It happened again yesterday.
I received a message from a friend “I’ve been hacked, please don’t accept any friend invitations from me.” I don’t blindly accept invitations to connect anyway; I typically check them out to make sure that they are legit and will be worthwhile connecting with. High on my list are people who share their learning.
This was a typical case of a new account set up with no content shared and, sadly, a bunch of people who had accepted the invitation. I’m not a genius by any stretch of the imagination but even I could smell that something wasn’t right.
A nice discussion about “How to Hack” can be found here. Hacking used to be a noble? venture where someone sits down and finds flaws in the logic in the computer. These days, the flaws are typically those who operate the keyboard.
Passwords and I go back a long, long way. I recall getting my first password at university along with the advice to treat it as gold. Usually, the default password was your student number and you were encouraged to change it immediately. An update at some point forced you to change it upon first login to the system. There was one system, I recall, that you couldn’t change your password yourself but you had to book time with a system administrator to do the deed.
The first computers in school had probably the best security ever. Nothing was stored on the computer but rather on a cassette or a floppy disk that you kept with you. Someone would actually have to access to your gym bag or back pack to hack you.
The first central server that appeared in my classroom was the Unisys Icon system. There was a central server and a hard drive to store everyone’s work. Your account was secured by a login/password. But, kids are kids and it wasn’t uncommon for them to glance at the person next to them to watch them type their password and gain access that way. I also remember some pretty smart programmers who wrote a program that emulated the login screen, captured the details, and redirected it to a file in their own directory. At one time, they grabbed the administrator’s password which gave open access to the system and the master password file was straight forward ASCII which gave them access to everything. Gasp.
These days, your personal computer is probably set up with your own login/password and then you’re connected to the internet where public services are secured by login and password. That’s where it gets serious. It may not be family members or students in a school but anyone anywhere on the internet that you need to be wary of.
Right now, I know about a couple of passwords and the rest are stored away in a password manager. Today’s browsers typically have that function built-in or you can add a third party manager that encrypts and stores passwords on the web somewhere for you.
Everyone seems to have advice about how to create secure passwords – here’s Microsoft’s recommendation. Sitting down and actually creating such a password isn’t an easy thing! A good password manager can help with that task.
A list of available password managers can be accessed here.
That’s a great place to start but there’s another step that will make things even more secure and that’s two factor authentication. There are a number of different ways to implement this and it boils down to a second step beyond just a login and password. That’s pretty much the most secure thing for home users these days. It’s kind of a pain to set up and use but you have the comfort of knowing that as long as you have that second piece of information with you, someone else doesn’t.
In all cases, the same old good advice still applies. Change your password frequently – sometimes the bad guys get it from other places and you’re out of the loop.
And, if your computer is in a public place, having your login and password on a post-it note stuck to the screen is never a good idea.