This article has been published in My Paper, 9 November 2012
Seven Ways to Stump Hackers
by Nicole Perlroth - The New York Times
It's absurdly easy for one's computer to get hacked. All it takes is clicking on one malicious link or attachment. Hackers regularly exploit tools like John the Ripper, a free password-cracking program that uses list of commonly used passwords from breached sites anda can test millions of passwords per second.
Chances are, most people will get their computer hacked at some point. The best you can do is to delay this by avoiding suspicious links, even from friends, and manage passwords better.
But how you do possibly come up with different, hard-to-crack passwords for all your news, social-networks, e-commerce, banking, corporate and email account, and remember them all?
Here are tips from network-security experts Jeremiah Grossman and Paul Kocher on keeping your information safe.
Come up with A Pass-Phrase
A password should ideally be 14 characters or more in length if you want to make it crackable in less than 24 hours. As longer passwords tend to be harder to remember, consider a pass-phrase, like a movie quote and string together the first one or two letters of each word.
Ignore Security Questions
There is a limited set of answers to questions like, "What is your favorite color?" and most answers to questions like "What middle school did you attend?" can be found on the Internet. A better approach would be to enter a password hint that has nothing to do with the question. For example, if the security asks for the name of the hospital you were born in, your answer might be: "Your favourite song lyric".
Store Passwords Securely
Mr Grossman stores his password file on an encrypted USB drive for which he has a long, complex password that he has memorised. He copies and pastes those passwords when logging into accounts so that, in the event an attacker install keystroke logging software in his computer, he can not record the keystrokes to his password.
A Password Manager?
Some password-protection software will create strong passwords for you and automatically help you log onto sites, as long as you provide one master password. But Mr. Kochers said he does not use such software because even with encryption, it still lived on the computer itself. "If someone steals my computer, I've lost my passwords", he said.
Use Different Browsers
Mr Grosman makes a point of using different web browsers for different activities. "Pick one browser for 'promiscuous' browsing - online forums, news sites, blogs - anything you don't consider important," he said. "When you're on online banking or checking email, fire up a secondary web browser, then shut it down".
That way, if your browser catches an infection when you stumble into a malicious site, your bank account will not necessarily be compromised. As for which browser for which activities, a study last year by Accuvant Labs found Chrome to be least susceptible to attacks, among browsers including Mozilla Firefox and Microsoft Internet Explorer.
Share Cautiously
Whenever possible, Mr Kocher will not register for online accounts using his real email addres. Instead he will use "throw-away" email addresses, like those offered by 10minutemail.com. Users register and confirm an online account via such an e-mail address, which self-destruct 10 minutes later.
Just Jam on Your Keyboard
For sensitive accounts, Mr Grossman said that instead of a pass-phrase, he will randomly jam on his keyboard, intermittenly hitting the "Shift" and "Alt" keys, and copy the result into a text file which he stores on an encrypted, password-protected USB drive.
