Bionic Passwords: Better, Stronger, and Faster.

Bionic Passwords: Better, Stronger, and Faster.

OK, we can’t get your passwords to become faster, but certainly we can give you tips on how to make them better and stronger (read: harder to break). Our last post on passwords gave a lot of information on how good passwords can be easily created, and we’ve come up with more ideas for you to secure your passwords.

A strong password is the first line of defense against anyone who would want to break into your account, so the tougher you make it on them, the less likely it will be that they get what they want. Use these tips to create a bionic password that will make it tougher to crack.

  • Get creative with words:

    You can get a lot of traction out of one word if you can figure out different ways to use it in your password. For example the word “crystal” is pretty clear (pun intended), but you can muddy it up a bit by doing things like removing all vowels, changing how it’s spelled, or reversing certain letters. Examples include “crstl”, “krYs+al”, and “ltsrc” (the first one, only backwards). Mix that up with another word to increase the length of the password and you’ll be good to go.

  • The same word, only different:

    Maybe you like birds, and your favorite bird is the Pine Grosbeak bullfinch. Well, as we all know (sarcasm) the genus for those birds is “Pinicola”. Maybe you also happen to love Coca-Cola. You take out the “cola”, insert “Coke”, and now you have a 2-word password that’s easy to remember: “PiniCoke”. Substitute some of the characters to something like this: “p1niCok3” and you’re good to go.

  • Don’t use common number patterns:

    Your phone number, street address, even your jersey number from the high school football team… these are all very bad things to use in a password as they are. If you plan on using one of them, be sure to mix things up. If you live on 1313 Mockingbird Lane (Quick… what TV show is that address from? The first person to comment on the blog with the right answer gets a free year of StopSign.), you could use the street number like this: “+h1rT3en13”.

  • Mix it up:

    Using only alpha-characters or only numbers isn’t a very good idea for a password at all. Your password is a digital cocktail. Mix. It. Up. If a decent password is made up of 8 or more characters, you should try to use at least 2 numbers and one non-alphanumeric character (a hash symbol “#”, an exclamation mark “!”, etc.).

  • Use multiple passwords:

    Ideally you should have a unique password for every account that you have. Your home email, work email, computer login, bank account, Twitter… any account you have that requires a user name and password should have its own unique password.

These suggestions are not the end-all, be-all and we don’t necessarily advocate using every single password tip listed. But they can be food for thought when devising a new password. You’ve seen my repeated suggestion to mix things up, and that’s a big thing. Keep things fresh, get creative, and you’ll be far and away ahead of the pack when it comes to creating a strong (and difficult to crack) password.

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

Six Secrets of a Safe Twitter Account.

Six Secrets of a Safe Twitter Account.

Twitter is like a giant party in a community of over 18 million people, and there’s bound to be a few apples in the bunch who want to cause trouble. You can get around some of those problems by locking down your Twitter account and being aware of some of the potential problems you might run into when you’re tweeting. Just follow these simple Twitter tips and use your common sense, and you’ll be much ahead of the “safe twittering” curve.

  1. Good, strong passwords.

    The creation of a good password cannot be stressed enough! Make sure to create a password that’s difficult for others to figure out and contains a mix of letters and numbers. Also try to use a different password than you use on other social networking sites in case one of the passwords gets cracked or is leaked out. Read more about how to create a strong password on our blog.

  2. URL shorteners.

    Sites like bit.ly, ow.ly, and cli.gs are great URL shortening services, especially when someone wants to link to websites in 140 characters or less. But if you don’t know the person who tweeted with a shortened URL, you’re never quite sure what you’re going to get. (OK, that’s not 100% true*) Be careful what you click on!

  3. Are you (literally) on Twitter.com?

    Scammers and spammers love to build lookalike sites to try and trick you into submitting your user names and passwords to them instead of the real thing. Before you log in, check the address bar to make sure you’re actually on Twitter.com and not some scam website. Learn more about how to figure out if you’re on a fake website or a real one on the StopSign blog.

  4. Third party access.

    There are some really neat services out there like We Follow and Twitter Grader that help enhance your Twitter experience and learn more about your tweeting habits; but there are also some fishy ones too. Make sure to regularly check your Connections settings in Twitter to clear out any unexpected or suspect applications that have been given access to your account. And if they offer it, connect using OAuth, as it’s much safer than supplying your user name and password to a strange website.

  5. Phishy phish.

    You’ve got to be diligent about reading DM’s and @ mentions (there’s a particularly nasty trick going around now where a scammer will @ mention you regarding something you’ve tweeted about and there’s a shortened URL to a spam site in the mention – do NOT click on it!). There always seems to be a phishing scams of some kind happening on Twitter, so make sure you know what you’re clicking on or responding to.

  6. Don’t get too personal.

    It’s really important that you don’t expose too much information about yourself or your family online. The wrong tweet can get you on a spammers list, or at worst, can lead crazies on the Internet right to your front door. We’ve got tips on how to stay safe online and offline.

For more information on Twitter security, check out the official Twitter help article on safe tweeting.

*OK, technically you can preview any bit.ly URL by adding a “+” to the end of the URL. Other sites and/or services may do the same; but the main issue is that URL shorteners, by default and by design, do not natively display the destination URL. Back to the top

Image courtesy of Twitter

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

3 Things Your Username Shouldn’t Say About You.

“What’s in a name? That which we call a rose
By any other name would smell as sweet.”

From “Romeo and Juliet“, by William Shakespeare

The creation of a username (or user ID) for any online service or account is often overlooked as a topic of Internet safety. Although the username you create for your bank’s web site may not be viewed by many people, your email, social network, and instant message (AKAIM“) usernames will be viewed by dozens, hundreds, or maybe thousands of people (depending on your popularity online and/or the openness of the service).

When choosing a username it’s best to not take any chances. Crooks, predators, fraudsters, scammers… anyone with ill intentions might be able to wedge their way into your life to cause problems. There are 3 types of personal information found in many usernames that might be useful to the bad guys, which we’ll discuss below.

Note: In the sections below we use various usernames as examples. These are not intended to be the usernames of actual people, and any similarity is purely coincidental.

Age

This is especially important for children, as their usernames can be displayed to all kinds of unsavory characters online, from sexual predators to cyberbullys. When helping your child select a username for themselves, be careful not to reveal their age.

Here are some examples of age-defining usernames:

  • Little15 Shows the age of the user.
  • Bobby1997 The full year of the users birth.
  • Kewl95Dude The partial year of the users birth.

Location

Area codes, city/county names, zip codes, phone prefixes… there are many ways to give a crook or scammer information on where you live. Remember the movie “You’ve Got Mail“? Tom Hanks’ character used his building number in his username (“NY152”). Rich guy, building in his username… there’s some quick and easy info for a baddie to pick up on. Don’t be that guy (or gal).

Here are some examples of location-defining usernames:

  • Alice90210 The zip code of the user
  • Derrick212 The area code of the user
  • KingCoKyle The county of the user. (e.g. “King County”)

Gender

Whether you’re a man or a woman, it’s easier to identify people when you know more things about them. If, for example, someone wanted to cyber-stalk you, it would be easier to pick you out in a crowd if they could eliminate half of the group by only looking for one sex vs. the other.

Here are some examples of gender-defining usernames:

  • LadyInRed
  • MisterMan
  • MrsHotPotato

A few things to note

We’re detailing suggestions, not absolutes. If you’re 87 years old and decide that HappyGramps87 is the username for you, then you’ll probably be fine since age is much more of an issue for children. And, of course, there are things that shouldn’t need to be said like putting things like your PIN or Social Security number in your username. Just use your best judgment and do what you think is right. And safe.

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

Social Engineering: A Digital Con Game.

Social networks such as Facebook, Twitter, and MySpace are wonderful ways to connect with friends and family. Unfortunately they also provide excellent resources for online crooks to gain sensitive information via social engineering, a term synonymous with con games in the world of computer security. By learning what social networking is, you can protect yourself from would-be (virtual) attackers and keep your data safe.

What is “social engineering”?

Social engineering is a non-technical intrusion using human interaction (thus, the “social” in “social engineering”) to gain information which directly, or indirectly, leads to a scam of some kind. The information compromised can be of any variety: passwords, access to computers and/or networks, account information, or anything else that can lead to additional data, money, identity theft, hacked accounts, or other problems for the victims. It’s considered a safer and easier way to run a con since the scammer rarely has to be physically present in front of the victim, so the Internet provides an excellent medium for these kinds of scams.

How does social engineering affect my social networking accounts?

Attempts to phish for information are notorious online, and you should learn how to protect yourself from phishers. Instant and direct messages, emails, chat… all forms of online communication have the potential to be tapped, spoofed, or intercepted. Whether it’s email, a social networking site, or something else, all it takes is one unsecure account and a bit of luck in order to gain access from hundreds, if not thousands, of other users. With access to one unsecured account, the scammer now has the trust of all of their friends and followers of the real account owner. The flood gates are now open for additional phishing attempts, data loss, and other forms of digital mischief.

Social engineering is very simple and very effective. The weakest link in any computer security scenario will always be a human, and social networks are chock full of them. With enough patience it’s only a matter of time before a scammer finds a victim.

How can I protect myself from being a victim?

The easiest way to guard against social engineering is to be skeptical of offers presented in emails, online, and over the phone. Social engineering attempts prey on every aspect of human behavior (greed, compassion, fear, love, etc.) and can even exploit outside events such as natural disasters and current news topics in order to extract information from the victim. Here are a few specific things you can do:

  • Ensure the legitimacy of anyone claiming to be a representative of a company, government office, or organization.
  • Never reveal personal information unless you are certain of their need for the information and that the information will be held in the strictest confidence.
  • Keep your passwords and other account access data secure. No company or it’s representatives should ever ask for your password, no matter how convincing the story they give you.
  • When entering sensitive information online, make sure you’re really on the web site you think you are on. Read our “How to Spot a Fake Website” post to learn more.
  • Never send sensitive and/or personal information via email or instant message to anyone, even friends and relatives. Spoofing emails and IM information is too easy.

If you come across a social engineering attempt, make sure to contact the service you used when the attempt occurred. Most social networking sites, companies, and organizations have a computer security team that handles these issues and you can help stop the spread of these attacks. Listed below are some resources for a few online services regarding safety, abuse, reporting, and/or support. To find out how to report on other sites, check their Help or Support links.

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.