by D.B. GradyHave a technology-related question, or advice for other users? Email me at tech@timessw.com
When they come for your money, they won't break into the bank. Online identity thieves are too smart for that. They're gambling that you use the same password for every website. Why attempt a break-in on a guarded, highly encrypted financial site when they can steal your password from the fly-fishing forum you frequent?
Passwords are the great annoyance of the Internet. (Well, one of the great annoyances. I still can't get the "peanut butter jelly time" song out of my head.) Major players in the web industry have attempted to unify logins through such initiatives as OpenID and Passport, but have fallen short in the kind of ubiquity required for such programs to succeed. In the meantime, users are forced to remember countless credentials for a never-ending array of sites. As a result, they have fallen into dangerous practices.
A few simple security guidelines can go a long way toward a safer Internet experience. The first, most important rule is: never repeat a password. Your bank and email and Amazon accounts should have unique and varied passwords that cannot be guessed by personal knowledge. (That is to say, if you are a dog breeder, "puppy1" is a bad idea.) Passwords should be changed regularly, and should always increase in complexity, with greater creativity than adding the trailing digit plus 1. A strong password utilizes case, numerals and punctuation. There are 101 keys on a standard keyboard. Use them. "Madden-09" is an improvement on "football," but "09(mAddeN" is even better).
Never give your password to anyone for any reason, ever. A common online scam involves third parties claiming to be with technical support, emailing users and asking for their log-in information. Assorted reasons are given. Sometimes it is to "verify accounts." Sometimes it is to "renew subscriptions." But the reasons are always a lie, and the results are always the same. Once they've got your password, they've got your identity.
There are several programs and websites designed to help you track multiple passwords. Passpack is a free online credential manager that utilizes a government-approved encryption algorithm for maximum security. Because it is web-based, it can be accessed anywhere (Passpack: http://www.passpack.com).
Roboform is an automated tracker that installs to a computer or thumb drive, and remembers passwords as you type them. In addition, it will generate a strong password if you're stumped, and fill in password fields automatically when a site is revisited. Stored information is protected with encryption up to 256-bits, which would take a hacker the better part of two centuries to crack by brute force. Because it can be installed to a USB thumb drive, it can be taken with you and used on any Windows-based computer. Roboform costs $29.95, with a 30-day free trial (Roboform: http://www.roboform.com).
Mobile phones are an excellent place for password storage and management, provided the data is encrypted. iPhone users can take advantage of mSecure, a native application that stores not only passwords but also credit card, banking information and even clothing sizes. Data can be traversed with the iPhone's trademark "swipes," or sorted and searched by site and type. MSecure is available on the iTunes App Store, and runs $2.99 (mSecure: http://www.msevensoftware.com/msecure.html). SplashID offers Blackberry, Palm, and Windows Mobile users an application that provides all of the features of mSecure, as well as password generation. A companion desktop client allows for easy data entry and synchronization. SplashID costs $29.95, with a 30-day free trial (SplashID: http://www.splashdata.com/splashid).
Identity thieves want your money, and they know how to get it. Until unified credentialing services like OpenID proliferate across the web, it's up to you to stay one step ahead of the game. Strong, varied passwords of mixed case and special characters go a long way, so long as you keep the passwords secret. And because nobody should suffer alone, it's peanut butter jelly time! (http://www.albinoblacksheep.com/flash/banana)
Have a technology-related question, or advice for other users? Email me at tech@timessw.com
No comments:
Post a Comment