April 2014, the internet world discovers the wide “Heartbleed” security bug. Recommandation is to change all your passwords. Take advantage of Heartbleed by choosing better passwords :)
When we think of computer security, security software like antivirus, firewalls immediately come to mind. Actually, we forget that one of the root causes of hacking is… you!
Prevention is better than cure.
You know that old saying, because it can apply to your computer habits as well.
A good security starts with a good password
- Use a different password for each application you are using. At least, if someone finds out your Facebook password, he won’t be able to connect to your Twitter account.
- Currently, many websites (even some famous ones) don’t encrypt passwords of their users. Who has not received an email including a password reminder?
One might say: hooray, that’s great, I will be able to recover my password easily in case I forget it. Actually, it would be better to think: hum, if my email gets hacked, the hacker will get this password, especially it means that my password is somewhere in plain language in a database. It also means the administrator or other people can see it (and imagine if the website gets hacked).
Unfortunately, the problem is not on your side, but again it is a really good reason to have different passwords.
- Your password must be neither simple nor logical. A date of birth, the name of your pet or one of your children, a word taken from the dictionary… Avoid all of these! Mechanisms like brute force attack (i.e. trying all combinations to find out the password) will eventually find it in a short amount of time (hardware is very powerful now). Therefore, I advise you to choose a password not too short and containing a mix of uppercase, lowercase letters and numbers. Of course, a complex password is great but if you have to write it down on a post’it to remember it, that’s not the right solution either. You have to strike a happy medium.
- When it is possible, use advanced authentication strategies. For example, it can be a confirmation code sent on your phone. This kind of service is usually proposed by largest software companies such as Google or Facebook.
A good security also requires common sense
- Avoid to connect to public Wi-Fi networks and other free hotspots. This is especially true when you connect to unsecured services. Insecure means that data exchanges are not encrypted. You can easily identify secure services when they are using the ‘https’ prefix in the URL (the ‘s’ is important), hopefully the most popular applications support it.
Why? A bad guy can listen to the network and collect all the exchanged data (thanks to a sniffer), the bunch of data is difficult to read at first sight, but an expert will be able to isolate any useful information. In the case you are searching for kitten videos on YouTube, you will not care a lot, but if you are logging in to an application through an unsecured form, I guess it will be more annoying…
- When you download your software, always take a look at the download URL.
For instance, if you want to download the latest version of iTunes, go systematically on the Apple website, avoid generic websites such as downloadfreesoftwares.com (I will not be surprised if this website exists). First, use publisher websites. Ultimately, use famous and trusted download websites.
- Same thing when you are using an online service, make sure it can be trusted before you register and provide your personal information.
- Pay attention to your emails. Especially when you receive strange ones that could not be identified as spam by your email software.
Just yesterday, I received an email from the French tax department to inform me about a refund of 178.20 euros due to a mistake. The email was so real (no misspelling) that I thought it was good news. When I clicked on the link, I realized there was something wrong. It was not the usual website URL of the French government, and above all I needed to enter my credit card information. This is clearly a phishing attempt: a fake page with a classic form that reproduced exactly the official website (design interface, header, footer and so on). It’s really easy to fall into the trap.
- One last tip, update your software and applications when new updates are available. It can be your browser, its plugins, any installed software… or even your blog’s engine (if you have one, I use WordPress that is updated several times a year).
Every day, security vulnerabilities are discovered and corrected. A security glitch is usually (at least when it is a big one) published in the press, it becomes a door left open for hackers. I do not want to scare you, but remember it!
Every day if you follow these advices and are vigilant, you should avoid any kind of virtual trouble! At least, you cannot say that nobody warned you!
I realize I have denigrated cats a little bit in this article, I hope they will forgive me…