While we visit the Internet, the need to Login/Register pops up constantly. Keeping us with the choice of choosing user-names and passwords. Many of us register always with the same user-name, and to make matters worse, many also use only a hand full of passwords, or even practice the "one fit all" dogma. Internet Security is serious business! I hope the following (far from complete) guide lines will benefit your digital security.
1. Define the category of registration:
- financial: here you don't take any chances, and only the best possible is good enough as money always draws the highest attention of a criminal mind. (min 10 digits + characters + symbols, preferably generated by a password generator, to make sure it and totally random without any relation to your personal life)
- private non-financial: I would almost say the same as financial. Data here might contain sensitive & personal information that can be valuable to cyber-criminals wanting to claim your identity, and even resell to the highest bidder.
- General purpose: If it does not contain personal information sensitive to your Identity, you can relax a bit more, but before you do, read the nest point first.
- just trying out stuff: You would think I can use a weak and easy to remember password, because I don't want to insert any personal data anyways, and I have nothing to hide. Right? Well be aware that this idea could be more wrong as you can imagine. I have nothing to hide,
so why do I need to worry about security on non-financial sites?
Lets say you register and use a weak user-name/password combination to test out something. No harm, right? Well think about this: one might easily hack that test account and use it to do criminal activities, witch might catch the attention of Law-enforcement. Criminals mostly use smart techniques like TOR, Proxy hopping or others to hide their identity. So what's left for the investigators? Right; the beginning: in essence your registration IP-address that can be traced back to YOU !! Because how many of us think about it when we register? When you register from your home, you leave a digital fingerprint behind (your IP address, linked via the ISP to your physical address and name). Do you really want to be involved in other's dirty business, and justify yourself to the authorities?
If you really want to test out stuff, from a new or unknown host, and want to use an easy to use user-name/password combination, Do the registration not on your home network, but a public and open access point. or use TOR , better even, boot with the Live-version of TAILS, and use it to test stuff.
Strange huh, that you almost have to be more concerned with the stuff most don't even have on the radar. "testing accounts"
2. Hints and Tools:
2.1. Use password Generators as:
- Openssl rand -base64 12
- apg (to install: sudo apt-get install apg )
in terminal type: man apg for instructions - pwgen (to install: sudo apt-get install pwgen )
in terminal type: man pwgen for instructions
And if you really want to top off those generated passwords, and if it is allowed, throw in a few extra symbols like "#%$&()!<>?:
2.2. Create your secure passwords as shown in the Mozilla video below.
3. Improvise:
If you keep in mind for what category you create a password, you can give it a try on your keyboard by just typing random keys including capitals, numbers, and symbols. and check out how strong it is on strength testers widely available on the web. (ex. http://howsecureismypassword.net/) I would suggest you don't use the exact one you just tested, as you never know who is providing that service. It might be the hackers themselves that register all the typed passwords and create a database of possible passwords from it.
Few Notes:
- Using your real name as user-name is giving away half the security. Use something more creative or in extreme do as if it is also a password, and you double up the security.
- If you are a windows user, I always suggest to buy a cheap laptop or net-book that runs Linux to do your financials . Just to make sure no mall-ware is involved when you type your secure password. (but that is just me)
- There is NO absolute security
No comments:
Post a Comment
Please be courteous, even if you do not share the same view.