How to elude Rus­sian hack­ers with de­cent pass­word se­cu­rity

The Denver Post - - LIFE & CULTURE - By Mae Anderson

new york» De­tails from the Depart­ment of Jus­tice in­dict­ment of Rus­sian hack­ers on Wed­nes­day show that many peo­ple are still not tak­ing rou­tine pre­cau­tions to safe­guard their e-mail ac­counts — and hack­ers are ex­ploit­ing that.

The Rus­sian hack­ers didn’t have to work very hard to break into peo­ple’s e-mail ac­counts, even those be­long­ing to gov­ern­ment of­fi­cials or pow­er­ful ex­ec­u­tives. Here’s a look at a few sim­ple ways to help safe­guard your e-mail ac­count from hack­ers.

Don’t re­use pass­words

Many on­line break-ins re­sult when peo­ple have reused a pass­word across, say, their email, so­cial and fi­nan­cial ac­counts. If it’s com­pro­mised at any one of those ser­vices, the oth­ers are sud­denly vul­ner­a­ble.

One sim­ple way to avoid this prob­lem is to start with a base pass­word you can re­mem­ber, and then add on let­ters and num­bers that ref­er­ence where you’re us­ing it. If your base pass­word is “great­surfer2017” (which isn’t par­tic­u­larly se­cure; more on that in a mo­ment), you could make “great­surfer­2017Y” your Ya­hoo pass­word, and “great­surfer­2017G” your Google pass­word.

If you can’t be both­ered to do more, this is a base level of se­cu­rity that can help shield you from the most ob­vi­ous threats. But it’s only a baby step.

Pick a stronger pass­word

You can make things harder for at­tack­ers by mak­ing your base pass­word stronger. The more com­pli­cated and lengthy a pass­word is, the harder it will be for hack­ers to guess.

The down­side: Tougher pass­words are also harder to re­mem­ber. But there are some ways around that.

Don’t in­clude your kids’ names, birth­days or ref­er­ences to any other per­sonal de­tails. Hack­ers rou­tinely troll Face­book and Twit­ter for clues to pass­words like these. Ob­vi­ous and de­fault pass­words such as “Pass­word123” are also bad, as are words com­monly found in dic­tio­nar­ies, as these are used in pro­grams hack­ers have to au­to­mate guesses.

You can make your own strong pass­words with ran­domly cap­i­tal­ized non­sense words in­ter­spersed with num­bers and char­ac­ters — like, say, “giLLy31!florp.” (Just don’t use that one now that it’s ap­peared in this story.) So long as you’re mak­ing up the words your­self, these are dif­fi­cult for hack­ers to crack — and they’re eas­ier to re­mem­ber than you might think, though you might want to prac­tice them a few times.

Have your pass­words man­aged for you

Of course, you can make things eas­ier on your­self by us­ing a pass­word-man­ager ser­vice such as LastPass or Dash­Lane, which keep track of mul­ti­ple com­plex pass­words for you. Some web browsers such as Ap­ple’s Sa­fari and Google’s Chrome also have built-in pass­word man­agers; these work if you switch de­vices, but not if you switch browsers.

Af­ter you cre­ate a strong pass­word for your pass­word man­ager, it can cre­ate ran­dom pass­words for your other ac­counts — and will re­mem­ber them for you as well.

“It’s more se­cure and it makes your life eas­ier,” said Jamie Win­ter­ton, di­rec­tor of strategy at the Global Se­cu­rity Ini­tia­tive at Ari­zona State Univer­sity.

Multifactor au­then­ti­ca­tion is a must

The next line of de­fense is two- or multifactor au­then­ti­ca­tion, which asks users to en­ter a sec­ond form of iden­ti­fi­ca­tion, such as a code texted to their phone, when they log in. It’s now com­mon­place for many e-mail and so­cial me­dia ac­counts. That way, even if hack­ers man­age to get your pass­word they still need your phone with the texted code.

“Hav­ing an­other way for that ac­count to say ‘Hey, is that re­ally you?’, and give veto au­thor­ity is re­ally im­por­tant,” Win­ter­ton said.

Key­words mat­ter

Ac­cord­ing to the in­dict­ment, the Rus­sian hack­ers searched e-mail ac­counts for key­words like “pass­words” to find peo­ple’s pass­words for other ac­counts. They also searched for “credit card” ”visa,” among other terms. So think twice be­fore you use com­mon key words that can serve as a road map to sen­si­tive in­for­ma­tion for hack­ers. And don’t save pass­words in old e-mails.

“There’s not one sin­gle thing out there that can keep you per­fectly safe,” Win­ter­ton said. “But there are a lot of dif­fer­ent things out there that can keep you al­most per­fectly safe.”

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.