Cybercriminals are adopting complex and powerful techniques to “hack,” or take control of online accounts belonging to other people or organizations. Often, they do this by identifying the passwords belonging to an account user. This used to be a complicated task, but, as The Atlantic notes, discovering passwords today can be as simple as running a ready-to-go program.
You may not be able to stop a dedicated hacker from compromising your online identity, but there are methods you can use to either stall or convince them that hacking you isn’t worth their time.
1) Use the right kind of password, and change it often
The right password can make all the difference. But for many the “right” password is actually wrong. Most passwords are too common, too closely associated with an account holder (like the birthdate of a relative or the name of their pet), or used across multiple websites.
The first thing to do is to use a unique, complex password for each account you have online. The password should use a random combination of upper and lowercase letters, numbers and symbols. Most websites today require passwords to have minimum of six characters, but with the ability of even the most basic password cracking software, six character passwords, no matter how complex, can easily be decoded. To keep your passwords from being compromised, use at least 11 characters. The more characters you use, the more difficult it becomes for a hacker to crack.
Keeping track of passwords for online accounts can be a challenge, but writing them down for reference defeats the purpose altogether. Try using a password manager, like McAfee SafeKey, to keep your passwords secure and protected without sacrificing your sanity
2) Don’t engage suspicious links
If your computer becomes infected with malware—dangerous software used to gather sensitive data from your computer—all the characters in the world won’t be able to protect you.
One of the more common methods hackers use today to compromise accounts is a method called “phishing.” Phishing scams usually involve hackers creating crafty emails, which convince users to either click on a malicious link or to give up personal information.
Avoid this and protect your information by not clicking on any links — highlighted text, which can take you to another part of the Internet with a simple click — contained in an email or online comment. Misspelled brand names, bad grammar and a comment with an all too salesman-y approach are some good indicators of ne’er do wells. Ideally, you want to have a safe search tool like McAfee SiteAdvisor, that can not only provide safety ratings in search results, but also prevents you from going to known malicious sites.
3) Enable two-step verification if available
Two-step verification activates whenever a user, or a hacker, attempts to gain access to an account from an unfamiliar computer or mobile device. The service offering two-step verification, like Google, will then send the user a six-digit code to the associated device by either a text message or a phone call. Users will then enter that randomly generated six-digit code along with their password in order to confirm they are who they say they are.
While it may not be as convenient as a single password, it’s far more secure. More and more businesses are enabling this option, so always opt in when you can in order to keep your identity as secure as possible.
4) Use comprehensive security on all of your devices
Malware isn’t just restricted to PCs anymore. From smartphones to tablets, you should have security software installed on all of your devices. The Android system is a particularly tempting target, with many malicious apps waiting to steal your information—even some hiding in the legitimate Google Play store.
As the most basic step, make sure you use a PIN code or password to lock your mobile devices and make sure it’s set to auto-lock after a certain period of time. Software options like McAfee Mobile Security or McAfee LiveSafe (for all your devices) can protect you from threats and help you avoid risky websites as well as malicious apps. With this kind of fortification, your personal data will not only be safe in your hands, but also if a device falls into the wrong ones. In the event of loss or theft, security software should be able to remotely backup, lock and if necessary, wipe all the data from your mobile device.
5) Forget the ‘Remember me’ function
While it may be convenient, the ‘Remember me’ function on browsers and mobile devices can become a major threat to your digital identity. By saving your password cookies, the process is easier for you—as well as any hacker able to sniff your wireless network or gain access to your device.
Always log out of apps or important websites when you are finished, especially when it comes to online banking or social networks. This may seem like a fairly simple step, but anything that you can do to take yourself out of the low-hanging fruit category will go a long way towards deterring cybercriminals.
6) Set up a secret password account
Nearly every website requiring passwords also contain a password reset feature. While convenient, this feature can also be used against you to gain access to all of your accounts, especially if you use different emails accounts to reset passwords to your account. If a hacker gains access to one email, they can falsely request password resets on other emails and accounts.
To avoid this snowballing effect, consolidate your password reset emails to one secure email account. As Slate’s Farhad Manjoo explains, a single email account dedicated to password resets can keep your online persona safe. You can make this account secure by using an account name with no recognizable relation to you, secure password (preferably with 11 or more characters) and enabling two-step verification.
Of course, with enough effort, hackers can bypass nearly any preventative measures you make with a variety of tools. But small steps like these can be an effective way to deter hackers from making your life miserable.