Internet Password Hints for a More Secure Internet Experience
By having better passwords and making them longer and more secure can result in a safer internet experience. There are simple steps you can take to make your web use safer and I have listed some suggestions that you may want to take. This article is not meant to make you paranoid, but a guide to take extra steps that you feel are necessary based on your particular internet needs.
Click here to add this article to your favorites (IE)
Do you have many of your internet passwords listed in your old emails?
I did a search and was surprised at how many I had. I found most of them and deleted the old emails that displayed my passwords. If someone knows your email password or has access to your email account, they could search for the word “password” and find many of your current and old passwords from this one simple search. You may have dozens of old passwords out their listed in your emails going back 5 – 10 years and you may not even know that they were there.
What to do: Search for the word “password” on your email list. Review each email listed and delete any email that list a current or old password. I recommend this on all emails with passwords even if it is for a minor web site or for ones that may even be out of business. I do this every few years to just get rid of them as they accumulate.
If you get way to many emails on your initial search for “password” you can take another approach that I use. Most email clients have a more advance search feature such as Gmail to search in different selected fields such as only in the “Subject” line or only search the email content section.
I initially looked for the word “password” only in the email subject line. This seems to get most of them without having many other emails get selected that do not have passwords in them. I then do a global delete of these emails. I then may do another search for the word “password” by searching only in the content area of the email. I may look through some of these looking for passwords and then delete them as I find them.
These passwords end up in your email usually by way of the web site/company sending you an initial password when you first set up your account. You then have the option of changing your password it to something more friendly on their web site if you want. Another way is when you can not remember your password for a web site and click on the "Forgot my password" link. You usually enter your email address and the web site sends you an email with your existing password. More web sites are now sending you an email with a link that direct you to a special web page that you can enter in a new password. This is much better since the password is not listed in your email. Also these password change links also expire after a few hours or that day so someone can not use these links at a future date to change your password.
How often should I change my passwords?
Change your passwords every once in a while even If you do not think anyone has your passwords because you never told anyone. The length of time between password changes can vary for different people based on personal opinion or how important the web site or company is. I feel any web site that is money orientated or shopping web sites that have your current credit card saved on your account should be changed more frequently. Some examples of these types of accounts would be any bank, any financial institution you have money in such as an investment account, all credit card companies or companies that you use to purchase supplies often such as Amazon.
As you may see from the web sites types listed above, I think the most important ones are financial, money related or who I order items from since I base my viewpoint on which accounts can hurt me the most if messed with. You will need to determine which web sites are more important to you and not only change those passwords more often but in addition adjust the password to make them stronger. For your other online accounts you can change your passwords less often.
Note: When you change your password most larger companies send an email to your email addresses informing you that that a change to your account has been made. They may even let you know what the change was such as a password, email, address or other contact information. You can ignore these messages since you know that you just changed your password or other account information.
If you get one of these email notifications that you changed your account especially if it is to your password, email, address or other important account information and you did not make any changes, then follow the instructions that usually accompany these types of messages and contact the company immediately. You would want to ask the company about any recent activity on your account and may need to put a temporary hold on your account until things get cleared up. For credit cards, you may need to cancel your current credit card and have the company issue you a new credit card number.
Even if someone changes you email address online to a new one without authorization, the company still should send you these types of notices to your email address before the last online change.
I recently went into 10 of my more sensitive web accounts and changed my passwords. I feel that I just may just do this once a year or two just because I feel that it makes my internet use just a little bit safer. While changing my passwords, I take this opportunity to make my passwords a little longer and stronger at the same time.
While I have been using personal computers since 1981 and the internet since it started I have not known any situation in which I noticed a password or internet fraud type problem, I just think that times have changed recently and we all need to be a little paranoid by making our passwords more secure, different for each web site and check out credit card or bank statements on a monthly basis for any unusual activity.
What if I get a notice from a company that I use that they have had some account information stolen from them?
One of the reasons I decided to write this article now is from all the company email or written notifications I have been getting lately. I have receive notices from about five companies in the last year such as Target as many of you reading this may have also had the pleasure of reading. Another one from Adobe and even one from a small company that I use to print some of my photographs.
While this information is not necessarily related to web accounts, it does let you know that sophisticated hackers are out there and they are stealing private information of millions of accounts at a time. The only advice I can give on this is to review your credit card statements monthly for any activity that does not look right. Many thieves who buy the credit card information may put small charges on your account with amounts less than $10. These smaller charges may not be as noticeable as larger charges.
Some of this stolen credit card information is used to open up other new credit cards and some of these credit monitoring companies such as Lifelock can be useful if someone opens up a new credit account and they send you a notification email on the new credit card under your name.
I feel that many of these companies are not telling their customers on a timely basis or really underestimating how bad the break in was and seem to be unsure of what information was really stolen. While this kind of hacking has existing for a long time, it is getting more press now and companies are now required to inform their customers by law and the larger ones are doing it. The bottom line is that I feel that we need to be more careful and watching over our accounts now whether it be credit card accounts, bank accounts or web related accounts.
Should I store my credit card information online in web shopping carts?
Because of all the company problems with people stealing credit card information from large segments of the US population such as with Target recently, I only keep my credit card saved online on only a few web sites Note: The stolen credit card information in Target’s case was from their physical store location related to how they processed the credit cards in the store.
I used to save my credit card information on many companies web sites When even larger more sophisticated companies using security experts as well as sophisticated security software can become a victim, I just do not feel it is as safe to keep my credit card information online as much anymore. The larger companies are currently more of a target for large breeches of security and cannot protect you as they had in the past.
I hope the companies that have access to my credit cards that I use at their physical stores do not store this information on a permanent basis. I also hope that when I enter my credit cards online to make purchases, the companies do not store my credit card information on a permanent bases unless I choose to store it online for the convenient use on future purchases.
I feel it is time for the consumers to take the small steps necessary to make themselves safer in the online world or in general with credit card use or other information that is stored online that they feel is private.
What can someone do to harm you when they know your password?
When someone has your email and password, they can cause a lot of trouble for you on any site that you use that password on. One of the things they may do is change your email address, change you’re mailing or shipping address and change your password. Once this is done, they could have the authority to transfer money out of your accounts if it is a bank, making bad stock purchases on your investment account or simply order expensive items and have them mailed to your changed shipping address as an example. While I am sure different companies have some internal protection that may protect you in some cases, they may not work every time.
If you did not notice your warning emails from the company initially when your account was changed, you may not be aware of the unauthorized activity if your email and mailing address was modified by them. By the time it is noticed by your next mailed statement, you may not be able to recover any losses depending on the company and its rules. If you stop getting your monthly statements, that might also be a clue that something may be wrong.
If you get an account change notice and your password does not work, they may have changed your password and you may need to call the company to put a temporary hold on your account until you determine if any recent activity may have been on your account that was not authorized. At this point, you may want to take advice from the company since they may know what is best for their specific company. You may also be liable for future fraud on the account if you do not take the security steps as the company suggests.
Sometimes it may be best if you notice anything strange on any of your accounts even if you do not find anything wrong to just do a simple change of password.
How complex should you make your passwords?
Make your passwords more complex or stronger, especially on companies such as banks or other money related sites, credit card web sites or web sites that you purchase from that have your credit card information on file. If you have a lot of activity on certain social activity sites such as Facebook or Twitter, you may also want to have a more secure password. It really depends on how important particular company’s web sites are to you or how important or private the information that they hold. Some people may want stronger passwords for online medical sites or perhaps your email accounts.
Even sites that generally do not have anything to do with money such as Facebook can cause problems if someone has your password such as sending out spam emails or messages to your friends or contact list that may cause some confusion or get people mad at you.
Many web sites have a nice feature when you type in your password that tells you if your password entered is weak, average or strong. Some web sites require your password to be at a certain length such as at least 8 characters or must contain at least one number or one capitalized letter. I think that this is a good feature to stop people from using weak passwords or at least warn them when they are. Since many people use “password” or “1234567” as their password, I think this is a good feature. It is also not a good idea to use as your password a word that is closely associated with you such as your birthday, your spouse’s name or your dog’s name.
I recommend longer passwords with at least one capital letter and a few numbers mixed in. An example of a few passwords may be “Themightyoak57” or “ParkingSpot7$”. Perhaps you can have a system that the first, last or fourth letter in your password is always capitalized to make it easily to remember.
For a more secure password make them longer and include at least one special character.
Another suggestion is that if you have your own web site to make the password that is used to change your web site strong. I had a friend who had his web site hacked by someone who left a message on his homepage that his web site had been hacked and the hackers call sign. Most of the rest of his web site pages were made unreadable. I guess he did not have a backup of his site so the web site died.
As a side note, I have received emails from friends from their email or Twitter accounts that have obviously been broken into and spam went out to their contact lists. If you get these, it is nice to send a copy of the email back to them since they probably did not know that the scam emails have even been sent out from their account. I would also send a friendly message to them suggesting that they may want to change their related email or social network password just in case it has been compromised.
General ways to help protect and keep your computer clean and more secure that I use:
1. Keep your operating system up to date with the latest software. If using a PC, you can have Windows Update update your computer automatically.
2. I also recommend that you update your main internet browser's software often. If you are using Chrome or Firefox, you should update the software when it gives you a message that a new version is available. Many internet security problems can be traced to security issues found in the browsers, so it is important to update these.
3. Having a good virus/firewall protection software on your computer is also recommended and really necessary now a days. You can do a full manual scan of all your drives using your virus protection software every few months or when you think you have a problem. If you really do not like doing these scans, then try to do a full scan at least once a year. If you do them often, most software allows you a Quick Scan option that only looks at the most important parts of your drive and does not take very long to finish.
4. I run a free version of a program called "ccleaner" that can be downloaded here. This program cleans out much of your temporary files and cookies. I run this program about every month or every two months.
5. Here are two free programs that I use to look for spyware or viruses that work very well. The first one is called "Spybot Search and Destroy" which can be downloaded free here. The other one is called "Malwarebytes" and can be download free here.
Both these programs are popular and I have never had any damage to my computer done by them.
Do you have the same password for many of your online accounts?
I highly recommend that you do not have the same password for many or all of your accounts. I have read that a very large segment of people do this. Can you imagine the number of Customer Service reps or a great number of people that have access to your email and password information at their company? If you use the same email and password on many of your other accounts, they could try your same email and password combination to see if they are able to log on to your other accounts.
You have to ask yourself if they would be able to get on to your Amazon, EBay, Facebook, Bank of America, Chase bank, email account, or your credit card companies web site as an example. Is it worth the convenience of using the same password for most of your accounts and only have to remember a few passwords when an employee from one company or even an old girlfriend or boyfriend can abuse the use of knowing your email address and passwords across multiple accounts.
Using password management software on your computer?
I keep a manual list of my passwords on a regular line paper. I generally enter the web site along with the User ID and password on the rest of the line. I also use a password manager which is software that you can buy from different companies that is not that expensive. This software can securely store your passwords for different web sites you access regularly so you can log on easier without the need to check your list of passwords on a printed document as often.
I mention this for those who only want to use a few passwords for most of your web sites that you have the option to use this password manager software so you can have many different passwords without the need to have them all memorized.
Routers administration password:
I recently purchase a new router for wireless internet in my home. The routers all come with default passwords to get administration access that is used during the initial setup or when you want to change things like your router password. For my router the default router administration user id and password was “admin” and “admin”.
I was surprised how difficult it was to find how to change this password in the menu setup. I actually had to look for a web article on which multiple menus I had to go into to change the routers administration password. I recommend that everybody changes this password. This administration password is not the same password you enter during your initial router setup that you enter on your wireless contacted devices to accessed your wireless internet connection.
When changing this default router password, write it down since it may not be used for a while and may be forgot. Since all the default passwords are known for each brand, someone may be able to access your router if you leave your default router password as “admin” or “password”.
Also, if you have an old router still on encryption “WEP”, it is not very secure and can be broken in under a minute by people that know how to do these types of things. Most routers have other encryption options such as WPA2 which is much more secure.
Routers regular wireless internet password:
Also during the initial router setup, they make it easy to set your regular router internet access password that you enter on your wireless devices such as your computer, TV, tablet or phone. I suggest that since you do not need to enter this password that often once it is entered on your hardware devices after the first time, that the password be very long and complication. As usual, I write down this password for later reference. Since this wireless signal can reach down the block from your home or business, you want to make it secure. If you live in an apartment with many neighbors very close or near a hotel in which guest may search out for open internet connections, I suggest a stronger password. I do not recommend you ever have a weak password for your router or set up a separate guest access to your router that does not require a password.
I don’t mean to be paranoid, but do you really want someone from your neighborhood downloading illegal music or child porn using your router/internet connection and get a notice from your internet provider that they will take action if this continues or possible call the police on you. Remember, you are responsible for what your internet connection is doing even if you did not do anything illegal and even if you are unaware of this activity. It will look like you, the router owner, is accessing those sites even if it was some outside person using your router without your knowledge. Good reason for a strong router password.
Entering of security questions from web sites:
Before the internet, you probably had these types of security questions from a bank to verify your identity. The banks used to ask your mother’s maiden name a lot or a small variety of other questions such as your social security number. When using the phone, many companies already know your identity since they recognize your phone you are calling from is yours. That may be enough or they might ask you for a four digit code, ask you to enter a password or account number into the phone or the last four digits of your social security number.
Even some web sites use your computer identity as part of the process to verify who you are. If you use the same computer to access the web site, your computer’s internet IP address may be the same and the company web site can recognize you, or at least your computer, from past access to their site.
Many times on more secure sites, you may know your password but still you may have to answer a few security questions before or after you enter your password. These security questions are initially asked when you set up the account such as an online bank account. Different companies use different questions but many of them are the same. Some examples might be you are shown a list of different addresses or County’s and ask you to select which one you once live at. Most of the time the security questions are ones you previously entered when opening the account at the company. They may ask what your pets name is, what is your favorite color, what was the name of your high school or what city your mother was born in. On my manual written password page, I usually keep a note on the answers to these security questions next to where I write my password in case I forget what I had said.
With the internet containing so much information and more public information about you now online, I am not sure these types of security questions are as safe as they used to be. I hear of cases of celebrities getting their social network or email accounts hacked. I believe they attempt this hack by requesting a password change by only knowing the user id or email address and they were able to get full access to the account by answering some online security questions. These answers could be looked up if someone was an investigator or skilled in certain areas.
So what’s my point here? I feel it might be safer to give false answers to these web security questions and then write the questions and false answers down on your manual password page in case you need to reference them in the future. Another method would simply to add a letter to the beginning to each security answer. For example if you are asked “What is your pets name”, you can answer “xfido” instead of “fido” since all our answers start with an “x”. This way you can still answer the security questions by knowing the answer but entering your code “x” first to all your security answers. This should make it difficult for others to answer your questions. Just an idea I thought up but have not used yet.
What is the future for online or credit card security?
Please note while reading this that I am not a security expert, but sharing some thoughts.
I feel that we are at the point where web security or even software that is related to credit card processing is so complicated that they are vulnerable. When a teenager from Russia can write software code to defeat the security on these large companies computer systems, companies need to make security more of a priority.
It may be this year or in the next few years were a major security breach not only results in millions of consumers private or credit card information being stolen but that information that is stolen is used fraudulently on a massive scale involving millions of consumers. On that day, a large good company that may have been around for many decades will go out of business in a short period of time. I hope that day never comes but it will put out a strong wake up call about how consumers will react to these types of security violations and that other companies may do what it is required to keep us customers more safe.
Some of the problems relate to not that the companies security software does not give warning of a security threat, but that of employees monitoring the security software do not check out the threats due to lack of time, training or skill to determine which warnings are more sever that need further investigation and which warnings that they can pass on. Another problem in which I read is that it takes a lot of skill to fine tune the security systems for a large company and needs to be done by experts in which are not always available and are very expensive.
The Heartbleed security problem:
One of the most recent web security problems (2014) was the Heartbleed programming flaw which caused major security concerns across the Internet. The widely used encryption technology that was designed to protect online accounts had a programming error for the last few years.
When you accessed a web site page to enter your credit card into or other private information you will see the web site address starting with “https:” with the extra “s” for secure or encrypted site. “Https” actually stands for "Hyper Text Transfer Protocol" with Secure Sockets Layer (SSL).
With many web sites using this particular encryption software for a few years that contained the Heartbleed error, your passwords or other information you entered such as credit card information may be read by those who knew about the bug and took advantage of it. I have not heard of an error this big before in internet history but I do not think many people took advantage of this error on a major scale. I have not heard of any major damage Heartbleed has led to yet.
However, the security experts are warning people to change their passwords to prevent any problems with passwords stolen in the last two years due to this software bug. Many companies may fix the error on their web site for future security but may not tell you that your password may have been compromised in the past. If you change your password before the company fixes the Heartbleed problem, you may want to change it again if you accessed the web site in between your password change and the Heartbleed fix notification for that particular web site