|
Recently someone hacked into Twitter's corporate networks by “guessing” an employee's password. You'd be surprised to know that he used a very simple method that can be used by anyone with some basic personal information about the individual being hacked. This means that all of us are vulnerable to hacking, and need to take steps to reduce our risk.
How Did He Do It?
In the case of the Twitter, the hacker started gathering information about his target users by various means, finding their address, date of birth, place of birth, parents’ names, dog’s name, etc. Getting this information is simpler than you might think. You can find almost anyone’s address by doing a simple search online, and similarly date and place of birth can be found easily on social networking sites like MySpace, Facebook, etc. Also by knowing the user’s email address, you automatically know their e-mail host. For example, if their e-mail address is forexample@hotmail.com, it’s obvious that they have an account with Hotmail. Then it’s a matter of going to Hotmail, going through the “Forgot Password” sequence, which asks you for some personal information, like your place of birth, your pet’s name, etc.; and if you get those questions right, you get to assign a new password and have access to the user’s e-mail box. All you have to do now is look through the e-mail box for various account registration e-mails and find the common password the user uses. Since most people use the same password for most of their accounts, it’s then easy to log into their bank, credit card, and other account by simply using the same username and password.
I realize these steps may seem confusing to some, but they’re rather simple to figure out for someone with decent technical knowledge and some patience. So how can you prevent being hacked?
Security Question Tips
Don’t make your personal information available on public sites, even if they’re shared with a small group of people like your friends, coworkers, etc. You never know when someone may have ill intentions! As nice at it is for people to send you wishes on your birthday, the potential risks of misusing the information is too serious to ignore. Where you live, where you were born, your parent’s names, your pet’s name, and many other innocent information could certainly be used against you if fallen into the wrong hands. So share as little as possible with as few people as possible.
Choose security questions with hard to guess answers when configuring your password recovery settings. Most online accounts allow you to pick personal questions for password recovery. They usually offer several questions, and some even let you type in your own. Choose questions the answer to which are not known by many people. So your pet’s name or where you were born are not good ones, since they could be listed on your public profiles or could be easily guessed by people that know just a little bit about you.
Don’t use the same username and password for all your accounts. One idea would be to use different passwords for different groups of accounts. For example, use a high-security password (with combination of letters, numbers and special characters) for financial accounts, then a medium security password for your main e-mail account and your social networking accounts. Of course, the more varied your passwords, the less likely for someone to get into all your accounts.
Save your username and password information in a secure place. Don’t use your e-mail box or your smartphone for storing your passwords. Instead either keep them on a paper log in a safe place in your home, or use a password management program to store them electronically. There are several free and for-fee options for password management such as eWallet, KeePass, and Password Safe. By using such software you can have as many different passwords as your accounts, without having to remember them. You just have to remember one password, and that’s the one for the program. Some of these programs also allow you to store your information online, on your smartphone, and your computer so you can access them anytime while still keeping them safe.
As our lives become more digital, we move further towards sharing more information with others, and having easier access to our own information. But like everything else in life, there is a price to pay, and that is to make sure our privacy & security is maintained.
|
