Stay Secure whilst on te'Net

With a number of issues I've seen recently (sorry to say it's at work), and the massive amount of web pages and games that we end up using on a day to day basis, I think it's safe to say that people need to be a bit more careful out there, and the simplest way to do that is with choosing passwords, and not giving out too much personal information.

Yes, there's other ways, especially for the tech savvy (like: noscript and adblock plus for firefox, Comodo firewall, running an anti virus program like Avast... and all of those I've just mentioned are free for home use).

Consider things that you plug into your computer as potentially unsafe too, don't let people change their iPod on your computer unless you trust them.. Is this being overly paranoid? Maybe, but you don;t actually know where that iPod's been (the friends I know seem to be practicing safe sex, perhaps you should start treating your computer the same way too!)

Take personal information on places like myspace and facebook (yes, I'm guilty here too). You've seen the "find friends by typing in your email username and password, and we don't store your password"... It sounds great, but don't, really, don't. No, they're not lying, they don't store your password, they just take all of the people you've ever emailed, and been emailed by, and keep them, so they can suggest friends later. Now, maybe you want to be friends with 100% of your contacts (really?, you do... wow, go you...). OK, perhaps facebook and myspace do a good job of safeguarding your info (ummm.... ok, I'll drop some of my paranoia and try and get to that..), but anywhere else, it's not worth the time you save, really.

Hell, wait till those friends invite you, rather than being the one to add all your friends first. This is like kids and cell phones, isn't it? "Must have the most friends to be cool". My response to that, from the Cub is "Cool: Constipated Overrated Out-of-style Looser".

We don't have one key for the house, car, work, mailbox, etc... So why do people still use the same password for everything. Think about the worst case here; there could be a tech guy who can see that password (yes, they should be encrypted on their database, but you are still trusting your data to a third party individual).

"But passwords are hard to remember". OK, I agree, they can get out of hand (I lost count of the amount I have, I suspect for work its 400+). There is no way *I* can remember them all. Thats why there are programs like Keepass: http://keepass.info/ you protect a database you own, on your computer, with a password (a GOOD password), and then can access any password. It can even generate passwords for you.

Yes, it's a little more work to get into paypal now (which you have attached to your bank account, right? don't you think it should be difficult to guess that one?).

Some people (and I've run into this at work too) think that their password for their email isn't important: "Peh, I don't have too much in there, whatever...". But, wait, where is the "reset my password" button going to send an email to on your paypal account?. They are all important. I have no problem someone reading my email, if I'm there, and as such, my email password stays with me. There should never be a need where you need to give someone your password.

I have seen occasions where someone posting from someone's account is funny, but it usually ends up causing someone pain.

If you also use different passwords for different systems, then someone finding out one password, doesn't give them the keys to your kingdom.

Also, watch out for the twitters, and the facebook/myspace pages that ask about "whats your favorite teacher", or "post your porn name by typing in your pets name, and the first street you lived on". These questions can be used to get the answers to those secret questions in order to reset your password.

So how *do* you choose a good password. If you use keepass, then after that initial password you could say all others are random with collections of A-Z, a-z, 0-9 with some of %$#@! in it.. I've heard people use song lyrics with different case, replacing letters.

And, if you must MUST write it down, and keep it in your wallet (along with the social security number card you've got there), try to leave the start off it, or the end, or add something to the start or end, with other words. Just don't make it easy for people.

Last thing is to know that if you think there's a slight chance that someone has seen you type your password, change it; Every system gives you the ability to change your password. Its not a bad idea to change passwords after you've been on a public computer (as you don't know what software is logging your key strokes), or if the application does the ol' "password: ********" in the box (don't think that this protects you, there IS software that takes away those stars.. If it's your home computer, I wouldn't worry, but a works or library computer is different).

I had a sales guy ask me if the techs could see what he was doing. The simple answer is to assume YES, that way you're not going to enter passwords you're not prepared to loose control of.

If you've used a password for more than 6 months, think about changing it. This goes for your Wireless/wired routers, and the wireless keys as well (wouldn't you choose to change your locks if you lost the key to your house?)