StopSign Internet Security Blog

OK, we can’t get your passwords to become faster, but certainly we can give you tips on how to make them better and stronger (read: harder to break). Our last post on passwords gave a lot of information on how good passwords can be easily created, and we’ve come up with more ideas for you to secure your passwords.

A strong password is the first line of defense against anyone who would want to break into your account, so the tougher you make it on them, the less likely it will be that they get what they want. Use these tips to create a bionic password that will make it tougher to crack.

• Get creative with words:

  You can get a lot of traction out of one word if you can figure out different ways to use it in your password. For example the word “crystal” is pretty clear (pun intended), but you can muddy it up a bit by doing things like removing all vowels, changing how it’s spelled, or reversing certain letters. Examples include “crstl”, “krYs+al”, and “ltsrc” (the first one, only backwards). Mix that up with another word to increase the length of the password and you’ll be good to go.

• The same word, only different:

  Maybe you like birds, and your favorite bird is the Pine Grosbeak bullfinch. Well, as we all know (sarcasm) the genus for those birds is “Pinicola”. Maybe you also happen to love Coca-Cola. You take out the “cola”, insert “Coke”, and now you have a 2-word password that’s easy to remember: “PiniCoke”. Substitute some of the characters to something like this: “p1niCok3″ and you’re good to go.

• Don’t use common number patterns:

  Your phone number, street address, even your jersey number from the high school football team… these are all very bad things to use in a password as they are. If you plan on using one of them, be sure to mix things up. If you live on 1313 Mockingbird Lane (Quick… what TV show is that address from? The first person to comment on the blog with the right answer gets a free year of StopSign.), you could use the street number like this: “+h1rT3en13″.

• Mix it up:

  Using only alpha-characters or only numbers isn’t a very good idea for a password at all. Your password is a digital cocktail. Mix. It. Up. If a decent password is made up of 8 or more characters, you should try to use at least 2 numbers and one non-alphanumeric character (a hash symbol “#”, an exclamation mark “!”, etc.).

• Use multiple passwords:

  Ideally you should have a unique password for every account that you have. Your home email, work email, computer login, bank account, Twitter… any account you have that requires a user name and password should have its own unique password.

These suggestions are not the end-all, be-all and we don’t necessarily advocate using every single password tip listed. But they can be food for thought when devising a new password. You’ve seen my repeated suggestion to mix things up, and that’s a big thing. Keep things fresh, get creative, and you’ll be far and away ahead of the pack when it comes to creating a strong (and difficult to crack) password.

There are reports coming in regarding Twitter forcing people to update their passwords. The reason: real or potential Twitter phishing attacks. Many people are talking about seeing an email from Twitter that reads:

Due to concern that your account may have been compromised in a phishing attack that took place off-Twitter, your password was reset.

At this time there is no confirmed threat, but it appears that if nothing else, Twitter is taking a proactive role in helping to reduce and/or pre-emptively kill any phishing attempt that may be occuring. Even if Twitter hasn’t changed your password and/or you’re not affected by this possible phishing attack, we recommend the following course of action for increased security:

1. Change your password. Make sure to use a good mix of letter and numbers.

2. Review and rethink any third-party services you’ve allowed in your Twitter Connections setting.

3. It’s also a good time to go through your followers (and those you’re following) and check for spammy and/or suspect accounts. Things to look for in these types of accounts include, but aren’t limited to:

   • Very few, if any, tweets. Ever.
   • No tweets in the last
   • Following thousands but followed by few.
   • The same kinds of tweets sent out over and over and over.

We will report on this issue again as we find out more details. For more tips on staying secure on Twitter, check out our blog post “Six Secrets of a Safe Twitter Account.“.

UPDATE: Twitter addresses the password resets with their status update entitled Reason #4132 for Changing Your Password.

As 2009 comes to a close and all of the holiday decorations begin to come down (you are taking down those lights before Valentine’s Day, aren’t you?), many people choose to make New Years Resolutions. Some people choose to promise themselves to lose weight, others to spend their money more wisely, but we’re asking you to make a different change: the way you use your computer and the Internet.

Making a change is never easy (most people don’t seem to like change at all); but change can be good if it’s done for the right reasons. Meet the New Year head-on by resolving to make the tech-related aspects of your life a little safer and a little more secure by following our 5 simple suggestions for changes to your computer and Internet use:

1. Change your passwords

   It’s a simple enough change, and possibly one of the most important. By not letting a password live for too long, you help to reduce the chances of it being captured by spyware or a keylogger and sent out on the web to someone with mischief on their mind. Read the StopSign blog post on creating a good password and update all of your passwords in 2010.

2. Update Privacy Settings

   Crack open your browser(s) and review your current privacy settings. It’s probably not a set of options that you look at all the time, and you might have accidentally set some of the settings too low for certain things, or maybe even added certain web sites to a white list that you didn’t mean to. Now’s the time to clean all of that up. And while you’re at it you may as well clear out your cookies, browser cache, and all that jazz. Start the New Year as fresh as possible.

3. Update Vital Information Online

   From the address and phone number on your online banking profile to dusting off that Facebook or Twitter account and removing any personally identifying information that anyone can see, there’s no time like the present to update your information online. We can help you to stay safe online with some tips on things to look out for when putting your info online.

4. Back up Important Files

   If you’re like us, you probably do a lot on your computer: your taxes, edit family photos, post videos online, and more. Don’t be caught without a backup: Burn your important files and other data to a CD or DVD, buy an external hard drive and copy everything over, or even use an online service to keep a copy of it all off-site. Between hardware failure (something a friend who didn’t have backups of wedding photos recently went through) and data corruption, much less any other calamity, keeping a backup of the things that are important to you should be a top priority in the coming year.

5. Patch it up

   Check your operating system, installed applications (web browsers and plugins, document editors, PDF viewers, spreadsheets, etc.), and antivirus/security software for updates. Without the latest version of software you leave yourself open to out-of-date problems at best, and security-related and/or data-loss problems at worst. Most software apps have a simple method of updating themselves anyhow, so it shouldn’t be too difficult to figure out.

If you enjoyed this post or any of our other StopSign Blog posts from 2009, just wait until 2010! We’re going to keep posting online safety and security-related topics here on our blog. You can also follow the StopSign Blog on Twitter to get the whole scoop on what we’re doing, what we think you might find interesting online (and sometimes offline), and more.

Happy New Year! We look forward to hearing from you in 2010. :)

“I’ve been hacked. Now what?”

Maybe it was a keylogger. Perhaps it was a simple virus, or even a trojan. Spyware took over your computer? It doesn’t matter, really. Something happened, you’re back to being clean, but your confidence in the security of your computer is shaken; and now you’re sitting there wondering what to do next.

First off, you’re not alone. With an estimated 300 new viruses or malware variants coming out every month, most people at one time or another are going to be the victims of malicious software. And depending on the severity of the attack you suffered, it’s not unlike the feeling you get when your home is robbed or your car is broken into. There’s a sense of fear, mistrust, and possibly even anxiety about being hit by malware in the future. Again, you’re not alone.

While we can’t speak to the emotions you may be feeling about what happened, what we can do is help you fix what happened and maybe even help you avoid the problem in the first place. What you’ll find below is a list of suggestions we have to recover from a malware attack.

• Change your passwords

  All of them. Especially if you had some kind of spyware or a keylogger on your machine. There’s no telling what passwords, if any, the crooks who authored your malware were privy to, but why take a chance? Make good use of our blog post on how to create a good password and come up with a new one for each and every site you use.

• Reconsider minor apps

  Now’s as good a time as any to go to your Add/Remove Programs and look at what software you have installed that you don’t use or might be suspect. Not only will this (possibly) help make your computer a bit more peppy, but it’ll also reduce the chances having of a piece of software on your computer that may be vulnerable to attack (vis-a-vis the bad guys).

  • While you’re at it, you may as well clean up and optimize your hard disk to help fix things up. That’s not going to prevent viruses or spyware from infecting your machine, but it is good general maintenance. :)

• Consider canceling those cards

  If you used a particular credit or debit card with your computer, consider calling up the issuing bank, explaining what happened, and have them cancel the card and get a brand new one issued. That is, admittedly, a pain in the behind; but if your card data was compromised then you could be looking at an even bigger pain trying to recover from a bank account being open to the whim of crooks.

• Report any crime

  It’s one thing to have some passwords compromised; it’s another to actually have sensitive data leaked or have money stolen a bank account whose information was on your computer due to malware. If you were a victim of a crime please contact the authorities.

• Be careful what you open

  Emails, IMs, downloads… Not to make you paranoid, but pretty much anything you can click on has the potential to deliver malware right to your computer’s doorstep. Only open files or click on links from trusted sources. You should also keep an eye open on those, too, since spammers and hackers can forge email addresses to make them seem like they come from a friend or co-worker. Read the subject and content of emails and IMs before clicking on any link or downloading any attachments.

• Practice safe computing

  Help yourself out by steering clear from traditionally virus and spyware-laden web sites: iffy download sites, adult sites, gambling sites, and movie/mp3/torrent/etc. sites. They’re not all bad, but they have a bad rap for a reason.

An ounce of prevention is worth a pound of cure.

While we can’t say that doing any, or all, of the aforementioned steps will keep you 100% protected against future infections, we can say that every bit of pre-emptive caution that you can take will pay off in the long run.

Twitter is like a giant party in a community of over 18 million people, and there’s bound to be a few apples in the bunch who want to cause trouble. You can get around some of those problems by locking down your Twitter account and being aware of some of the potential problems you might run into when you’re tweeting. Just follow these simple Twitter tips and use your common sense, and you’ll be much ahead of the “safe twittering” curve.

1. Good, strong passwords.

   The creation of a good password cannot be stressed enough! Make sure to create a password that’s difficult for others to figure out and contains a mix of letters and numbers. Also try to use a different password than you use on other social networking sites in case one of the passwords gets cracked or is leaked out. Read more about how to create a strong password on our blog.

2. URL shorteners.

   Sites like bit.ly, ow.ly, and cli.gs are great URL shortening services, especially when someone wants to link to websites in 140 characters or less. But if you don’t know the person who tweeted with a shortened URL, you’re never quite sure what you’re going to get. (OK, that’s not 100% true*) Be careful what you click on!

3. Are you (literally) on Twitter.com?

   Scammers and spammers love to build lookalike sites to try and trick you into submitting your user names and passwords to them instead of the real thing. Before you log in, check the address bar to make sure you’re actually on Twitter.com and not some scam website. Learn more about how to figure out if you’re on a fake website or a real one on the StopSign blog.

4. Third party access.

   There are some really neat services out there like We Follow and Twitter Grader that help enhance your Twitter experience and learn more about your tweeting habits; but there are also some fishy ones too. Make sure to regularly check your Connections settings in Twitter to clear out any unexpected or suspect applications that have been given access to your account. And if they offer it, connect using OAuth, as it’s much safer than supplying your user name and password to a strange website.

5. Phishy phish.

   You’ve got to be diligent about reading DM’s and @ mentions (there’s a particularly nasty trick going around now where a scammer will @ mention you regarding something you’ve tweeted about and there’s a shortened URL to a spam site in the mention – do NOT click on it!). There always seems to be a phishing scams of some kind happening on Twitter, so make sure you know what you’re clicking on or responding to.

6. Don’t get too personal.

   It’s really important that you don’t expose too much information about yourself or your family online. The wrong tweet can get you on a spammers list, or at worst, can lead crazies on the Internet right to your front door. We’ve got tips on how to stay safe online and offline.

For more information on Twitter security, check out the official Twitter help article on safe tweeting.

*OK, technically you can preview any bit.ly URL by adding a “+” to the end of the URL. Other sites and/or services may do the same; but the main issue is that URL shorteners, by default and by design, do not natively display the destination URL. Back to the top