Posts

Strengthen Your Digital Defenses with the 5 Habits of Practically Unhackable People

At the start of the year, we all made our resolutions for 2015. Now it’s March—how are you doing on your resolutions? If you’ve already broken a few, no worries; New Year’s doesn’t have the monopoly on making goals to better yourself. This is especially true with digital safety. At a time when there are so many security breaches, it’s important to commit to strengthening your digital defenses year-round.

1DWhen making goals, it’s important to emulate people who have already mastered what you’re trying to learn. So in this case, what do super secure people do to stay safe online? Intel Security has the answer—here are the 5 habits of practically unhackable people:

  1. Think before they click. We click hundreds of times a day, but do we really pay attention to what we click on? According to the Cyber Security Intelligence Index, 95% of hacks in 2013 were the result of users clicking on a bad link. Avoid unnecessary digital drama, check the URL before you click and don’t click on links from people you don’t know.
  2. Use HTTPS where it matters. Make sure that sites use “https” rather than “http” if you’re entering any personal information on the site. What’s the difference? The extra “S” means that the site is encrypted to protect your information. This is critical when you are entering usernames and passwords or financial information.
  3. Manage passwords. Practically unhackable people use long, strong passwords that are a combination of upper and lower case letters, numbers, and symbols. Yet, unhackable people don’t always memorize their passwords; instead, they use a password manager. A password manager remembers your passwords and enters them for you. Convenient, right? Check out True Key™ by Intel Security, the password manager that uses biometrics to unlock your digital life. With True Key, you are the password.
  4. Use 2-factor authentication (2FA) all day, every day. When it comes to authentication, two is always better than one. 2FA adds another layer of security to your accounts to protect it from the bad guys so if you have the option to use 2FA, choose it. In fact Intel Security True Key uses multiple factors of authentication.
  5. Know when to VPN. A VPN, or virtual private network, encrypts your information, which is especially important when using public Wi-Fi. Practically unhackable people know that they don’t always need a VPN, but know when to use one.

To learn more about the 5 habits of practically unhackable people, go here. Like what you see? Share the five habits on Twitter for a chance to win one of five prize packs including a $100 gift card to Cotopaxi or Hotels.com.*

You don’t need to wait for another New Year to resolve to become a digital safety rock star – start today!

*Sweepstakes is valid in the U.S. only and ends May 16, 2015. For more information see the terms and conditions at intel.com/5habits.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

Password Security vulnerable to Trickery

There’s only one entrance to the house: a steel door two feet thick. If someone from the outside touched the door—even with a battering ram—they’ll get an electric shock. No bad guys could get through, right?

2DWell, suppose the bad guy tricks the homeowner into opening the door…and once open, the bad guy strangles the homeowner. Do you see what happened? All that security is worthless if the homeowner can be tricked. And the same goes for passwords. You can have the longest, strongest, most gibberish password around…but if you allow yourself to be skunked by a hacker…it’s over.

Think you can’t get skunked? A hacker could post a link to a “video” claiming it’s Taylor Swift with a 50 pound weight gain—anything to get you to click—and you end up downloading a virus to your computer.

Or maybe you get suckered into giving your credit card number and the three-digit code on its back to some site to “re-verify your credentials” because your account has been “compromised” – says an e-mail supposedly from the company you have the account with. Instead it’s a phony e-mail sent by a hacker.

Security begins by not falling for these ruses but also by not having crummy passwords.

First ask yourself if it’s super easy to remember any of your passwords. If it is, chances are, they contain actual names of people…or pets…in your life. If you have your pet and its name plastered all over your Facebook page, for instance…a hacker will figure that your password contains the name.

Another way to easily remember—and type—passwords is to use keyboard sequences. Maybe you use the same password for 14 accounts: 123kupkake. Is this easy for a hacker to crack? Depending on the level of sophistication of the hacker and the tools he possess, maybe. Imagine a hacker cracking this with his software. He’ll get into all your accounts if you have the same password.

There are many password manager services out there to help you create a strong, long password, though randomly hitting keys on your keyboard will produce the same result. But the password manager will grant you a single password to get into all your accounts, sparing you the drudgery of having to remember 14 long passwords of jumbled characters.

Another layer of security is to try to only register with online accounts that have two-factor authentication. For instance, see if your bank offers this (many actually don’t). Two-factor makes it next to impossible for someone to hack into your account.

Strong and long passwords—all different for all of your accounts; a password manager; two-factor authentication; and what else? Don’t be suckered into giving up your private information!

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. Disclosures.

If You use these Passwords, You will get hacked

Have you heard of iDict? It’s a tool that hackers can use to get passwords via what’s called brute force attacks. It’s designed to crack into iCloud’s passwords, and supposedly it can circumvent Apple’s anti-brute force attack security.

5DBut iDict doesn’t have as big a bite as you might think. A long, strong password is no match for iDict. But if you have a password that’s commonly used (yes, hundreds of people may have your exact passwords; you’re not as original as you think), then it will be a field day for iDict.

Some examples of passwords that iDict will easily snatch are:

password1, p@ssw0rd, passw0rd, pa55word—let me stop here for a moment. What goes on in the heads of people who use a variation of the word “password” as a password? I’m sure that “pa$$word” is on this list too.

And here are more: Princess1, Michael1, Jessica1, Michelle1 (do you see a pattern here?) and also John3:16, abc123ABC and 12qw!@QW. Another recently popular password is Blink182, named after a band.

Change your password immediately if it’s on this list or any larger list you may come upon. And don’t change it to “passwerdd” or “Metallica1” or a common name with a number after it. Come on, put a little passion into creating a password. Be creative. Make up a name and include different symbols.

For additional security, use two-factor authentication when possible for your accounts.

Though iCloud has had some patch-up work since the breach involving naked photos of celebrities (Don’t want your nude pictures leaking out? Don’t put’em in cyberspace!), iCloud still has vulnerabilities.

And hackers know that and will use iDict. If your password isn’t on the top 500 list from github.com, but you wonder if it’s strong enough, change it. If it has a keyboard sequence or word that can be found in a dictionary, change it. If it’s all letters, change it. If it’s all numbers, change it.

Make it loooooong. Make it unintelligible. Dazzle it up with various symbols like $, @, % and &. Make it take two million years for a hacker’s automated password cracking tools to stumble upon it.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention.

10 tips to Secure Passwords

Ever wonder just how hackers bust into systems and cause destruction? One reason is because people are still using weak passwords. While your pet’s name and wedding anniversary dates are easy to remember and sentimental to use, this approach makes a hacker’s job all too easy. Here are 10 things you should know about passwords.5D

  1. Never use the same password more than once, because if that account is hacked, and that password is for three other accounts, you’ll get quadruple-hacked.
  2. Think of a memorable phrase, then abbreviate it, such as, “My all time favorite movie is Jaws which I’ve seen 19 times.” The password would then be: MatfmiJwis19t.
  3. Don’t stick to just letters and numbers. A “character” can be any number of signs. For an even stronger password, add some random characters: MatfmiJ&wis19t!
  4. The “dictionary attack” is when a hacker applies software that runs through real words and common number sequences in search of a hit. So if your password is 8642golfer, don’t be surprised if you get hacked.
  5. A super strong password may be 12 characters, but not all 12 character passwords are strong. So though 1234poiuyzxc is long, it contains a number sequence and keyboard sequences. Though longer means more possible permutations, it’s still smart to avoid sequences and dictionary words.
  6. Another tip is to create a password that reflects the account. So for instance, your Amazon account could be MatfmiJ&wis19t!AMZ.
  7. Opt for sites that offer two-step verification. A hacker will need to have possession of your phone or e-mail account in order to use your password, because two-step requires entry of a code that’s sent to your phone or e-mail.
  8. If you struggle to remember your passwords, you can store them in a cloud where there’s two-factor authentication. But don’t stop there; preserve your passwords in hardcopy form.
  9. A password manager will make things much easier. With one master password, you can enter all of your accounts. Google “password manager”.
  10. Don’t check the “remember me” option. Having to type in your password every single time means added protection.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

3 Stupid Simple Tips to protect your Identity

For anyone who goes online, it’s impossible to hack-proof yourself, but not impossible to make a hacker’s job extremely difficult. Here are three things to almost hack-proof yourself.

http://www.dreamstime.com/stock-photos-identity-theft-red-words-binary-code-computer-monitor-image39907813Two-factor authentication. Imagine a hacker, who has your password, trying to get into your account upon learning he must enter a unique code that’s sent to your smartphone. He doesn’t have your smartphone. So he’s at a dead-end.

The two-factor authentication means you’ll get a text message containing a six-digit number that’s required to log into your account from someplace in public or elsewhere. This will surely make a hacker quickly give up. You should use banks and e-mail providers that offer two-factor. Two factor in various forms is available on Gmail, iCloud, PayPal, Twitter, Facebook and many other sites.

Don’t recycle passwords. If the service for one of your accounts gets hacked, the exposed passwords will end up in the hands of hackers, who will invariably try those passwords on other sites. If you use this same password for your banker, medical health plan and Facebook…that’s three more places your private information will be invaded.

And in line with this concept of never reusing passwords, don’t make your multiple passwords sound schemed (e.g., Corrie1979, Corry1979, Corree1979) for your various accounts, because a hacker’s penetration tools may figure them out.

Use a password manager. With a password manager, you’ll no longer be able to claim not being able to remember passwords or “figure out” how to create a strong password as excuses for having weak, highly crackable passwords. You’ll only need to know the master password. All of your other passwords will be encrypted, penetrable only with the master password.

A password manager will generate strong passwords for you as well as conduct an audit of your existing passwords.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

6 Ways to prevent Social Engineering Attacks

Hacking isn’t just about weak passwords and single-factor authentication. A lot of it occurs because people can be so easily tricked into giving up personal information: the craft of social engineering. Example: “Download this video of Kim K fully naked!” How many men would be lured into clicking this gateway to a viral infection? We are a sad species.

11DThe victim isn’t always a goofball like this. They can be a tech support agent tricked into resetting a password and handing it over. Often, the victims don’t even know they were targeted until well after the fact, if ever.

  1. Just say no—to giving out personal information. Social engineering can occur over the phone: someone pretending to be your bank, asking for your private information. Always contact any institution for verification they want your private data before blindly giving it out.
  2. Be scrupulous with security questions. Don’t answer ones that a hacker can easily get the answer to, such as “City you were born.” Choose the most obscure questions from the list. If all seem rather basic, though, then give answers that make no sense, such as “Planet Neptune” for the city you were born in. If you fear being unable to remember these answers, put the answers in an encrypted file or password manager.
  3. Do you get e-mails about password resets? Be careful. Contact the service provider to see if the e-mail is legitimate.
  4. You’ve probably heard this before, but here it is again: Never use the same password for multiple accounts! In the same vein, don’t use the same security questions, even though the list of security questions from one service provider to the next is usually the same list of questions. Do your best to use as much of a variety of questions as possible, and don’t forget, you can always give crazy answers to the same question for different accounts.
  5. Keep an eye on your accounts and their activity. Account providers such as Gmail have dashboards that show where you’re logged in and what tools or apps are connected. This includes financial and social media accounts.
  6. Beware of emails coming from anyone, for any reason that require you to click links for any reason. Social engineering via email is one of the true successful ways to con someone. Just be ridiculously aware.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

New year, new Passwords, here’s how

You must change your passwords like you must change your bed sheets. This is not up to negotiation, thanks to the influx of viruses, malware, phishing sites and key loggers.

5DChanging a password means having a new password for all of your accounts rather than using the same password. Imagine what would happen if someone got ahold of your one password—they could get into all of your accounts.

The biggest problem with passwords as far as how easy they can be cracked, is when they have fewer than eight characters, and are an actual word that can be found in a dictionary, or are a known proper name. Or, the password is all the same type of character, such as all numbers. There’s no randomness, no complexity. These features make a hacker’s job easy.

How to change Passwords

  • Each site/account should have a different password, no matter how many.
  • Passwords should have at least eight characters and be a mix of upper and lower case letters, numbers and symbols that can’t be found in a dictionary.
  • Use a password program such as secure password software.
  • Make sure that any password software you use can be applied on all devices.
  • A password manager will store tons of crazy and long passwords and uses a master password.
  • Consider a second layer of protection such as Yubikey. Plug your flashdrive in; touch the button and it generates a one-time password for the day. Or enter a static password that’s stored on the second slot.
  • Have a printout of the Yubikey password in case the Yubikey gets lost or stolen.
  • An alternative to a password software program, though not as secure, is to keep passwords in an encrypted Excel, Word or PDF file. Give the file a name that would be of no interest to a hacker.
  • The “key” method. Begin with a key of 5-6 characters (a capital letter, number and symbols). For example, “apple” can be @pp1E.
  • Next add the year (2014) minus 5 at the end: @pp1E9.
  • Every new year, change the password; next year it would be @pp1E10. To make this process even more secure, change the password more frequently, even every month. To make this less daunting, use a key again, like the first two letters of every new month can be inserted somewhere, so for March, it would be @pp1E9MA.
  • To create additional passwords based on this plan, add two letters to the end that pertain to the site or account. For instance, @pp1E9fb is the Facebook password.
  • Passwords become vulnerable when the internet is accessed over Wi-Fis (home, office, coffee shop, hotel, airport). Unsecured, unprotected and unencrypted connections can enable thieves to steal your personal information including usernames and passwords.
  • Thus, for wireless connections (which are often not secure), use a VPN—virtual private network software that ensures that anything you do online (downloads, shopping, filling out forms) is secured through https. Hotspot Shield VPN is an example and has a free version, available for Android, iPhone, PC and Mac.
  • Set your internet browsers to clear all cookies and all passwords when you exit. This way, passwords are never retained longer than for the day that you’ve used them.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

10 Tips to Better Password Security

Now that Apple has rolled out its new “Touch ID” fingerprint biometric technology, none of us ever has to enter a password ever again….NOT. While biometrics is certainly an option for authentication and a fingerprint is the most likely method of password deployment, it will be a long time until (if ever) a fingerprint is the sole way in which we are identified. I do, however, believe fingerprinting is a good thing, and with science and technology working together, someday we might perfect biometrics—and it will not be considered an invasion of one’s privacy, either.

In the meantime, here’s how to improve your password security:

Use different passwords. At least use different passwords for each of your accounts. Using the same ones gets you in trouble with others when one account is hacked.

Cover the keyboard. Use your other hand to cover the keys as you type and be sure no one watches when you.

Log off. Log off when you leave your device, even if it’s just for a minute. Open accounts allow password resets.

Antivirus that thing. No matter your device’s age, use security software and keep it up to date to avoid malware.

Only use your devices. Never enter passwords on computers such as at internet cafés or library PCs, which may have malware.

Use a VPN. When entering passwords on unsecured WiFi connections at an airport or coffee shop, hackers can intercept your data. But with a virtual private network, you eliminate that risk.

Don’t share passwords. Your buddy/mate may not be your buddy/mate forever.  People change. And they become vindictive sometimes.

Change your passwords regularly. Change your passwords semi-annually and avoid reusing passwords.

Beef up your passwords. Use at least eight lowercase and uppercase letters, numbers, characters or symbols in your password.

Use a password manager. Google “password manager” and get one. It can create and store passwords on all your devices and browsers.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

Yahoo! Hacked: 15 Tips To Better Password Security

In light of the Yahoo Voices hack where 450,000 passwords have been compromised, it’s time again to let the world know what they are doing wrong when it comes to passwords. CNET pointed out that:

2,295: The number of times a sequential list of numbers was used, with “123456″ by far being the most popular password. There were several other instances where the numbers were reversed, or a few letters were added in a token effort to mix things up.

160: The number of times “111111″ is used as a password, which is only marginally better than a sequential list of numbers. The similarly creative “000000″ is used 71 times.

Protect your information by creating a secure password that makes sense to you, but not to others.

Most people don’t realize there are a number of common techniques used to crack passwords and plenty more ways we make our accounts vulnerable due to simple and widely used passwords.

Common Ways Hacks Happen

Dictionary attacks: Avoid consecutive keyboard combinations— such as qwerty or asdfg. Don’t use dictionary words, slang terms, common misspellings, or words spelled backward. These cracks rely on software that automatically plugs common words into password fields. Password cracking becomes almost effortless with a tool like John the Ripper or similar programs.

Cracking security questions: Many people use first names as passwords, usually the names of spouses, kids, other relatives, or pets, all of which can be deduced with a little research. When you click the “forgot password” link within a webmail service or other site, you’re asked to answer a question or series of questions. The answers can often be found on your social media profile. This is how Sarah Palin’s Yahoo account was hacked.

Simple passwords: Don’t use personal information such as your name, age, birth date, child’s name, pet’s name, or favorite color/song, etc. When 32 million passwords were exposed in a breach last year, almost 1% of victims were using “123456.” The next most popular password was “12345.” Other common choices are “111111,” “princess,” “qwerty,” and “abc123.”

Reuse of passwords across multiple sites: Reusing passwords for email, banking, and social media accounts can lead to identity theft. Two recent breaches revealed a password reuse rate of 31% among victims.

Social engineering: Social engineering is an elaborate type of lying. An alternative to traditional hacking, it is the act of manipulating others into performing certain actions or divulging confidential information.

Tips to Make Your Passwords Secure

Make sure you use different passwords for each of your accounts.

Be sure no one watches when you enter your password.

Always log off if you leave your device and anyone is around—it only takes a moment for someone to steal or change the password.

Use comprehensive security software and keep it up to date to avoid keyloggers (keystroke loggers) and other malware.

Avoid entering passwords on computers you don’t control (like computers at an Internet café or library)—they may have malware that steals your passwords.

Avoid entering passwords when using unsecured Wi-Fi connections (like at the airport or coffee shop)—hackers can intercept your passwords and data over this unsecured connection.

Don’t tell anyone your password. Your trusted friend now might not be your friend in the future. Keep your passwords safe by keeping them to yourself.

Depending on the sensitivity of the information being protected, you should change your passwords periodically, and avoid reusing a password for at least one year.

Do use at least eight characters of lowercase and uppercase letters, numbers, and symbols in your password. Remember, the more the merrier.

Strong passwords are easy to remember but hard to guess. Iam:)2b29! — This has 10 characters and says “I am happy to be 29!” I wish.

Use the keyboard as a palette to create shapes. %tgbHU8*- Follow that on the keyboard. It’s a V. The letter V starting with any of the top keys. To change these periodically, you can slide them across the keyboard. Use W if you are feeling all crazy

Have fun with known short codes or sentences or phrases. 2B-or-Not_2b? —This one says “To be or not to be?”

It’s okay to write down your passwords, just keep them away from your computer and mixed in with other numbers and letters so it’s not apparent that it’s a password.

You can also write a “tip sheet” which will give you a clue to remember your password, but doesn’t actually contain your password on it. For example, in the example above, your “tip sheet” might read “To be, or not to be?”

Check your password strength. If the site you are signing up for offers a password strength analyzer, pay attention to it and heed its advice.

In the end, it’s the responsibility to the public to protect themselves. This disclosure now requires those currently exposed to change their password. The rule of thumb is to change your passwords frequently, every six months. It’s a cliché, but true, passwords need to be strong. Let the keyboard be your palate and be creative. A common mistake people make is that they use dictionary or slang terms. Beware. Dictionary attacks use software that automatically plugs common words into password fields making password cracking effortless for various tools.

Robert Siciliano is an Online Security Expert to McAfee. See him discussing identity theft on YouTube. (Disclosures)