Web Accounts Hacked?

So I keep talking about web security and passwords but now how do web accounts get hacked?    Most of the time it is a crime of opportunity,  that is not to say talented individuals with advanced knowledge are not a threat, but it can be easier than you think to expose your password.  Wikipedia defines   crime of opportunity as a crime that is committed without planning when the perpetrator sees s/he has the chance to commit the act at that moment and seizes it. Such acts have little or no premeditation.  A lot of people think ok my e-mail really is not that important anyway as all I get is e-mails from friends or forwards of jokes. But it could be used to send notices from your banking, send passwords, or resets for accounts.  Here are some ways you may give out your information:

Recovery E-mail Account:   A recovery e-mail account is method a lot of systems use to help you get back into an account that you have lost the password for  We have all done it and signed up for a free e-mail account to use to get information sent to or set up accounts with.  When you sign up for some services they may ask you for a backup e-mail.  You ask the site to send you your password (some will just reset it). The site says: “Sure, it’s been e-mailed to you.” As long as you have access to that other account, you are just fine and dandy.

The interval at which you need to check your free e-mail account to keep it from falling dormant and being automatically discontinued, cancelled or even deleted varies from service to service. Here are the log-on requirements of the most prominent:

If someone claims that account accidentally and you reset your password, then you just lost control of your main account. If it was on purpose, then the next step is to simply go through the password recovery process.

Avoid Duplicate Passwords: An easy way to get hacked is to give a site your e-mail address and then use the same password at that site. The same goes if you use the same user name and password at two or more sites. If the site does not encrypt the password, then there is a huge problem. Anyone who works for the site and has access to this information (or gains it) now has everything they need to log-in to your account. While most sites protect passwords, there are still ways for employees to get it. At the least, use a different password for your e-mail account than everything else.

Public Computers are scary! – If you must use a public computer always remember to sign out.  Even better try to go back into the site to make sure you did not forget to log out.  How often do you see the browser box pop up and ask you if you want to save the password?  You didn’t check it did you?  Also on that shared computer it may have spyware, virus, or key loggers watching for your user names and passwords.  Also clear your history and Browser cache if it allows you to do that.  You have no idea who was there before you and who will use it next.

Beware of your surroundings: ok you just pulled out your laptop at the coffee House/Bookstore/McDonalds and you have people around you.  They could be watching what and where you are going.  Also remember that cell phones and cameras are everywhere.  If they can capture/record  or watch you enter your password they now have keys to the kingdom.

Avoid Commonly Used Passwords: I’m going to sound like a broken record here but avoid the easy passwords.  I will be trying your name, family names, pet names, favorite sports teams, and some of the other usually passwords.  The longer the password the better.  Also mix it up with upper case and lower case numbers, numbers and non-alpha charters.  Just words of warning putting a 0 or 1 at the end of your password is very common so don’t do that.  “A lot of personal information actually functions like a password and, as such, needs to be robustly protected,” said Chris Young, vice president of consumer authentication at RSA in a statement. “With a bit of sleuthing, motivated hackers can guess a password by having [a victim’s] address and trying combinations that assume he’s a fan [of a particular sports team].

Written Passwords: Ok so you have all these different passwords.  You write them down on a sheet or in a book.  Guard them like they are a Million Dollars.  I will walk up to your desk and look in the top drawers, under the keyboard, in the front of your date book or under your desktop calendar, or the best spot – the post-it note fastened to your monitor.  Keep them secure very secure if you most write them down.   Also avoid the online password vaults as they may also be hacked.  In May 2011 a online multiplatform password manager, noticed “a network traffic anomaly,” possibly a hacker attack, so it forced its users to change their master passwords.

Use only Trusted Computers: This is almost like public computers.  If you do not have control of the machine a quick log into a site may just be captured and you gave up everything.  If you use the same passwords for everything you have a big problem.  Your personal machine should be fully patched with all updates for the programs running and installed on your machine.  Current firewalls and antivirus programs installed and running.

This is all stuff we hear every day but is a good reminder to check every so often.  Lastly, remember the first rule of passwords: don’t ever give them out or share them!  Now excuse me as I take this call from the Computer Department asking for my user name and password to reset something.