Tuesday, April 19, 2011

How Web Accounts Get Hacked

Hacking into an e-mail, Twitter, Facebook, or other account is illegal everyone knows that.

Talented individuals with advanced knowledge are not a threat, You are your own threat.

This is a short list of simple things you may not think about. In each, an opportunity is created… one you want to avoid. The idea is to tell you what not to do and why.
Some advanced methods, like phishing, are a bit more complicated than what is covered here.

1. Recovery E-mail Accounts Can Expire

A recovery e-mail account is method a lot of systems use to help you get back into an account that you have lost the password for. The idea is simple. You ask the site to send you your password (some will just reset it). The site says: “Sure dude, it’s been e-mailed to you.” As long as you have access to that other account, you are just fine and dandy.

Check your recovery e-mail account every three months or so. If you do not, the account may be deleted. Someone else can now claim it. If someone claims that account accidentally and you reset your password, then you just lost control of your main account. If it was on purpose, then the next step is to simply go through the password recovery process.

2. Avoid Duplicate Passwords

An easy way to get hacked is to give a site your e-mail address and then use the same password at that site. The same goes if you use the same user name and password at two or more sites. If the site does not encrypt the password, then there is a huge problem. Anyone who works for the site and has access to this information (or gains it) now has everything they need to log-in to your account.

3. Beware Onlookers

Be paranoid. A person standing behind you as you sign in to a website may not be as casual as they seem. In age where so many phones and MP3 players can record video, they don’t even need to be facing you. If a person sees you enter your password, there is a very good chance they can remember it.

4. Use Public Computers Differently

Watch the settings you use on public computers and always remember to sign out. Be sure to double check this. Most of us have formed habits from using personal computers. We often leave that little box checked “Remember me.” underneath the sign in box. Some may click “Yes” to “Do you want to save this password?” after they log in. Forgetting to click “log off” when a session is finished is common place. This is convenient when it is a personal machine, but disastrous on a public machine. Your account is now as easy for someone else to get into as if it was their own personal machine. There are ways to steal passwords that are saved too.

5. Only Use Trustworthy Computers

Trust the computer you are using as much as you trust the owner. By trust, I refer to both the integrity and the aptitude of the person. For a person who lacks integrity, they may intentionally have software running that records what keys you press (called a “keylogger”). Companies in the U.S. can legally install them on any computer they own. For a person who lacks aptitude, they may unknowingly have spyware on there machine. Spyware can sometimes have the same abilities as a keylogger. In either case, once you use that computer to quick check your FaceBook, your account is compromised. If you used that password for you e-mail or banking, you have a larger problem.

6. Avoid Commonly Used Passwords

Do not use the name of your pet, child, team, favorite color, date, etc. as a password. Never use “password” as a password. Too many people use “123456″ (at least at hotmail and rockyou). All of these are easy to guess. A cracking tool is not required to figure them out.

7. Guard Written Passwords

If you choose to write down a password, protect it like your life savings. Would you leave twenty dollar bills sitting around? Your password is much more valuable than that if it is used for your bank account. Nevertheless, I see passwords siting out in the open. It is not a bad idea to never write down your passwords, but the problems of that are obvious. There is no shame in writing them down, but keep them in a safe place… I’m thinking a safety deposit box at the bank.

Lastly, remember the first rule of passwords: don’t ever give them out or share them!
 

19 commentaires:

J.R. said...

Very good advice! I stopped using public computers awhile ago due to someone getting into my email. Really sucks

1HipHopBlog said...

My hotmail is always screwing up, it is a nightmare to get it working right.

Ronald said...

nice info!!!!

Reilly said...

i seriously need some help on my hotmail too. Their service is really APESHIT. They keep sending me to the same link whilst deleting my inqueries, i'm getting totally insane of that service. I just want to blackmail them so hard.... :D

Xatana said...

Very good info to keep in mind

RobinV said...

I usually use a certain password, but then add something new to each password depending on the site. For example blog123 for this one and facebook123 for facebook, but then of course not as easy as that. It works quite well.

Salman Ashraf said...

Very useful information here for security. I'm glad you wrote this concisely as well.

Will definitely follow for more posts :). Thank you for sharing!

Jack said...

Good tips. Thanks for sharing.

Al3xaG said...

It sounds pretty basic but its so true, a friend forgot to log off msn on a public computer once, oh the pain...

Scott said...

Good advice. All my passwords are written down somewhere, I should probably move them to a more secure location!

Lich said...

Great advise! I never write down my password, though I have good memory)

biboa said...

never can be too paranoid about your passwords

GreenIdeas said...

also look out for firesheep when using wireless networks.

Clark Kent said...

aaaaaand saved

Skeng said...

Very very informative!

Thankyou

Following :)

Borre Kool said...

Thank you for that man :D

ds said...

Great info. People should know more about this stuff so they wouldn't get in so much trouble.

Nobody in particular said...

many times the users are where the security breach happens not "hacking" a system

goat-on-a-stik said...

great tips. I know most of these but a lot of people do not!

Post a Comment