A couple of recent posts on identity theft, card readers on gas pumps, and break-ins to the computer systems of large companies has prompted me to finish writing up my thoughts on how you can increase the security of your credit cards and on-line transactions.<\/p>\n
Summary for those who don\u2019t have time to read the whole thing. Crackers are not targeting you. They are looking for the low-hanging fruit and it\u2019s not that hard to make it not worth their time to mess with your accounts.<\/p>\n
1. Change your password on your email and all bank accounts, brokerage, phone plans, etc. to have at least 13 characters\u2014upper, lowercase, at least a few numbers, and few special characters. <\/p>\n
2. Use a different email address for your financial accounts than you use for general email.<\/p>\n
3. Do not ever re-use the same password. It\u2019s not as hard as you might think to have a different password for each site. For example, I have a generic password for sites that don\u2019t have any financial information and I just prefix it with the first two letters of the site. Since lots of sites have two word site names, I use the first letter of each word. So BeachTalk is BTbazmarle! The ‘word’ in the middle isn’t a dictionary word (or words) or something that pops up on Google. Make the password 9 letters or more.<\/p>\n
Here\u2019s a simplified version of what crackers are doing. Crackers sometimes break into sites and steal the entire password file. If the site has even rudimentary security the passwords are encrypted\u2014but surprisingly enough not all sites do this. But even if they are encrypted, computers are fast enough now that they can compare the encrypted passwords to a ‘rainbow table’ of encrypted passwords and decrypt them. Basically, they can compare the password to all possible combinations of letters, numbers, and symbols. At the moment rainbow tables are easy to construct for 8 character passwords. It\u2019s basically impossible to construct rainbow tables for 13 characters. Longer passwords are still subject to dictionary attacks, so you don\u2019t want to make a password by combining two dictionary words. <\/p>\n
The first thing they’ll do when the get the passwords is try to use them to log in to banks, Amazon, Best Buy, etc. Many people use the same email and password for all their logins, so they get a lot of logins for places they care about from small sites that aren\u2019t secure. My server gets thousands of break-in attempts every day and I don\u2019t have anything worth stealing. I can\u2019t even imagine how many attempts that sites with millions of users get.<\/p>\n
Unless you are someone famous, you don\u2019t have to worry about using things that you know as your password. So you can use the initials of your family for the first four letters, JMJD, then append one or two made-up words that you can remember\u2014maybe you fly a TSIO Bonanza, tsiobonan, your street address is 874 and your the special characters corresponding to your birth year are %&. So your easy to remember password is JMJDtsiobonan874%&<\/p>\n
If you use a laptop, don\u2019t let the computer remember your passwords for financial sites. You should write them down, but don\u2019t keep them in your wallet.<\/p>\n
Now, here\u2019s why you want a separate email address for your financial accounts. I have a different one for each of my accounts. If I get an email sent to john@LF about my bank account being overdrawn, or a shipment has been made, I know it\u2019s a fishing attack. If I get an email to BofAJohn@LF then I am fairly confident that it\u2019s legit. But that\u2019s not the main reason I use a different email. Most sites will let you change your password if you forgot yours by requesting a new one with an email. Once someone has your email address and can log in to your account, they\u2019ll start requesting a password reset everywhere they can think of. Banks are getting better at requiring another authentification factor, like your favorite candy, but not every site does this. If your bank has an email address that you only use for them, crackers won\u2019t be able to reset the password.<\/p>\n
Spammers will pay for cracked accounts. I\u2019ve gotten spam from people who have had their Yahoo, Hotmail, or Facebook accounts hacked. Outright thieves will pay for other accounts. Cracked iTunes accounts are worth $8, AT&T and Verizon accounts are worth $4 and Twitter and Facebook are worth $2.50.<\/p>\n
These techniques won\u2019t stop the NSA, Rupert Murdoch, or someone who is targeting you specifically, but will make it less likely that some random cracker will get your info.<\/p>\n","protected":false},"excerpt":{"rendered":"
A couple of recent posts on identity theft, card readers on gas pumps, and break-ins to the computer systems of large companies has prompted me to finish writing up my thoughts on how you can increase the security of your credit cards and on-line transactions. Summary for those who don\u2019t have time to read the … Continue reading Password Security<\/span><\/a><\/p>\n","protected":false},"author":6,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16],"tags":[],"class_list":["post-1699","post","type-post","status-publish","format-standard","hentry","category-computers"],"_links":{"self":[{"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=\/wp\/v2\/posts\/1699","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1699"}],"version-history":[{"count":0,"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=\/wp\/v2\/posts\/1699\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1699"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1699"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1699"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}