sent my friend an e-mail letting her know what had happened. I was distressed, just on the off chance she might have actually needed help (of course, I had the sense not to just send money or give out any personal info!)

Thanks for sharing the important info!!

Lady Hill said...

ugh that's awful! i'm so sorry that happened to you. i once had an ex do all sorts of damage b/c i had saved my password in the browser on his computer before we broke up.

thanks for sharing all of these great tips.

Evelyn Perkins said...

Not a bummer topic! A perfect one! I am not very wise when it comes to this so this is great! Sorry you had to learn the hard way, but thanks for helping everyone else!