Thursday, July 3, 2014

Tips for preventing identity theft - Digital Hygiene: Part 4

By Don Gardner

This is the fourth in a series of articles by Don Gardner, Clearwater County Emergency Management Coordinator, about protecting your digital identity.

This week I will continue discussing the Level 2 (more advanced) steps for protecting your digital identity.

Stay off Skype. No one should use Skype for secure communications. Earlier this year, Ars Technica found that Skype is not using end-to-end encryption and, more than likely, your conversations are being listened to. In fact, Skype’s privacy policy states that they have the right to scan and review your instant messages and SMS. Unfortunately, there is no good, trustable, encrypted voice or video infrastructure to replace Skype, so we recommend you simply don’t use it for sensitive discussions.

If you are going to use Skype, there are a few things you can do to at least protect yourself from Skype-targeted phishing, spam, and viruses. In your privacy settings, make sure that only people in your contact list can contact you either through IM or video.

Use HTTPS by default. When you see HTTPS at the beginning of a Web address, you know that communication between you and that page are encrypted. Even though many sites offer HTTPS, such as Wikipedia and Google, many still don’t default to it. You can use an HTTPS Everywhere type program to help keep you at HTTPS.

Don’t install unknown programs. This really means “don’t visit suspicious sites” (pornography sites, cracked software sites, torrent sites serving music and video); not because you’ll get in trouble, but because they tend to be crawling with pop-ups waiting to trick you into installing something you didn’t mean to.

The Web is littered with software that earns its keep by spying on users, and sometimes it’s even more malicious than that. If you don’t know who makes and distributes a program, it’s hard to know if that software is safe.

Never click on a pop-up that wants you to do something. Even clicking on the X to remove the pop-up can start a download you don’t want. One way to protect yourself is to close the browser and not visit that site again. Make it a habit to download programs directly from websites of trusted vendors or well-known open-source projects.

Password tips

Did you know that a simple PC can crack 100 million passwords a second, and that many passwords can be found through Facebook? Unfortunately, having a strong password that you routinely change is part of the cost of being online.

Avoid using the same password across multiple sites and services. That way, if Yahoo credentials are breached, hackers won’t be able to jump across into your Twitter, or online banking, and other accounts.

Choose a password that is not easy to guess. Words with a dictionary root followed by numerals are very common choices and predictable patterns that cyber criminals can use to crack your password very fast.

Set up password change/reset mechanisms properly–not obviously. Password reset forms on many services ask questions like “Where did you go to school?” or “Name of your first dog?” These questions are easy to answer and can typically be mined from social media sites. Why would hackers guess your password if they can just surf social media to find out where you went to school and how old you are? (You did, after all announce your birthday last year on Facebook didn’t you?)

Instead, I suggest lying on the Internet. Come up with a scheme of answers to these questions that you won’t forget. An answer to the inevitable “mother's maiden name” question could be Miss 7#BrE_r (mom will understand), but no one will ever guess your “secret questions.”

Bigger equals better! Short passwords might be guessed in second or minutes or hours (it depends on the implementation), where very long passwords could take years of work (and the cyber criminals are likely to go after someone else). Therefore, making your password 40-60 characters makes life much harder for the cyber criminals if they do manage to break into a service like Yahoo. This of course assumes the provider isn’t just storing your password in clear text.

Use a password manager. Password managers generate strong unique passwords for each of your services and then store them in an encrypted database which you can unlock with one good master password. It is a reasonable compromise for those that do not have an amazing memory. Only use a program like this from a company you trust, and don’t repeat similar passwords across multiple sites.

Next week I will begin the super advanced, Level 3 tips for protecting your digital identity.

No comments:

Post a Comment