6 Tips to Improve Internet Security

With huge portions of our lives now being on the internet, including social lives, online banking, e-mail, and more, keeping your accounts safe is extremely important! You wouldn’t leave your valuables out in the open in real life, so take the same security measures for your online accounts! Here are a few tips to help you keep your accounts secure and improve your overall internet security…

1. Have a Secure Password

This may seem like an obvious one, but you’d be amazed about how many people have insecure passwords like “password,” the name of the site, their birthday, their first name, etc. These are the first passwords that any hacker will try!

Here’s a list of passwords to avoid:

• Anything related to your personal details (name, birthday, birthplace, maiden name, etc.).
• Words related to the site itself. For example, if it’s your Facebook password, do not use the password “Facebook” or any variation (i.e. “Facebook123”).
• Dictionary words. If someone tries to brute force your account, it can be cracked in a matter of minutes if you use a common dictionary word (i.e. “dog,” “cat,” “chocolate,” etc.).
• Short passwords. Regardless of what your password is, never have a short one!
• Do not store your passwords in a text file on your hard drive! If you ever get a virus or lose control of your computer, someone could steal your entire list of passwords!
• Do not use the same password on more than one website! If you do and someone manages to hack into one account, they’ll then have access to all of them. It’s like using the same key for your house, safety deposit box, and car. You lose the key, you lose everything. Minimize the damage!

Now here are a few tips for good passwords!

• Your password should be at least 8 characters long, but more like 10-15 is even better!
• The best password is a long combination of random numbers, letters, and symbols (i.e. Dxg]G9xB%8]Uh). If you think that’s too difficult to remember, you can try coming up with a phrase that’s only meaningful to you and turning it into letters, numbers, and symbols. For example: I<3MRed4re! (I love my red Ferrari). But remember to still avoid matching the topic of the website. If it’s a car/Ferrari forum, do not choose a password that relates to cars or Ferraris, since that will be a hacker’s first guess! Furthermore, try to disguise the phrase as much as possible. If it’s something obvious like Il0vec@ts, it’s hardly much better than “Ilovecats,” which is a very insecure password!
• Alternatively, long strings of complete sentences work well too! Examples include: “The horse’s mom climbed up the wall!” It’s a legitimate sentence so it’s easier to remember than random strings of characters, but it still contains upper and lowercase characters and symbols!
• Always use a different password for every website.

2. Secure Your Recoveries!

Most recovery systems set us up to be hacked.. not on purpose, but it just comes down to poor design. Common recovery questions include:

• What is your maiden name?
• Where was your first honeymoon?
• What is the name of your home town?
• What was the name of your first school?
• Who is your best friend?

With everyone using social media sites and blogging about their lives, almost anyone can find out the answers to these questions in a matter of minutes. You probably posted about your honeymoon on Facebook, the name of your first school can easily be determined on social media sites or though a bit of research (discovering your home town and Googling to find elementary schools in the area), and your best friend might even be listed on your many social media profiles! See what I mean? This information is not safe. If someone wanted to get into your account, all they have to do is answer the recovery questions and those answers can easily be determined.

So how do we fix this? Treat each recovery question like another password.

Instead of answering the questions legitimately, submit your answer as another string of random numbers, letters, and symbols. So your recoveries might look like this:

What is your maiden name?
T+f4U3jTHn

Where was your first honeymoon?
4ijhg$k4DY

What is the name of your home town?
fb=KpsA99D

Now for websites you don’t care about and websites that do not have any sensitive or personal information stored (unlike online banking), you probably don’t have to bother with such extreme security measures. But for any websites you do care about, having secure recoveries can save your account.

3. Storing and Encrypting Passwords

So you’re probably thinking, “I’m not going to bother with these security measures… I mean I’ve never had any problems before and this all just looks like so much effort. Besides, I won’t remember all these insane passwords and recoveries anyway!” That’s true, which is why we have a solution!

Remember when I said to never store your password information in a text file on your hard drive? There is another way to store your information! There are a handful of applications which will store and encrypt your password information. It’s the encryption that makes all the difference! I personally use 1Password.

This application is available for Mac, Windows, iPhone, iPad, and Android. It stores all of your password information (and you can optionally also store credit card information and notes) and then encrypts it. You choose one password to protect all of your other passwords. Then even if your computer is compromised, no one can access your list of accounts, passwords, and notes, unless they have access to the password you selected. So pick one password to protect all the others, and make sure it’s a strong, secure one! The application will also store install add-ons so you can log in to your website just by clicking the 1Password button and it will automatically submit your account details!

This is a great way to easily have multiple complex passwords but still keep yourself protected. The application also comes with a great random password generator to help you select passwords for your new accounts!

4. Protect Your Computer With Antivirus Software!

Keeping your actual computer safe is a huge part of internet security. Without it, your computer could get infected with viruses or keyloggers, or other malicious applications that can steal your personal information or completely destroy your computer. So install a good antivirus program and do a full scan (NOT a quick scan!) at minimum once a week. This website has some good antivirus reviews. The top two at the moment (according to that site) are Bitdefender and Kaspersky (which I use).

If you’re using Windows and just want something easy and free, at least download Microsoft Security Essentials. There are better options, but using MSE is better than using nothing!

5. Beware of Phishing and E-Mail Scams

We’ve all received unwanted spam e-mail, but sometimes these e-mails can be actual scams disguised as legitimate e-mails. People send out fancy looking e-mails imitating big websites like PayPal or Amazon, etc. Then at some point they ask you to click a link. It will look like this link leads to Paypal.com or Amazon.com, but in reality it will lead somewhere else and once you log on to this fake website, your password has officially been stolen.

Whenever you get an e-mail that’s asking you to click a link, always check the URL! You can do this by hovering your mouse over the link and checking the status bar at the bottom of your browser. The status bar will tell you where the link really leads. For example:

A link may be disguised as leading to http://www.paypal.com but in reality it may lead to http://www.paypal-com.co or some other slight variation.

This has become an increasingly serious issue with smartphones in particular. Smartphones have smaller screens, which means less of the URL is displayed in the address bar, which makes hiding scam URLs even easier. Here is an example:

Check out the image on the left. This screenshot was taken on an iPhone. Since the screen resolution is so small, the website URL gets cut off. Notice how it just looks like http://accounts.craigslist.org so there would be no reason to be suspicious – right? Wrong! Let’s take a look at the same website on a computer with a higher resolution. Enlarge the image on the left. Now you can see the entire URL. It doesn’t really lead to accounts.craigslist.org, instead it leads to accounts.craigslist.org.southpinechurch.com!

6. Use 2-Step Verification!

Whenever possible, use two-step verification. One example of where this exists is Gmail. You can optionally set up two-step verification which allows you to link your phone to your e-mail account. You can download a Google app on your smartphone, which will generate a one-time code for you to use. You will have to enter this code in order to sign into your e-mail account. What does this mean? It is impossible for anyone to access your e-mail account without also having your cell phone in hand! It is a fantastic layer of security that you should always take advantage of whenever possible!

Share Your Knowledge!

Help others by sharing your own security ideas and suggestions here, or with your family and friends!