It seems to me that people do not pay much attention to the passwords they use for things like banking, email accounts, Facebook accounts, amazon account etc.  First rule of thumb is do not trust anyone, meaning the site/company you’re dealing with to protect your password.  Companies get cracked all the time, they are exploited via malware which is mostly because someone in the organization opened an email attachment, clicked on a link or went to a website without really looking or knowing what they are doing.  All it takes is one user to set off that “bomb”. Once that “bomb” is set in motion all bets are off and passwords can be cracked and you, the user can also be exploited.  It happens all the time.

Education is your best friend regardless if you work in a business, where you have access to a PC and the internet (most of us do) or you’re a home user.  It doesn’t matter, awareness of what you are doing makes all the difference in the world and can save you from the headache of being hacked.

Being in IT for almost 20 years, I’ve heard it all.  The usual excuses range from “I don’t have time to really look at my emails because I get so many of them so I just skim them and do what I can”. “I can’t remember all those passwords so I try to make them as short and as simple as possible”.  “I clicked on that link because it popped up and it said it would clean my PC”

Well, in the two to five seconds it took you to ignore the rules, it might have just cost you hundreds of dollars, your identity stolen and your accounts hacked.  If something is too good to be true it’s just not true.  Why would suddenly coupons appear for $75-$100 discount for a store on Facebook?  Well the simple answer is because users are so gullible!  They want to believe that this is going to save them money if they simply click here and install the hidden software attached to this stuff; that’s what these people are hoping for.  In the five seconds it takes you to share that coupon for $75 from your favorite store, that cracker on the other end might have just gained access to your Facebook account, your email account and perhaps your banking information.  Is that worth it? No! If you just took the 2 minutes to really think about it you’d realize it’s just a scam.  So you might be thinking, “Well how will I know when something is real then?”  Short answer is treat everything like it’s a threat – doing that probably will protect you from being hacked.  Also consider this… If you use the same password for your on-line banking, your retailer accounts and other on-line things then once your password is discovered everything you do on line is virtually lost!  The criminal will have access to it all and believe it or not, most people use the same passwords for everything.  This is a big no-no!   You’ve basically given the “keys to the kingdom” to the criminal that cracked your password.  Use different complex password for all your different accounts.

Without getting to technical I will try to explain passwords and the need for complexity in them and why you should always maintain long complex passwords for everything you do on line and in business.  First thing to understand is the longer and more complex your password is, the harder and longer it is for a cracker to steal.  That doesn’t mean you should use 100 letter passwords you can’t remember. It simply means using passwords like password1 PassW0rd1 or even P@ssw0rd will not protect you at all.  Using your birthday for example 32356abc will not help you either.

The reason for this is the following. When a hacker/cracker for example cracks a company like a bank or for example, an on line retailer they gain access to their network.  This gives the cracker access to things like servers and databases.  All passwords are stored on a server in a database.  Basically when you type your password it gets compared to what’s in that database and if it matches you are authenticated and allowed access to whatever you’re trying to reach.  So if a cracker gains access to this database they can simply steal the database, download it to their own machines and run tools to crack your passwords. And believe me there are many tools to crack passwords.  The shorter and easier your password is, the easier it is for that criminal to crack it.  (Think about what happened to Sony.  Most likely someone within the organization opened an email that was sent to them with some type of attachment, they opened it and set off that “bomb.  This cost Sony millions not to mention the embarrassment of publishing emails.  It was so simple for the crackers to do this.)

These programs look for things like asdfghjkl (which is the second row of letters on your keyboard), or password (any variation of that), birthdays etc.  These programs are set to look at dictionary words, combinations of letters and numbers and even dates in order to obtain your password.  The longer and more complex your password is the harder it is for that program to obtain it.   That’s a simple as I can make it. So, if a person is using for example the password – P@ssw0rd1;  it will probably be stolen within the first five seconds of the program, but if the user has a complex password for example MyCh1|dr3n@! Which is more complex or My1$tb0Rn1$@b0y! It’s going to take much more time and money on the criminal’s part to figure out what that password is.  If you look at the 2 passwords I just created they are actual phrases the 1^st one is my children @1 the second one is my 1^st born is a boy!  All I did was take a phrase I can remember and mix it up with letters, numbers and special characters.  Doing things like this will make it much harder for the cracker on the other end to decipher what your password really is. I’m not suggesting this is 100% full proof because honestly nothing is, but the more difficult/complex you make it the harder it becomes for that criminal to steal your password.

What I want you the user to understand is that it’s basically up to you to protect your information and identities on the internet.  Being aware of what you’re doing, slowing down and thinking before you open that email and click on that attachment and going to that website and installing something that says it will clean your PC is just not a good idea.

Lastly, these criminals are getting smarter, they have ways of even misidentifying themselves on the phones, they can spoof caller ID so for example say you get a call from someone claiming to be from a technical company and they tell you that your PC is infected with a virus and they will for Free remote in and clean it. Well looking at the caller ID perhaps that is a real caller?  Really?  How in the world would anyone know on the outside that your computer is infected with a virus? The answer is they would never know and you should not fall for that.  Once you give that person on the other end of the telephone access to your PC they will have access to your mail, banking information and anything else you may do on line.  My advice is to hang up that phone.

I hope you follow these simple tips for safety on the internet