No matter how careful you are in the modern world we all eventually get that dreaded email. “Your Account may have been compromised.”
Provided the spelling in the email is all correct (funny how the spammers never get that one right) and the website links did not infect your computer with a virus or direct you to a fake website or Louie Vitton fake merchandise websites, and checking does indeed show your Facebook, Twitter, Linkdin, Instatube, and YouGrahm account is now selling vacations to Nigeria, or advertising the unmentionable bits of someone from the Ukraine on live stream. It happens a lot.
Most recently it happened to me due to Social Media inter-account links. (That part when you sign up for an account and it says, tell us your GMail account info and we will see who we can link you up with.)
LinkdIn was hacked (the entire platform) about a year ago, and that was when my ultra secure and top secret password was compromised. The problem for me was I forgot my Twitter was linked, my gMail was linked and my Yahoo was all linked to the same account – because the words saying Link your accounts sounded safe at the time. So – just point one – don’t do that. One compromised account can compromise ALL other linked accounts.
1. DO NOT link accounts from multiple platforms together to maintain account integrity at all times.
Holes, vulnerabilities and simple Wikileaks style data dumps from a disgruntled employee can compromise your account on any one platform. That one time linking – is often a long term connection that they continue to maintain to ensure “The latest email addresses” are added to your account, is really a big security risk.
2. Do not use easy to guess passwords
This is 2018 – we should know this by now but let us go over this for redundancy purposes.
Here is a brief list of the most commonly used passwords from hacked accounts in 2018. This is why we tell people DO NOT use easy to guess passwords. (source:https://techviral.net/common-passwords-might-surprise/ – edited for spelling)
The reports from Keeper also states that four of top 10 passwords on the list consists of six characters or shorter, passwords like ‘12345678’, ‘111111’, ‘1234567890’, ‘1234567’, ‘password’, ‘123123’, ‘987654321’ are among the top ten list.A study by multiple web hosts revealed that most passwords were extremely weak.
3. Do not use dictionary words
There are scripts / bots that are designed to do one simple task, guess passwords.
These connect to every possible IP address (computers connected to the internet) and attempt to login, access, and validate account names. Part of the process is to go through every known word in the english language, first names, last names, and random numbers before and after each, to try to access accounts. They do this because it is an incredibly successful method to hack into accounts. Your username is :email@example.com the bot will guess brandonplaysbaseball123 brandon123 baseball123 bpb123 and so on. If your email account is in search results and other areas they can search information on the account you soon have your address, town, favorite sports team and pet name to try as well.
Just don’t do it. If your password is an english word, you are asking for trouble.
4. Do not use personal relevant names, dates, addresses
This goes along with #3 – it does not take much to break into an account. You make it easier when the password is based on details about your life. Do not use your cat name as your password either. It is just as guessable. Fluffy123 will get hacked
5. Do not visit bad websites… just a warning
Part of the vulnerability in passwords is our browsing habits. Viruses, tracking scripts and malware infect in a moments notice. Do not click on popups, emails from people you do not know and just do not go to “that part” of the internet where the morals of the website owners are already on thin ice, trusting the website to not be infected with bad stuff is just asking too much. A key logger script or backdoor virus will at the minimum make your system slow down and be part of the bot net attacking other accounts and trying to break into accounts on the web, and most likely your credit card and your own personal accounts will be compromised as well.
Take a look at the logs of any web server and you will see usually 20 to 500 random connections from around the world trying to log in to random and real user accounts. Do not make it easy for them to get in.
6. Do not write your password down
This seems too simple to ignore but it is the truth. Guessing your password across the internet is one thing, but imagine if someone got into your office, sat at your desk and looked at the screen, the keyboard and looked through the desk drawers. One of the most realistic hacking scenes in a movie I have ever seen was when the bad guys sat down at a desk and saw a Post-it-note on the monitor with the word Password to login written on it and then the password was underneath that. Just seriously use the ol’ noggin and try to memorize the password without writing it down.
7. Use random password generator (or use one to make your own) then memorize the pattern so you remember for later.
Looking at this example password that was randomly generated: Pg9HyNEdwL
That may seem too hard to remember, but taking the letters we can make words you can remember. Note the cap and lowercase. If you can remember words to make this easier – you make it harder on the bad guys.
This is much the same way we used to remember the nine planets (8 now – sorry Pluto).
Most voters earn money just showing up near polls.
Mercury, Venus, Earth, Mars, Jupiter, Saturn, Uranus… Neptune, and Pluto.
It is a memory mnemonic device to help you remember important items for later.
UPDATE: Google has announced plans to sell physical security keys.
This may be worth time and investment to test and see if this does improve security.
All of that being said, if your online account, website, or application becomes compromised, Sneaker Web Design can help in many ways. Contact us today to see what we can do to recover your data, access and peace of mind.
Server Administrator, Developer, and bot slayer.