Internet Security Hints for a More Secure Internet Experience
By having better passwords and making them longer and more secure can result in a safer internet experience. There are simple steps you can take to make your web use safer and I have listed some suggestions that you may want to take. This article is not meant to make you paranoid, but a guide to take extra steps that you feel are necessary based on your particular internet needs.
Computer security incorporates many different types of hardware devices, such as mobile phones, computers, tablets, TV's, home smart devices and security systems as some examples along with all those items you have hooked up to your home internet network. Basically, if an item is hooked up to the internet, then having better passwords, computer security software, a more secure/updated modem/router would help keep your online presence more secure.
One of the most important things you can do is to change your password every once in a while even If you do not think anyone has your passwords because you never told anyone. The length of time between password changes can vary for different people based on personal opinion. The more important the specific website is to you, the more you should change your password.. While I understand that this is a boring thing to do, you do not know nowadays if someone stole your password, put it out on the dark web to sell for a small amount of money and someone may purchase your information.
If you have 2-factor authorization set up on some of your online accounts that offer this extra password (sign on) protection, then you may not need to change your password as much. 2-factor authorization relates to online log-in security and even if bad people stole and had your username / email and password unless that person had access to a piece of hardware such as your mobile phone, they still should not be able to login into your account. At least not without being a very sophisticated hacker.
I feel any website that is money orientated or shopping website that has your current credit card saved on your account should be changed more frequently. Some examples of these types of accounts would be any bank, any financial institution you have money in such as an investment account, all credit card companies, your web hosting company, Paypal, websiteswebsittes thattaht you pay your youryouryour bills online, your personal online selling sites, or companies that you use to purchase items often such as Amazon. This could also include any work or business websites or any website that could cause you a problem if someone else had access to your account. I would also change passwords for any major social media accounts that you use a lot or are part of any business you have going on. You do not want to build up a major social media presence and then have it taken away from you due to password issues.
As you may see from the websites listed above, I think the most important ones are financial, money-related, security-related, home video camera type devices, or who I order items from since I base my viewpoint on which accounts can hurt me the most if messed with. You will need to determine which websites are more important to you and not only change those passwords more often but in addition adjust the password to make them stronger. For your other online accounts you can change your passwords less often.
A strong password is at least 8 characters long and contains at least one upper case letter, one or two numbers, and at least one special character such as ! or %. You can use a password manager as your passwords get more complicated since the password manager will save your passwords. You also have the option to save the passwords to our local device that remembers them. Some websites have a set standard of what is required in the password such as a required number of characters and what type of characters to save your password. It is not so easy to make your password 'password' or '12345' anymore.
Many people have the same password for numerous different accounts, but I highly recommend that all your sites (or at least main sites) have a different password. Do you want a low-level customer service rep from a third world company that may have access to your user id/email address and password, try those same user ids and passwords for all common bank names or main credit card login pages to see if your user id (email address) and password will allow them to access your accounts?
Note: When you change your password most larger companies send an email right away to your email addresses informing you that a change to your account has been made. They may even let you know what the change was such as a password, email, address, phone, or other contact information. You can ignore these messages since you know that you just changed your password or other account information. If you get one of these types of change messages that you did not expect, verify if anyone else such as a spouse did not make the change.
When you go into and change your password, it may be a good time to update any other information that is not current that has changed such as your phone number, email address, or home address as needed.
If you get one of these email notifications that you changed your account, especially if it is to your password, email, address, or other important account information and you or anyone in your family did not make any changes, then follow the instructions that usually accompany these types of messages and contact the company immediately. You would want to ask the company about any recent activity on your account and may need to put a temporary hold on your account until things get cleared up. For credit cards, you may need to cancel your current credit card and have the company issue you a new credit card number.
Even if someone changes your email address online to a new one without authorization, the company still should send you these types of notices to your email address before the last online change.
I recently went into 10 of my more sensitive web accounts and changed my passwords. I feel that I may just do this once a year because I feel that it makes my internet use just a little bit safer. While changing my passwords, I take this opportunity to make my passwords a little longer and stronger at the same time.
I have been using computers since about 1979 and the internet in 1989. In the past, not as much cybersecurity was needed and you could get away with a pet's name as your password or using the same password for many websites. Later on, I started making my passwords longer or two words together. Then I started adding one uppercase letter to my password. Then I started adding two numbers to my password and finally, I started adding a special character to my passwords and now use two-factor authorization to the online sites that need that extra security. As more and more people find ways to steal from you, you need to keep up with personal or business security.
While I have been using personal computers since around 1979 and the internet since it started I have not known any situation in which I noticed a password or internet fraud type problem other than a few viruses that caused me some problems, I just think that times have changed and we all need to be a little paranoid by making our passwords more secure, different for each website and check out the credit card or bank statements every month for any unusual activity.
Note: All major websites, financial institutions, home security systems, or home video cameras security systems should use 2-factor authentication. We have to be a little more careful nowadays since online theft has grown into a much larger issue than in the past.
So do I need 2 Factor Authentication? What is it and why should I take the time to determine which websites I should have 2 Factor Authorization on.
2 Factor Authentication adds an extra layer of security to signing into an account. You can have part of your sign-in procedure having information sent to your mobile phone or other hardware device to verify that it is you. Most of the time, you can set your main computer to recognize your hardware and not ask for 2 Factor Authentication on every sign-in. It would mostly be asked if you enter a website on an unfamiliara nonfamiliar computer or mobile phone such as at a library or from a hotel connection. Because of this, having 2 Factor Authentication is not really any more complicated since most of the time you may not have to do anything extra. If you extra unless you delete your computer's cookies, you might have to verify it is your one time again..
The answer is that you should have2 Factor Authentication for financial institutions, home security systems or home video cameras security systems, your credit card sites, banks, your work accounts as a few examples when it is offered. It makes sites much more secure and having a hacker breaking into them is much more difficult. If you make it more difficult, then the hackers will move on to someone else. If you have a security camera in your house, do you want someone watching and listening to you using your own camera? This would be a good reason to add 2-factor authorization to the software that displays the webcam images.
Security software and keeping your computer software up to date
It is a good idea to have some security software loaded up on your computer. Numerous companies sell these. There are a few free ones, but in this case, I would go with a security software/virus protection that you purchase. purchased copy. You generally purchase a license or multiple licenses for each physical device as for each computer, tablet or and each mobile phone. These can be set to auto-update and will let you know if they help prevent any malicious software or virus to load.
You can also use your security software to run a scan on your computer every once in a while. They usually have a quick scan to review your main operating system files and a full scan that will review all your files on your computer. It is a good idea to scan your computer about every month or two. If you only scan your computer every 6 months or once a year, that is better than not doing it at all. You can run these scans in the background and use your computer at the same time.
Noe: Another thing you can do is limit loading up free software that you do not know the company behind it as it may have harmful added code in it. You should also be careful to download software from more sketchy types of sites. What one could consider sketchy, others would not. For example, downloading a non-free cracked software product without paying for it could result in bringing in a virus to your computer.
What if I get an email notification from a company that I use that they have had some account information stolen from them?
Originally, this article was written in 2014 and has been totally rewritten in 2021
One of the reasons I decided to initially write this article initiallyin 2014(2014) is from all the company email or written notifications I have been getting lately.
I have received notices from about five companies (in 2014) in the last year such as Target, Adobe as many of you reading this may have also had the pleasure of reading. Another one from Adobe and even one from a small company that I use to print some of my photographs. Since I originally wrote this article, companies have been getting better at protecting their information. They probably felt that they would like to avoid such bad publicity and reduce their libability losses.
While this stolen information is not necessarily related to web accounts and more relates to hacking on the companies corporate computers or on the credit card scanner devices at brick and mortar stores checkout areas, it does let you know that sophisticated hackers are out there and they are stealing private information from millions of accounts at a time. The only advice I can give on this is to review your credit card statements monthly for any activity that does not look right. Many thieves who buy the credit card information may put small charges on your account with amounts less than $10. These smaller charges may not be as noticeable as larger charges.
Some of this stolen credit card information is used to open up other new credit cards and some of these credit monitoring companies such as Lifelock can be useful if someone opens up a new credit card account or a loan under your name/social security number and they send you a notification email on the new credit card under your name. These credit monitoring companies charge a yearly cost for this service.cost money per year.
I feel that many of these companies are not telling their customers on a timely basis or underestimating how bad the break-in was and seem to be unsure of what information was stolen. While this kind of hacking has existed for a long time, it is getting more press now and companies are now required to inform their customers by law and the larger ones are doing it. The bottom line is that I feel that we need to be more careful and watching over our accounts now whether it be credit card accounts, bank accounts, or web-related accounts.
Update: Companies are doing a better job of securing information now (2021) than back then, but you still need to be careful and do the things that you have control over to make things safer.
Should I store my credit card information online in web shopping carts?
Because of all the company problems with people stealing credit card information from large segments of the US population, I only keep my credit card information saved online on only a few websites related to larger companies that I use often. If you are purchasing something by mobile phone / laptop and using your credit card number, I would make sure that you are not on a free public wifi hotspot which is never may not be as secure. If you do not have to enter a password to use the internet, it probably is not very secure.
What can someone do to harm you when they know your online user id and password?
When someone has your email (userid) and password, they can cause a lot of trouble for you on any site that you use that password on. One of the things they may do is change your email address, change your mailing or shipping address and change your password which will lock you out of the system. Once this is done, they could have the authority to transfer money out of your accounts if it is a bank, making bad stock purchases on your investment account, or simply order expensive items and have them mailed to your changed shipping address as an example. While I am sure different companies have some internal protection that may protect you in some cases, they may not work every time.
In the past few years, it is becoming more common for hackers to encrypt your personal PC data or files or company data and then ask for a lot of money so you can get access to your computer data or files again. It happens to police departments, government sites, hospitals, larger companies and some personal home computers. The last big one (2021) shut down a large gas pipeline which caused higher prices at the pump and also many shortages in multiple states. Basically, having your computer files encrypted can happen to even a small home computer and it is not always to larger companies. It is now more important to backup your data and keep those backup drives and files off-line as in not physically connected to your computer. I use external hard drives and only turn them on when I do a backup or recovery. External hard drives are now really inexpensive and backup software is simple to use.
If you get an account change notice and your password does not work, they may have changed your password and you may need to call the company to put a temporary hold on your account until you determine if any recent activity may have been on your account that was not authorized. You would first try to recover your password which many companies call 'Forgot your Password' to see if that works. After that, you may want to call and then take advice from the company since they may know what is best for their specific company. You may also be liable for future fraud on the account if you do not take the security steps as the company suggests.
Sometimes it may be best if you notice anything strange on any of your accounts even if you do not find anything wrong to just do a simple change of password.
If you are getting divorced or just break up with someone that knows your passwords, you may want to just change them if the account is under your name only.
How complex should you make your passwords?
Make your passwords more complex or stronger, especially on companies such as banks or other money-related sites, credit card websites, or websites that you purchase from that have your credit card information on file. If you have a lot of activity on certain social activity sites such as Facebook or Twitter, you may also want to have a more secure password. It really depends on how important a particular company's websites are to you or how important or private the information that they hold. Some people may want stronger passwords for online medical sites or perhaps your email accounts.
Even sites that generally do not have anything to do with money such as Facebook can cause problems if someone has your password such as sending out spam emails or messages to your friends or contact list that may cause some confusion or get people mad at you.
Many websites have a nice feature when you type in your password that tells you if your password entered is weak, average, or strong. Some websites require your password to be at a certain length such as at least 8 characters or must contain at least one number or one capitalized letter. I think that this is a good feature to stop people from using weak passwords or at least warn them when they are. Since many people use "password" or "1234567" as their password, I think this is a good feature. It is also not a good idea to use as your password a word that is closely associated with you such as your birthday, your spouse's name, or your dog's name.
I recommend longer passwords with at least one capital letter and a few numbers mixed in. An example of a few passwords may be "Themightyoak57" or "ParkingSpot7$" . Perhaps you can have a system where the first, last or fourth letter in your password is always capitalized to make it easy to remember.
For a more secure password make them longer and include at least one special character.
Another suggestion is that if you have your own website to make the password that is used to change your website (hosting site) strong. I had a friend who had his website hacked by someone who left a message on his homepage that his website had been hacked and the hackers call sign. Most of the rest of his website pages were made unreadable. I guess he did not have a backup of his site so the website died.
General ways to help protect and keep your computer clean and more secure that I use:
1. Keep your operating system up to date with the latest software. If using a PC, you can have Windows Update update your computer automatically.
2. I also recommend that you update your main internet browser's software often. If you are using Chrome or Firefox, you should update the software when it gives you a message that a new version is available or set the browser to automatically update.
3. Having good virus/firewall protection software on your computer is also recommended and really necessary nowadays. You can do a full manual scan of all your drives using your virus protection software every few months or when you think you have a problem. If you really do not like doing these scans, then try to do a full scan at least once every six months or every year.. If you do them often, most software allows you a Quick Scan option that only looks at the most important parts of your drive and does not take very long to finish.
4. I run a free version of a program called "ccleaner" that can be downloaded here. This program cleans out much of your temporary files and cookies. I run this program about every month or every two months.
5. Here are two free programs that I use to look for spyware or viruses that work very well. The first one is called "Spybot Search and Destroy" which can be downloaded free here. The other one is called "Malwarebytes" and can be downloaded for free here.
Both these programs are popular and I have never had any damage to my computer done by them.
Another topic is about recovery. If you do have an issue with your computer from a virus or just deleted some needed files, having a backup of your system can be handy. If your hard drive goes bad or you are hit with a virus that encrypts all your computer files, it is nice to know you can restore much of your data from backups.
You should run backups as often as you feel you need to. It comes down to at what point does your backup becomes so old that you wish you had a more current backup. You can do it daily, weekly, monthly, or every 3-6 months depending on your specific needs. If your computer information is critical for a business, then you should probably back up more often. When you do a backup, it can be set to only backup new or changed files, so making the backup does not really take that long. You can also have a second backup in case your first one does not work.
You can also keep one of your backups outside of your home or business in case you have a fire/flood that damages both your computer and local backups. With external hard drives so inexpensive now for a very large one, it is hard to have an excuse to not do backups. You could give a second backup to a friend or place it in a safe deposit box. Some people will place the backup hard drive in a safe in case of a fire, the safe will get hot enough to melt the data-saving magnetic coating on the spinning hard disks making them unreadable. I would not trust the more new solid state hard drives in a safe with a home fire. Most safes will keep paper from burning up for a specific time period during a fire, but not from keeping your backup hard drives safe.
Do you have the same password for many of your online accounts?
I highly recommend that you do not have the same password for many or all of your accounts. I have read that a very large segment of people do this. Can you imagine the number of Customer Service reps or a great number of people that have access to your user id (email) and password information at their company? If you use the same email and password on many of your other accounts, they could try your same email and password combination to see if they can log on to your other accounts.
You have to ask yourself if people looking to harm you or steal from you would be able to get on to your Amazon, EBay, Facebook, Bank of America, Chase bank, email account, or your credit card companies website as some examples is worth the convenience of using the same password for most of your accounts. Using the same password on multiple accounts can lead to an old girlfriend, boyfriend, spouse, roommate as some examples can abuse the use of knowing your email address and passwords across multiple accounts. Also, if someone you know knows your passwords, and you no longer have a good relationship with that person, I would change your passwords. Sometimes it is good to be a little paranoid.
Using password management software on your computer?
I keep a manual list of my passwords on regular line paper. I generally enter the website along with the User ID and password on the rest of the line. For convenience, I also use a password manager which is software that you can buy from different companies that are not that expensive. This software can securely store your passwords for different websites you access regularly so you can log on easier without the need to check your list of passwords on a printed document as often.
I mention this for those who only want to use a few passwords for most of your websites, you have the option to use this password manager software so you can have many different passwords without the need to have them all memorized.
Routers administration password:
Most people do not think about this but your router password in your home is really important. Since your router can give access to all your hardware associated with it, you do not want to make it easy to have someone get your router login id and password. It is really important to verify that the default router password is changed since the default router passwords are commonly known.
I recently purchased a new router for wireless internet in my home. The routers all come with default passwords to get administrator access that is used during the initial setup or when you want to change things like your router password. For my router the default router administration user id and password was "admin" and "admin" .
I was surprised by how difficult it was to find how to change this password in the menu setup. I actually had to look for a web article on which multiple menus I had to go into to change the router's administration password. I recommend that everybody change this password. This administration password is not the same password you enter during the initial router setup that you enter on your wireless connected devices to access your wireless internet connection.
When changing this default router password, write it down since it may not be used for a while and may be forgotten. Since all the default passwords are known for each brand, someone may be able to access your router if you leave your default router password as "admin" or "password".
Also, if you have a very old router still on encryption "WEP", it is not very secure and can be broken in under a minute by people that know how to do these types of things. Most routers and what you probably have is WPA2 which is much more secure.
Routers regular wireless internet password:
Also during the initial router setup, they make it easy to set your regular router internet access password that you enter on your wireless devices such as your computer, TV, tablet, or phone. I suggest that since you do not need to enter this password that often once it is entered on your hardware devices after the first time, that the password is very long and complicated. As usual, I write down this password for later reference. Since this wireless signal can reach down the block from your home or business, you want to make it secure. If you live in an apartment with many neighbors very close to or near a hotel in which guests may search out for open internet connections, I suggest a stronger password. I do not recommend you ever have a weak password for your router or set up a separate guest access to your router that does not require a password.
I don't mean to be paranoid, but do you really want someone from your neighborhood downloading illegal music or child porn using your router/internet connection and getting a notice from your internet provider that they will take action if this continues or possibly call the police on you. Remember, you are responsible for what your internet connection is doing even if you did not do anything illegal and even if you are unaware of this activity. It will look like you, the router owner is accessing those sites even if it was some outside person using your router without your knowledge. A good reason for a strong router password.
Entering of security questions from websites:
Before the internet, you probably had these types of security questions from a bank to verify your identity. The banks used to ask your mother's maiden name a lot or a small variety of other questions such as your social security number. When using the phone, many companies already know your identity since they recognize the phone you are calling from is yours. That may be enough or they might ask you for a four-digit code, ask you to enter a password or account number into the phone, or the last four digits of your social security number.
Even some websites use your computer identity as part of the process to verify who you are. If you use the same computer to access the website, your computer's internet IP address may be the same and the company website can recognize you, or at least your computer, from past access to their site.
Many times on more secure sites, you may know your password but still, you may have to answer a few security questions before or after you enter your password. These security questions are initially asked when you set up an account such as an online bank account. Different companies use different questions but many of them are the same. Some examples might be you are shown a list of different addresses or County's and ask you to select which one you once live at. Most of the time the security questions are ones you previously entered when opening the account at the company. They may ask what your pet's name is, what is your favorite color is, what was the name of your high school, or what city your mother was born in. On my manual written password page, I usually keep a note on the answers to these security questions next to where I write my password in case I forget what I had said.
With the internet containing so much information and more public information about you now online, I am not sure these types of security questions are as safe as they used to be. I hear of cases of celebrities getting their social network or email accounts hacked. I believe they attempted this hack by requesting a password change by only knowing the user id or email address and they were able to get full access to the account by answering some online security questions. These answers could be looked up if someone was an investigator or skilled in certain areas.
So what's my point here? I feel it might be safer to give false answers to these web security questions and then write the questions and false answers down on your manual password page in case you need to reference them in the future. Another method would simply be to add a letter to the beginning of each security answer. For example, if you are asked: "What is your pet's name", you can answer "xfido" instead of "fido '' since all our answers start with an "x". This way you can still answer the security questions by knowing the answer but entering your code "x" first to all your security answers. This should make it difficult for others to answer your questions. Just an idea I thought up but have not used yet.
What is the future for online or credit card security?
Please note while reading this that I am not a security expert, but sharing some thoughts.
I feel that we are at the point where web security or even software that is related to credit card processing is so complicated that they are vulnerable. When a teenager from Russia can write software code to defeat the security on these large companies' computer systems, companies need to make security more of a priority.
It may be this year or in the next few years where a major security breach not only results in millions of consumer's private or credit card information being stolen but that information that is stolen is used fraudulently on a massive scale involving millions of consumers. On that day, a large-good company that may have been around for many decades will go out of business in a short period. I hope that day never comes but it will put out a strong wake-up call about how consumers will react to these types of security violations and those other companies may do what is required to keep us customers safer.
Some of the problems relate to not that the companies security software does not give warning of a security threat, but that of employees monitoring the security software do not check out the threats due to lack of time, training, or skill to determine which warnings are more severe that need further investigation and which warnings that they can pass on. Another problem in which I read is that it takes a lot of skill to fine-tune the security systems for a large company and needs to be done by experts in which are not always available and are very expensive.
The Heartbleed security problem:
One of the most recent web security problems (2014) was the Heartbleed programming flaw which caused major security concerns across the Internet. The widely used encryption technology that was designed to protect online accounts had a programming error for the last few years.
When you access a website page to enter your credit card info or other private information you will see the website address starting with "https:" with the extra "s" for secure or encrypted sites. "Https" actually stands for "HyperText Transfer Protocol" with Secure Sockets Layer (SSL).
With many websites using this particular encryption software for a few years that contained the Heartbleed error, your passwords or other information you entered such as credit card information may be read by those who knew about the bug and took advantage of it. I have not heard of an error this big before in internet history but I do not think many people took advantage of this error on a major scale. I have not heard of any major damage Heartbleed has led to yet.
However, the security experts are warning people to change their passwords to prevent any problems with passwords stolen in the last two years due to this software bug. Many companies may fix the error on their website for future security but may not tell you that your password may have been compromised in the past. If you change your password before the company fixes the Heartbleed problem, you may want to change it again if you accessed the website in between your password change and the Heartbleed fix notification for that particular website
Do you have many of your internet passwords listed in your old emails?
I searched and was surprised at how many I had. I found most of them and deleted the old emails that displayed my passwords. If someone knows your email password or has access to your email account, they could search for the word "password" and find many of your current and old passwords from this one simple search. You may have dozens of old passwords out there listed in your emails going back 5 - 10 years and you may not even know that they were there.
Since I had originally written this article, companies have been smarter and not placed your passwords in your emails anymore. Security on this issue has gotten much better. I left this section in to see if you can find any really old passwords written in old emails that are still valid. You never know if you do not look. If you change your passwords for your main websites once a year, you probably will not have any issue with very old passwords displayed in your older emails.
What to do: Search for the word "password" on your email list. Review each email listed and delete any email that lists a current or old password. I recommend this on all emails with passwords even if it is for a minor website or for ones that may even be out of business. I do this every few years to just get rid of them as they accumulate.
If you get way too many emails on your initial search for "password" you can take another approach that I use. Most email clients have a more advanced search feature such as Gmail to search in different selected fields such as only in the "Subject"; line or only search the email content section.
I initially looked for the word "password" only in the email subject line. This seems to get most of them without having many other emails get selected that do not have passwords in them. I then do a global delete of these emails. I then may do another search for the word "password" by searching only in the content area of the email. I may look through some of these looking for passwords and then delete them as I find them.
These passwords end up in your email usually by way of the website/company sending you an initial password when you first set up your account. You then have the option of changing your password to something more friendly on their website if you want. Another way is when you can not remember your password for a website and click on the "Forgot my password" link. You usually enter your email address and the website sends you an email with your existing password. More websites are now sending you an email with a link that directs you to a special web page that you can enter with a new password. This is much better since the password is not listed in your email. Also, these password change links expire after a few hours or that day so someone can not use these links at a future date to change your password.
Written by Bob Estrin
Feel free to enter in comments (without internal links). The last 10 comments will be on display with the option to view previous comments if you want.