I’ve just spent the past few days changing all my settings on Facebook and my e.mail addresses as someone is trying to gain access to my Facebook account. This idiot I think has even managed to log in at one point as I got a text saying “iPad logged into your Facebook account at… bla bla..” the thing, is no one in my household has an iPad so I have no clue to what is really going on…
I don’t share my password with anyone and have not used any public computers. The thought of someone being in my Facebook is really pissing off to say the least. Eventually I thought I better just change my settings, password and update e.mail addresses too. Better to be safe than sorry.
With Facebook stepping up on security and privacy settings we are all still vulnerable to being hacked. Whether that may be on Facebook or our e.mails etc. I have decided to compile a list of things that I think everyone should know about protecting themselves from hackers.
- Keep your social networks (i.e facebook, google+ etc.) e.mail addresses private, that means don’t share them with anyone or display them on your profiles. The most common way your accounts are hacked is through your e.mail addresses. I will tell you in a bit how to protect them too.
- For chatting, for instance on yahoo and msn, use separate e.mail addresses. As these are more public and you are more likely to share them out more.
- As we move more and more towards paper statements, internet banking and paying bills on-line and buying on-line our details are more likely to be in our e.mails. For your private affairs like banking, bills, accounts, credit cards and other private financial matters use a separate e.mail account. Don’t share these with anyone else.
Okay, the reason why I’m advising on separate e.mail accounts for your most personal things is because even if they are hacked at least you wont have all your eggs in one basket. So if you keep things separate you are more likely to have some damage control in the worst case scenario.
Now let’s move on to passwords. I am the type that uses the same password for everything as I find it hard to remember different ones. While it seems the best thing to do, it really is a big risk. An easy way to get hacked is to give a site your e-mail address and then use the same password at that site. The same goes if you use the same user name and password at two or more sites. If the site does not encrypt the password, then there is a huge problem. Anyone who works for the site and has access to this information (or gains it) now has everything they need to log-in to your account. While most sites protect passwords, there are still ways for employees to get it. Attacks from within a company are actually the most common. At the least, use a different password for your e-mail account than everything else.
Your password must always include numbers and letters of no sequence.. like 123456.. always jumble them up… I find it easy to use a word and then add numbers .. here is an example…
now the numbers can be the last four digits of a mobile number or a date that you will remember always… or you can put numbers in the word.. whatever you do… make sure it’s not something anyone can easily guess.
Now let’s talk about your e.mail security questions. Remember to apply the same rule to your answer… because if someone knows you personally they will be able to answer your security question no problem. So always mix up your answer with some numbers and extra letters. Even then if someone knows what street you grew up on or where your mother was born, they wont have the exact answer.
Always set up alternate email accounts and make sure they are secure too.
A recovery e-mail account is a method a lot of systems use to help you get back into an account that you have lost the password for. This could be for a site like Facebook or for another e-mail account like Gmail. The idea is simple. You ask the site to send you your password (some will just reset it). The site says: “Sure, it’s been e-mailed to you.” As long as you have access to that other account, you are just fine and dandy.
Check your recovery e-mail account every three months or so. If you do not, the account may be deleted. Someone else can now claim it. If someone claims that account accidentally and you reset your password, then you just lost control of your main account. If it was on purpose, then the next step is to simply go through the password recovery process.
My advice is to check this account before reading any further if you have not done so recently. This is the one tip that I found I had not followed when I heard about it. Fortunately, I grabbed the accounts back before someone else did.
Also most sites now as you to register your mobile with them so when you are in the recovery process they can just send you the code. My suggestion is to apply everything to your account if they options are there to do so. So even if let’s say you can’t access your recovery email address you can use one of the other methods, security question or email recovery.
While most of this stuff is common sense, we always think it wont happen to me but you just never know. So always be safe and be aware!
- Have Your Users’ Passwords Already Been Hacked? (informationweek.com)
- Passwords: uniqueness, not complexity (erratasec.blogspot.com)
- Hack Attack (sohoaccessories.com)