It’s safe to say that many of us can’t live without the Internet anymore. It has become our meeting place, our cookbook, our jukebox, in some cases even our love life. The best thing about the Internet is definitely anonymity; you can say or do whatever comes to mind, and no one will know it’s you. Which means that the most valuable thing you posses as an internet user is your identity itself.
However, internet can backfire very easily; with only scraps of information, skilled people can do some research and find out every bit of information there is to know about you: your Social Security Number, bank accounts, credit card numbers, phone numbers, home and other addresses, etc. That’s why it’s important for an internet user to know the basics of internet security. It’s not rocket science, but it is something to keep an eye on.
First thing’s first, and the most obvious: never give out your personal information on the internet. This includes your name, last name, your private email address, and I don’t think I need to mention social security numbers, credit card information and such. It’s possible to find someone only using their first name, given that the person in question has an account on any of the popular social networking sites, and almost everyone today has an account in at least one, be it Twitter, Facebook, or even YouTube. If you’re buying something online, give out your credit card information only to trusted sites, such as PayPal, eBay etc., but even then you need to be very careful. But we’ll get to that in a moment.
Passwords are very important when using the internet. Every major site requests you to have one, and those sites can be annoying at times, asking that the password contain 1 letter, 1 number, 1 non-alphabetic sign, should be at least 10 characters long etc. Some, sometimes all, of those conditions annoy users, but there is a reason sites request those conditions to be met. I won’t go into complex mathematics here, but I’ll tell you this: for every extra character in your password, the time it takes to hack your password rises exponentially. Every password that uses exclamation points or commas is infinitley more difficult to crack. So, don’t get mad at the websites which are trying to protect you, and try not to use your birthday as a password, because it’s easy to find out what your birthday is.
Just don’t choose any easy to guess password. It must not be a simple English word. It should be as hard as it can be with different combination of letters as described above. To give you an idea how easy your password can be hacked if you choose a simple password, there are password dictionaries available containing tens of thousands of different combination of passwords. The hackers use these password dictionaries using their software tools which automatically tries each of those passwords one by one until they see a positive match.
As an example, a freely available password dictionary has as much as 2,151,220 passwords. This is just a free version. There are paid versions available that contain millions of such passwords. Now you know well how unique your password is. Your guess is as good as mine how long it will take to find your password if you had a weak password. In simple words, just choose strong passwords. Period!
In addition to using strong passwords, never use the same password for different accounts. The reason should be obvious: if someone finds out your Gmail password, and you always use the same password, the person now has instant access to your Facebook account, PayPal account, YouTube, Twitter, maybe even your bank account.
Now, keeping track of all the different passwords can be tricky, but don’t keep them on a piece of paper next to your computer, or somewhere easily accessible. Memorizing them would be the best way, but there are also specialized softwares that help users keep track of all the passwords they use. (For example, KeePass).
“Social Hacking”
When you are in a coffee shop with your laptop, or in a crowded classroom, or at the airport, be careful entering your information into the computer. Why? “Social hacking” is the easiest form of hacking: the hacker will look at your fingers while you’re typing the password, memorize it, and access your account later. It sounds silly, but it happens very often. Even if they found out a few letters of your password, there are techniques using which hackers could generate random words off of those few letters.
When it comes to using public computers, first of all try your best not to logon on a public computer, but if you must then be extra careful and make sure to sign out of your accounts and wipe all the logon data that you may have used. Also don’t forget to change your password as soon as soon you get a hold of your personal computer.
Another good advice would be to be careful with your private computer, and who can access it. There is an easy way to read all the passwords your own browser remembers via HTML.
Some popular websites online have introduced an added layer of security called Two-factor authentication to protect their users. The basic idea behind this technology is to combine two different components that could identify a user. For example, the majority of websites send out a separate code to cell number of a user that has to be entered in addition to successfully entering the password. So make sure you enable the two-factor authentication for your account. Most of the popular websites such as facebook, twitter etc. provide this technology to their users. Having enabled two-factor authentication, a hacker will have to hack into your phone as well in addition to knowing your password.
“Phishing”
As I mentioned in the first tip, be careful who you give your personal data out to. Sometimes you might get an e-mail from PayPal, Facebook, google, or your bank, asking to confirm your account by inputing your user information into a form they conveniently provided to you. Do not do it! This is called “phishing“, and it’s a hacking technique used specifically to fool you into getting your personal information such as your facebook, email address or bank account passwords from you.
The hacker will send you an e-mail which would perfectly resemble an e-mail sent by PayPal (or Amazon, Moneybookers, or any other similar site), and ask for your data. Probably even threaten to delete your account if you don’t comply. Do not fall for this. Instead, go to the official site (do not use any links that might be provided in the fraud e-mail; they could be fake too. Instead, type the address in your browser yourself), log in using your credentials, and if there was a legitimate need to renew your passwords or other information, the site will notify you itself.
How to be sure you have connected to the real site instead of a fake look alike that wants to steal your login information? Whenever you login to facebook, twitter, gmail etc, make sure you see the green “Lock” icon with the “https” written in green color in the address bar as shown in the picture for different popular websites. This is called SSL Certificate that in addition to encrypting your connection, tells you that you have indeed connected to the real server. Not every site uses SSL technology but almost all of the popular websites do. So do check that out next time you login to your twitter account.
It might sound scary, but the rule of thumb is usually to always be extra careful when anything on the internet asks for your personal data. Always double check, call the company if possible, check the logo in the e-mail, check the web address, check the SSL Lock. Your money is in question. If not money, your identity and privacy is. Always remember, on the internet, there are far worse things that could happen to you than someone stealing your money.
Following these simple guidelines will make your internet travles a little bit safer, but we’ve only scratched the surface. There are entire companies and careers built specifically on internet security. However, as long as you steer clear of shady websites, and don’t give out your full credit report to a random stranger online, or add some randome stranger as your facebook friend, you should be fine. Have fun surfing!