Not long after I began writing about cybersecurity, I became a paranoid caricature of my former self. It’s hard to maintain peace of mind when hackers remind me every day, all day, just how easy it is to steal my personal data.

Within weeks, I set up unique, complex passwords for every Web site, enabled two-step authentication for my e-mail accounts, and even covered up my computer’s Web camera with a piece of masking tape — a precaution that invited ridicule from friends and co-workers who suggested it was time to get my head checked.

But recent episodes offered vindication. I removed the webcam tape — after a friend convinced me that it was a little much — only to see its light turn green a few days later, suggesting someone was in my computer and watching. More recently, I received a text message from Google with the two-step verification code for my Gmail account. That’s the string of numbers Google sends after you correctly enter the password to your Gmail account, and it serves as a second password. (Do sign up for it.) The only problem was that I was not trying to get into my Gmail account. I was nowhere near a computer. Apparently, somebody else was.

It is absurdly easy to get hacked. All it takes is clicking on one malicious link or attachment. Companies’ computer systems are attacked every day by hackers looking for passwords to sell on auctionlike black market sites where a single password can fetch $20. Hackers regularly exploit tools like John the Ripper, a free password-cracking program that use lists of commonly used passwords from breached sites and can test millions of passwords per second.

Chances are, most people will get hacked at some point in their lifetime. The best they can do is delay the inevitable by avoiding suspicious links, even from friends, and manage their passwords. Unfortunately, good password hygiene is like flossing — you know it’s important, but it takes effort. How do you possibly come up with different, hard-to-crack passwords for every single news, social network, e-commerce, banking, corporate and e-mail account and still remember them all?

To answer that question, I called two of the most (justifiably) paranoid people I know, Jeremiah Grossman and Paul Kocher, to find out how they keep their information safe. Mr. Grossman was the first hacker to demonstrate how easily somebody can break into a computer’s webcam and microphone through a Web browser. He is now chief technology officer at WhiteHat Security, an Internet and network security firm, where he is frequently targeted by cybercriminals. Mr. Kocher, a well-known cryptographer, gained notice for clever hacks on security systems. He now runs Cryptography Research, a security firm that specializes in keeping systems hacker-resistant. Here were their tips:

FORGET THE DICTIONARY If your password can be found in a dictionary, you might as well not have one. “The worst passwords are dictionary words or a small number of insertions or changes to words that are in the dictionary,” said Mr. Kocher. Hackers will often test passwords from a dictionary or aggregated from breaches. If your password is not in that set, hackers will typically move on.

NEVER USE THE SAME PASSWORD TWICE People tend to use the same password across multiple sites, a fact hackers regularly exploit. While cracking into someone’s professional profile on LinkedIn might not have dire consequences, hackers will use that password to crack into, say, someone’s e-mail, bank, or brokerage account where more valuable financial and personal data is stored.

COME UP WITH A PASSPHRASE The longer your password, the longer it will take to crack. A password should ideally be 14 characters or more in length if you want to make it uncrackable by an attacker in less than 24 hours. Because longer passwords tend to be harder to remember, consider a passphrase, such as a favorite movie quote, song lyric, or poem, and string together only the first one or two letters of each word in the sentence.

OR JUST JAM ON YOUR KEYBOARD For sensitive accounts, Mr. Grossman says that instead of a passphrase, he will randomly jam on his keyboard, intermittently hitting the Shift and Alt keys, and copy the result into a text file which he stores on an encrypted, password-protected USB drive. “That way, if someone puts a gun to my head and demands to know my password, I can honestly say I don’t know it.”

STORE YOUR PASSWORDS SECURELY Do not store your passwords in your in-box or on your desktop. If malware infects your computer, you’re toast. Mr. Grossman stores his password file on an encrypted USB drive for which he has a long, complex password that he has memorized. He copies and pastes those passwords into accounts so that, in the event an attacker installs keystroke logging software on his computer, they cannot record the keystrokes to his password. Mr. Kocher takes a more old-fashioned approach: He keeps password hints, not the actual passwords, on a scrap of paper in his wallet. “I try to keep my most sensitive information off the Internet completely,” Mr. Kocher said.

A PASSWORD MANAGER? MAYBE Password-protection software lets you store all your usernames and passwords in one place. Some programs will even create strong passwords for you and automatically log you in to sites as long as you provide one master password. LastPass, SplashData and AgileBits offer password management software for Windows, Macs and mobile devices. But consider yourself warned: Mr. Kocher said he did not use the software because even with encryption, it still lived on the computer itself. “If someone steals my computer, I’ve lost my passwords.” Mr. Grossman said he did not trust the software because he didn’t write it. Indeed, at a security conference in Amsterdam earlier this year, hackers demonstrated how easily the cryptography used by many popular mobile password managers could be cracked.

IGNORE SECURITY QUESTIONS There is a limited set of answers to questions like “What is your favorite color?” and most answers to questions like “What middle school did you attend?” can be found on the Internet. Hackers use that information to reset your password and take control of your account. Earlier this year, a hacker claimed he was able to crack into Mitt Romney’s Hotmail and Dropbox accounts using the name of his favorite pet. A better approach would be to enter a password hint that has nothing to do with the question itself. For example, if the security question asks for the name of the hospital in which you were born, your answer might be: “Your favorite song lyric.”

USE DIFFERENT BROWSERS Mr. Grossman makes a point of using different Web browsers for different activities. “Pick one browser for ‘promiscuous’ browsing: online forums, news sites, blogs — anything you don’t consider important,” he said. “When you’re online banking or checking e-mail, fire up a secondary Web browser, then shut it down.” That way, if your browser catches an infection when you accidentally stumble on an X-rated site, your bank account is not necessarily compromised. As for which browser to use for which activities, a study last year by Accuvant Labs of Web browsers — including Mozilla Firefox, Google Chrome and Microsoft Internet Explorer — found that Chrome was the least susceptible to attacks.

SHARE CAUTIOUSLY “You are your e-mail address and your password,” Mr. Kocher emphasized. Whenever possible, he will not register for online accounts using his real e-mail address. Instead he will use “throwaway” e-mail addresses, like those offered by 10minutemail.com. Users register and confirm an online account, which self-destructs 10 minutes later. Mr. Grossman said he often warned people to treat anything they typed or shared online as public record.

“At some point, you will get hacked — it’s only a matter of time,” warned Mr. Grossman. “If that’s unacceptable to you, don’t put it online.”



http://finance.yahoo.com/news/devise-passwords-drive-hackers-away-232135515.html

Mods Please take this to front page. Nice one OP. Early this year my yahoomail was hacked through Linkedin and was used to send mails to all my contacts unknowing to the hacker i had series of incorrect mail contacts, so anytime my account was used to send mails i get Mailer demon mails when i didnt send any mails. I quickly went online and discovered hackers had taken control of my yahoo but i was able recover it. Please to everyone, i'll advise we dont use "Remember Password" on our browsers and get an Internet Security not just an antivirus (I'll recommend Norton 360). Its more preferable and safe to have all your passwords in your head (Thats if your brains can take it). Note that the safest system is an offline system, but what can we do, we need to be online.
Thanks Op.

NICE ONE

nice post....need more of these

Nice one bro i do like the right up

secrete to creating a tough password


number - special character - word/name/collection of alphabets - end the last 2/3 letters with caps - special character - number

in this fashion, it will take a computer months to crack your password and it is easy to remember

example

15@yaHOO*30

Thanks so much for this.

Excellent post.

Sometime in my 200L-1, i offered a course(FORTRAN77) and we were given an assignment to write a CGPA program that will output all student's name, matric. nø and CGPA. I chose the (a35, a13, f4.2) as the format and I later stucked to it. I'm using a different one now though.

Another way to have a secure password is to make a long statement your password. Even though it's an English word, as long as its long ( say 24 character). It will take a hacking software years of constant attempt to be able to get any close. An example is "NairalandForumNewPostPage" or "ThisIsHowIGetIntoMyComputer". Trust me no hacker can hack that.

Great educative post
Saw it 3/4 days back on yahoo
Glad someone who wasn't lazy like me shared it
But most NLer's wont read it

dabrake: Sometime in my 200L-1, i offered a course(FORTRAN77) and we were given an assignment to write a CGPA program that will output all student's name, matric. nø and CGPA. I chose the (a35, a13, f4.2) as the format and I later stucked to it. I'm using a different one now though.

So??

Anytime you need to create a password, just go to http://strongpasswordgenerator.com/... Copy the password you generate and keep it o....

Hmmm

ochukoccna: Great educative post
Saw it 3/4 days back on yahoo
Glad someone who wasn't lazy like me shared it
But most NLer's wont read it

: ebixy(m), dotcomgeneral(m), mijd(m), Stinocollins, Abdul Adam56(m), uplawal(f), Nice2all, lekeguy(m), Lustig, nikkygal(f), moodswing(m), Kehinde41, 2 million(m), info4bayempire, SirJohn(m), Whobedatte(m), seun001(m), youngies(m), Masanto(m), Segunbills(m), bolakale30(m), pss, Yemak74, Cherish100(f), Foxy_Rebirth(m), samuel72(m), otodeluxe(m), NaijaNaWaa, actel(f), borlarge, omowolewa(m), Sezua(m), civac(m), homerac7, penfold(m), konami001 and 41 guest(s

gbigbega: Another way to have a secure password is to make a long statement your password. Even though it's an English word, as long as its long ( say 24 character). It will take a hacking software years of constant attempt to be able to get any close. An example is "NairalandForumNewPostPage" or "ThisIsHowIGetIntoMyComputer". Trust me no hacker can hack that.

Trust me you don't even need to be a hacker to hack that password.
Why not just save yourself the stress of typing the long password and use 'Abc'?

another way is to write your passwords in your local dialect like Igbo or Yoruba. Since cracking a password is a trial and error process, and since most hackers are foreigners, they rarely come across those local words.

All my password are some long Igbo sentences complete with "udaume" symbols and finished off with random numbers. Crack that.

The problem with using password generators is that you will almost always have to look it up!

Here's how I create my passwords...

1. wHATtheH311iswrongwithyou?
2. Pleased0ntTalkt0mE!
3. Wh3ythingd3yhaPPEN?
4. 1KNOWSAYy0udeyCRAZ3!

The trick is to choose a phrase you will remember, then remember which letters are capitalized and which alphabets are replaced with numbers.

All dis thing na story,there are some bad softwares wey go hack anything,if you like no use space make u use wat ever...lol..Try my E Surveillance and see if you are protected

Nice post but the self-acclaimed computer security personnel is probably out of tune with computer security.

Hacker's don't use stale stuffs like "John the ripper" as he mentioned, because majority/all email providers don't allow users setup account with dictionary words. Major web service providers demand strong "Alpanumeric" ( combination of alpabets and number ) passwords when signing up for their service.

Hacking has gone beyond cracking. There is no system in this world that is 80% safe and hack-proof. It's just a matter of finding loose ends and has nothing to do with the length or strength of your password. A simple browser plugin or FUD (fully undetectable trojan) is all a hacker needs to have access to your-so-called strong password.

This is the reason why Kaspersky internet security remains the best bet to staying safe online. Forget what the media or PR guys say about Norton, Mcafee and the rest.

With the latest version Norton installed on your computer. It might take someone like me less than 10 minutes to create a fully undetectable trojan than will infect your computer, attach itself to about 5 processes. And steal every single information on your pc and that which u pass through a browser without your AV (anti virus) detecting it. If you doubt. Msg me and let me prove it.

A hacker does not necessarily need your password to access your oinline accounts. Stealing your browser cookies for an authenticated session is more than enough.

The bottomline is: as long as your computer is not fully protected from possible trojans and malwares, choosing the strongest combination of alphanumeric and symbols can't protect you.

Kaspersky internet security is every hacker's nightmare. Because the guys behind it are one of the finest creators of Russian botnets.

Good the info came from a hacker, very useful

the best thing is to assume you are in public always and keep sensitive information's on your note book offline.

1NaIra+3nAiRA=NaiRameRin try this

Nice post ...buh dis got me LOLing

“That way, if
someone puts a gun to my head and demands to know my
password, I can honestly say I
don’t know it.”

good on there.

usbcable:
“At some point, you will get hacked — it’s only a matter of time,” warned Mr. Grossman. “If that’s unacceptable to you, don’t put it online.”

Nice one.

More informed than ever now. Hopefully I can delay the time till after my last breathe

Mucokey: Nice post ...buh dis got me LOLing

indeed, but the bad guy doesnt care about honesty..

STORY

Hackers ar BAD GUYS.av had 2 change my facebook password more than five times...Nau i jst joined them.

Good info, thanks

My passwords include ekiti,urhobo and fulani words...plus tribal marks.

Come try crack am now..