Security on the Internet is a big issue these days. What with crackers, scammers, and script kiddies of all sorts trying to compromise your online accounts, it's almost inevitable that you'll come under fire at some point or other. So, whether it's on Neopets or your bank's website, a password is your first line of defence. That's why we've written this article, which will go over a few tips and tricks for coming up with secure passwords and keeping those passwords safe.
A secure password
For a password to be safe, the password itself has to be a good one. There are a few simple do's and don'ts which you should pay attention to when you're setting your password:
- Make the password out of a combination of uppercase letters, lowercase letters, numbers, and symbols (that's right, make use of those weird characters like # and ~): You need at least three of each of these character types all mixed together to make a good password.
- Make it random: A random password is incredibly hard (if not impossible) to guess. TDN has a handy password generator for you to use should you require one.
- Make sure you know the password well: If you have trouble remembering a password, practise with it! Open notepad (or whatever text editor you use) and type it out as many times as you need. Remember that you don't actually need to memorise the password - repeatedly typing it out will stimulate something known as "muscle memory" or "finger memory", meaning that your body's muscle coordination centres will remember the action of typing the password for you. A few staffers here at TDN can actually type all their passwords fluently, but couldn't tell you what they were if you asked them verbally. Neat eh?
- Use dictionary words for your password: If you do this, no matter how obscure the word you use might seem, your password can and will be cracked. A cracker could easily write a script using a simple computer algorithm known as 'brute force' (which basically means trying every single possibility) to run through all the words in the dictionary until it finds the right one. Think about it - your average dictionary contains about 230,000 words. A cracker with a reasonably decent internet connection might be able to make two tries a second. This means that a basic script would take just over one day at the most to crack your password! Depending on the speed of the hardware they have access to, it's likely that they could manage this even faster (more information on password guessing speeds ).
- Use the same password for different sites/accounts: This is a very bad security practice! It means that if one of your accounts is somehow compromised, your other accounts are left wide open. You should use different passwords for different accounts and websites whenever possible.
- Store your passwords in a file on your computer: Many people have a habit of saving their passwords in a .txt or .doc file on their computer in case they forget them. This is not a good idea - anybody with access to your computer, whether it's your inquisitive little brother or a cracker with a backdoor, could potentially log into and seriously mess up the accounts you've stored passwords for. If you really can't remember your passwords (there are some tips for this in the 'DO' section above), you should use a password manager program or your web browser's built in password saver, as these usually encrypt the information they store. Alternatively, write down your passwords on a piece of paper and keep it somewhere you know is absolutely safe.
Things to watch out for
There are many ways somebody can get at your password, even if it is a well made one. We'll go over a few of the most commonly used ones and how to deal with them.
'Phishing' is basically online fraud - somebody tries to trick you into revealing your personal information (username, password, credit card details, etc.). Fake e-mails, instant messages, neomails and login pages are just a few examples of how this can be carried out. The basic rule of thumb to follow here is never give your password to any person or website other than the one you use it on. If you use a password on www.neopets.com, only give that password to www.neopets.com - check the website URL whenever you are about to log in! Also, no responsible organisation will ever ask you to send them your login details (except through their official login page) - if you get an e-mail or any other form of message asking for your login details, then it is definitely a scam.
'Spyware' is the term used to refer to programs that are installed on your computer without your knowledge and used to steal information, monitor your activities, and/or take control of your system. They can, quite obviously, steal your login details, either by extracting them if they are stored on your computer or by logging your keystrokes when you type in your username and password. Common sense is probably the best countermeasure against this kind of attack - don't install anything that you don't trust.
It's also a good idea to keep anti-virus or anti-spyware software installed and updated. Be careful about this though - there are many spyware programs that disguise themselves as anti-spyware! PCWorld keeps a downloads section dedicated to anti-spyware programs (for Windows), along with reviews and popularity statistics. If you're on a Mac, then Macworld's utilities section might have something to your liking.
A 'cookie' is a file that a website has stored on your computer (via your web browser). It's quite standard for websites to use them to store your login information - that way, your web browser can use the cookie to tell the website who you are logged in as (this means that you don't have to re-login every time you load a page).
A 'cookie grabber' is a piece of site code that is designed to trick your web browser into letting it read these cookies, and thus allow somebody to steal your login details. Most modern web browsers are designed to prevent this - they are built so that cookies can only be read by the website that created them (so if www.neopets.com stored your login details in a cookie, only www.neopets.com should be able to read it). In theory however, it is possible to get around this with some fancy scripting, so you should always be careful about what websites you visit! It's also a good idea to clear your cookies on a regular basis.
To clear your cookies in:
- Internet Explorer: Go to Tools > Internet Options, look under the general tab, click 'Delete' under the 'Browsing History' section, and click 'Delete Cookies' on the window that pops up.
- Mozilla Firefox: go to Tools > Clear Private Data, make sure the 'Cookies' box is checked, and click 'Clear Private Data Now'.
- Safari: go to Edit > Preferences, look at the security tab, click 'Show Cookies', and click on 'Remove All'.
- Opera: go to Tools > Delete Private Data, make sure 'Delete all cookies' is checked, and click 'Delete'.
- Google Chrome: click on the Wrench, select 'Clear browsing data', make sure 'Delete cookies' is checked, set the 'Clear data from this period' option to 'Everything', and click 'Clear Browsing Data'.
Here are some other tips which should help you to keep yourself safe online:
- While it might not seem as important as keeping your computer spyware free or avoiding phishing scams, it's always a good idea to change your password regularly, especially if you suspect that somebody is targeting your account.
- Don't tell anybody else your password, unless it's a person you absolutely trust.
- If you can avoid it, don't enter passwords on public computers. There's usually no way to ensure that these computers are free from spyware or other monitoring software.
- Beware of people looking over your shoulder as you enter your password. Believe it or not, I've personally had one or two passwords stolen this way, although fortunately the watcher was simply a mischievous friend of mine.
Well hopefully you have a better idea of how to keep your online accounts secure after reading this article. The internet can be a dangerous place if you're not careful - stay safe! :)
Next sleep in 4h, 33m, 24s.
Sep 21: 2 AM/PM NST
Sep 22: 7 AM/PM NST
Sep 23: 12 AM/PM NST
Sep 24: 5 AM/PM NST