Technology Tip:
Just how hackable are you?
Are you an easy target?
According to a recent Harris Interactive poll commissioned by Dashlane, a
company that manages passwords and personal data, most online Americans
are concerned that their personal data might be used online without
their knowledge. Approximately 88 percent of the 2208 adults surveyed
cited being at least "somewhat concerned," and 29 percent claimed to be
"extremely concerned." In addition, three out of five respondents were
worried that they were vulnerable to being hacked.
John Harrison, a group manager at Symantec Security and Response, says
that people should be concerned, because they're sharing more than they
think they are.
Because social networks, public records, and high-profile security
breaches are so prevalent, a lot of potentially sensitive information is
just floating around the Internet.
"Each piece of information adds to the puzzle," Harrison says. "We don't
throw everything out there at once, but it eventually comes together.
For example, you may not put your full birthday on Facebook, but it's
not difficult for someone to find out what year you graduated from high
school and put two and two together."
In other words, you may not think you're sharing too much—just a snippet
here and a snippet there—but to a hacker, you're building an easily
harvested online profile.
Protect yourself the easy way
If you use the Internet in any meaningful way—sending email, uploading
photos, frequenting social networks, shopping—your online profile is
likely already floating around in the ether. And even if you haven't
been online all that much, bits of your personal data may be available
for online viewing via digitized public records. An interested person
could readily find out if you have a mortgage, for example, or if you've
recently gotten married or divorced.
You probably know that a typical five-character, dictionary-word
password is easy to hack, and perhaps you rely on something far less
penetrable. But you probably don't have the time or bandwidth to
memorize a complicated mix of numbers and letters. So here are a few
quick, easy-to-implement security tips that will drastically reduce your
hackability.
Search for yourself. Before you start worrying, it's a
good idea to get a handle on how much information about you is out there
by searching for yourself. Type your name into Google—both with
quotation marks and without—and with relevant keywords, such as your
address, phone number, email addresses, job title, company, and alma
mater.
See what you find, and try to look at the information the way a hacker
would. Is there enough data there for someone to piece together your
life? If so, you need to take steps to improve your personal security.
Use passphrases instead of passwords: Passwords are a
tricky security issue. The best passwords are computer-generated
mixtures of letters, numbers, and special characters (such as
exclamation points and question marks).
Unfortunately, the resulting
alphanumeric strings are also extremely difficult for most people to
remember. But since most passwords are hacked via brute-force
methods—that is, by having a computer go through all possible
combinations of characters—longer passwords are more secure simply
because they take longer to discover.
For example, an Intel Core i7 processor takes just hours to crack a
five-character password, but it takes more than 10 days to crack a
seven-character password. That's why security experts recommend using
passphrases instead of passwords.
Stay updated: One of the easiest ways to prevent
intruders from compromising your computer is to make sure that you're
always running the latest version of all your PC applications—including
your antivirus program.
"Drive-by downloads—malware that downloads to your computer when you
click on a malicious link—often work by exploiting known bugs in
software," Harrison says. "These bugs are usually fixed in updated
versions of the software, but that won't help you if you're still
running the old version."
Prioritize accounts: You may not be able to remember
complex passphrases for every account you have, and that's okay.
According to Doug McLean, senior director of product marketing at
McAfee's Global Threat Intelligence, the average online American has
more than 100 accounts, not all of which are important.
Instead of creating different passwords for every account, create unique
ones for only the important accounts—email accounts, online banking
accounts, social networks, and other accounts that contain sensitive
information. For relatively trivial accounts, such as message boards,
it's fine to use an insecure, hackable password.
McLean also suggests creating a "junk mail" email address for accounts
that you don't really care about. You can use this junk email address to
sign up for message boards, contests, and newsletters. Then, if one of
the junk accounts is compromised, hackers won't have your real email
address or your real passwords.
Lie: Speaking of junk accounts, be careful about what
information you give away to random websites. Sure, your bank needs to
know your home address, but does a message board really need to know
your zip code or your full birthday? If you can't get past a screen
because the website wants you to give up too much information, Harrison
suggests that you make things up. After all, he notes, message boards
are notoriously hackable, and they really just want to verify that
you're over a certain age.
Protect yourself offline: According to McLean, offline
identity theft is still much more common than online identity theft. The
reason: Email addresses have passwords, while mailboxes, dumpsters, and
lost wallets do not. To protect yourself offline, McLean suggests that
you get a locking mailbox (if you don't already have one), shred all
important bills and documents before you throw them away, and never
carry your Social Security card with you.
Use a password manager: Though password managers
require a little setting up, they're worth it if you're worried about
the integrity of your passwords or passphrases. Password managers such
as Dashlane, 1Password, and LastPass not only store all of your
passwords in a neat little encrypted program that you can unlock with a
master password; they can also create secure, computer-generated
passwords that even you don't know.
In choosing a password manager, it's important to pick one that's
compatible with all of your devices, including your phone and tablet.
Dashlane, 1Password, and LastPass are compatible with Windows, Mac OS X,
iOS, and Android; and LastPass is also compatible with Linux,
BlackBerry, Windows Phone, WebOS, and Symbian. Password managers can
store form data, so you don't have to park credit card information on
the Web.
Freeze your credit report: Freezing your credit report
is the single most effective way to prevent identity theft, according to
McLean. If you're over 30 and you're not getting married or divorced,
you probably won't be applying for new credit cards, loans, or
mortgages, so you don't need your credit report to be readily available.
To freeze your credit report, you must contact each of the three major
credit bureaus (Equifax, Experian, and TransUnion), fill out a form,
provide proof of identity, and pay a small fee (around $10, depending on
your state). You'll then receive a PIN or password that will allow you
to "thaw" your credit report (either temporarily or permanently) if you
ever need to use it. Temporarily thawing your credit report usually
takes less than a minute, McLean says.
Credit report freezes are free in the United States for victims of identity theft.
Even a little security goes a long way
McLean suggests that taking minimal security precautions is like
outrunning a bear: You don't have to be faster than the bear; you just
have to be faster than your friend who's also being chased.
Hackers are smart, but they're also somewhat lazy. So unless you happen
to be a high-profile target, a hacker will likely give up if your data
defenses prove to be too difficult to breach. Mat Honan's hackers even
admitted that their attack was nothing personal—they simply wanted to
break into his Twitter account because the three-character handle "@mat"
signified the property of a Twitter superuser. Nothing more, and
nothing less.
Ultimately, even taking small security steps, such as creating an
eight-character password instead of a five-character password, can
protect your personal information just well enough to convince hackers
to move on to the next digital door.
Posts
