As a “retired” hacker, I have some suggestions on the matter of basic security easily implemented by the average internet user.
First and foremost, WORDS ARE HORRIBLE PASSWORDS
This is how you avoid your passwords being cracked by a simple dictionary attack (which can break word based passwords sometimes in seconds):
- Think of an entire sentence, or phrase
- Reduce it into the first letter of each word
- Then add a date that is significant to you, but not actually attached to you, (so not your or your spouses or your parents’ or grandparent’s birthday)
- Alternate one letter of that anagram with a symbol such as @ or $
Have all your security questions be BLATANT LIES
Say that your first car is a 1979 Toyota Prius, or that your mother is Cleopatra, that your high school was the Sparta School of Floral Arrangement — something easy for you to remember but that someone Google-checking you won’t come up with. (Seriously, the first thing most people trying to break into an email account do is try and figure out your security questions using records accessible by Google.)
This is kind of a good one, but hard to do nowadays with some sites — do not use your real name for accounts
The people that know your real name will already know it, and the others can be told if you feel it is appropriate or relevant. Change your age or birth year by one year. If the service requires locational data, mark yourself as one county over. Skew the data a bit.
Do not use your actual credit card or debit card online
Paypal is easy even for novice internet users, and almost everyone who accepts Visa or Mastercard or Discover will accept Paypal. It adds an extra level of separation, and an extra level of monetary insurance. Paypal insures all transactions on their network, as does the credit card or bank or credit union you use to tie those payments, so it’s like double insurance. Moreover, Paypal’s encryption and SSL securities actually tend to be somewhat stronger and more robust than Visa or Mastercard or your local bank branch.
Run a virus scan AT LEAST once a month
I recommend Malware Bytes. It’s one of the most comprehensive scans on the market, it’s updated by the Linux community, and it’s 100% free. I run one once a week personally. You can schedule most any scanner to run a scan at a predetermined time. I prefer to have mine set for a time when I’m at work.
Okay, hackers, internet security specialists, and savvy Homies… what are YOUR security tips? Or important things you’ve learned after the fact.